Protecting the enterprise from consumer-grade IoT devices


Enterprise IT leaders face many challenges trying to implement Internet of Things (IoT) technology into their networks. But they are challenges that cannot be averted or deferred, for the number of installed IoT devices worldwide is expected to more than triple to 75.4 billion in 2025 from 23.1 in 2018.

In addition to integrating and managing IoT devices — which may number in the thousands for larger enterprises — enterprise IT pros must do their best to ensure these devices are secure. This is no easy task given that many IoT devices are relatively new and untested.

Further, as the Online Trust Alliance (OTA) notes, “‘consumer-grade’ IoT devices such as smart TVs, thermostats, smart speakers, fitness trackers and other devices are now used regularly in enterprises, either purchased by staff or brought in by employees.”

As enterprise IT pros know all too well, consumer devices don’t always include the same level of security features as enterprise devices. OTA says:

While some IoT products are designed with strong security, many have a simple or non-existent user interface, default (or hard-coded) passwords, open hardware and software ports, limited local password protection, lack the ability to be updated, ‘phone home’ frequently, collect more data than expected and use insecure back-end services.

That sounds like a mess o’ security trouble! Indeed, these kinds of security flaws can result in unauthorized access to enterprise networks, surveillance (via audio and video IoT devices) and attacks on enterprise systems and services.

Fortunately, OTA has worked up an excellent checklist of best practices for use of consumer-grade IoT in enterprises (pdf). The list includes 10 items covering the full IoT experience, from installation all the way through the device’s end of life.

OTA cites several “core concepts” that underpin the checklist:

  • Enterprises should be proactive and fully consider the possible risks introduced by these devices.
  • IT leaders should understand that IoT devices are likely more vulnerable than traditional IT devices.
  • It is imperative that enterprises educate users on IoT device risks.
  • A balance must be struck between controlling IoT devices versus creating “shadow IoT.”

That last one typically involves some trial and error. Overall, though, the best practices and core concepts for securing IoT devices in the enterprise should sound familiar to enterprise IT pros who follow security best practices for other aspects of the network such as mobile devices, databases and wireless. It really comes down to awareness, education, planning and follow-through.


  1. Knowing the best practices in security always help. Besides, IT leaders must be active throughout to prevent unauthorized access, especially when it comes to dealing with disgruntled employees.

  2. An organization should always be ready for the uncertain upcoming events of their life. These changes might also be in relation to security as the new forces have a higher chance of data loss than compared to the traditional tools.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.