For years now, the editorial staff of TechRepublic, and just about every other information technology publication around, has been touting the revolution that is the Internet of Things (IoT). If the narrative is correct, the interconnection of just about everything to just about everything else will be the technological innovation that successful enterprises use to gain competitive advantage over their less successful competitors.
SEE: Quick glossary: Internet of Things (Tech Pro Research)
However, there is one small problem with that almost Utopian view of IoT: Security, or more specifically, the lack of security in IoT is a real and present danger for enterprises and their stakeholders worldwide. It makes sense—all that rich data flowing back and forth is too enticing for the criminal element to ignore.
Companies deep into the development of IoT devices and systems, including Microsoft, are well aware of this vulnerability and are taking steps to reduce the risk. But the criminal element is ruthless, clever, and persistent.
Microsoft and CEO Satya Nadella believe that the IoT is driving a digital transformation in enterprises around the world that will fundamentally change the way those enterprises manage network infrastructure and digital identities. However, many enterprises have also been hesitant to fully embrace IoT because of security concerns. And rightly so.
Image: Microsoft News
The key elements for effective IoT security revolve around the principles of proactivity. The strategic mindset must be to prevent security breaches rather than reactively respond by closing security breaches after they occur. This mindset requires IoT developers to be as ruthless, clever, and persistent as their adversaries on the criminal side.
With millions, and eventually billions, of smart devices connected to millions or billions of other devices, all exchanging data in some form or another, enterprises are creating a target-rich environment for the more nefarious members of society. Enterprises must actively protect these IoT systems or find themselves, in the aftermath of a major security breach, in the unenviable position of explaining why they did not.
This concern about security in a IoT-enabled enterprise environment goes a long way toward explaining why the 2016 Microsoft Ignite conference (September 26-30) has so many sessions on security.
Microsoft has spent considerable time and resources on creating more secure infrastructures for developers of products and services that use Windows 10, Windows Azure, and Office 365. To make those initiatives worth the effort, Microsoft has to get developers to embrace the underlying platform security features. The Microsoft Ignite conference is where that process starts every year.
For a lot of enterprises, the benefits that will, and in many cases already have, be derived from embracing IoT are too great to ignore or forego. However, the benefits of IoT also attract criminal elements determined to breach security and wreak havoc. Protecting data has and always will be a never-ending battle—but with IoT, the battle is intensified.
Microsoft, and all the companies banking on future IoT development, know what is at stake and are taking measures to create proactive security systems that will help prevent security breaches. But in such a target-rich and complicated environment, it may not be possible to secure every IoT-enabled device. Only time will tell how that reality will affect the overall deployment of IoT in the enterprise.
- IoT hidden security risks: How businesses and telecommuters can protect themselves
- Approach IoT security as a system design problem
- IoT and liability: Who pays when things go wrong?
- Microsoft adds support for Arduino in a push to dominate IoT development
How concerned are you about IoT security in your enterprise? Share your opinions with fellow TechRepublic members.
Mark W. Kaelin has been writing and editing stories about the IT industry, gadgets, finance, accounting, and tech-life for more than 25 years. Most recently, he has been a regular contributor to BreakingModern.com, aNewDomain.net, and TechRepublic.