When discussing IoT, partners need to put security on the front burner.
That's the word from David Carter, director of technical solutions at Encore Technology Group, a Greenville, S.C.-based provider of data center, networking, and security services.
"We do experience a grotesque lack of capabilities when it comes to securing IoT," said Carter, while speaking before an audience of solution providers at The NexGen 2017 Conference and Expo in Los Angeles.
Carter said that his company uses a four-step process for securing IoT. Those four steps are to secure the thing, which includes the sensors; secure the data from those things; secure the access of the data from those things; and then prove that the first three steps were done as promised.
"When we assess customer infrastructures, we start with the things, then move to the data, then the infrastructure, and then we verify it all," he said.
The biggest issue with securing the connected devices is how difficult it is to control what users bring to the office, Carter said.
It is already impossible to know what components are in users' laptops and smart devices, and it will be even less easy to know as the number of devices explodes, he said. "There are more IoT devices today than there are people on the planet," he said.
Also, businesses assume they know what kind of data is created by the devices they use, but that is often a false assumption, Carter said. He cited the example of a device designed to be connected to the network via cable but also has an RF transmitter inside that the user may not know about. "It is important to make sure the actual data created and broadcast by devices is what you want it to be," he said.
Businesses will need to implement end-to-end encryption of the data, and encrypt the data before it is stored, Carter said.