Report: Shadow IoT is prevalent, insecure

Zscaler data shows huge amounts of unencrypted IoT traffic moving in and out of enterprise networks.

woman in profile thinking innovation smart city iot ai city scape skyline
Getty Images

While the data protection pitfalls around the Internet of Things are undeniably numerous, new research from security vendor Zscaler underlines that one of the most serious problems emanates from the growing trend of “shadow IoT,” or the use of employee-owned devices on corporate networks.

The company’s “IoT in the Enterprise 2020” report says the blurring of the line between home and office is making the enterprise network less secure, even as businesses grapple with security issues around strictly corporate IoT endpoints like data collection terminals and industrial control devices.

“[T]he analysis also showed enterprise traffic generated by unauthorized IoT devices such as digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems,” the report said.

Based on an analysis of network traffic from Zscaler’s customers, the report said that fully 83% of all online IoT transactions – the term that Zscaler uses to indicate instances of communication between devices – were sent in plain text, without using SSL. That’s partially due to the fact that consumer IoT devices tend to be far less secure than enterprise-focused ones, and highlights the potential volume of insecure traffic on corporate networks.

The problem is similar to the one businesses experienced years ago as the BYOD phenomenon took place more than a decade ago. Companies’ networks were insufficiently prepared for an influx of new endpoints that they didn’t actually own, causing a rush to develop new ways to secure those networks against both accidental and opportunistic compromise.

To continue reading this article register now