This contributed piece has been edited and approved by Network World editors\n\n\nInternet of Things (IoT) technologies have been advancing exponentially over the last several years, with new solutions emerging and being adopted at an unprecedented rate. Gartner estimates that over 4 billion IoT devices will be installed by the end of 2016, with that number rising to 20 billion by 2020. In a market where connected devices or \u201cthings\u201d in the enterprise will drive spending to more than $868 billion in this year alone, the impact \u2013 and risks \u2013 of IoT adoption are already becoming apparent.\n\n\nAlthough still in its infancy, IoT has already developed a reputation for poor security. Prior to the recent DDoS assault on DNS provider Dyn \u2013 when a botnet army of millions of malware-infected IoT devices crippled the DNS provider and halted traffic to hundreds of popular websites \u2013 security experts already had major concerns about how best to deal with a growing influx of poorly secured connected devices. Attacks like these are a symptom of vendors rushing to meet spiking demand for smart devices and making security in afterthought in the push to be first to market. While consumers are enthusiastic about IoT products, they are largely unaware of the associated security risks they pose.\n\n\nThe burden of securing connected devices \u2013 and responsibility to find fixes when a vulnerability is exploited \u2013 will fall squarely on product manufacturers and software developers. It is critical for the organizations that develop IoT technologies to ensure their products pose no risk to end users\u2019 security or privacy. Here are several areas these companies must focus on to minimize user risk and improve security.\n\n\nPhysical security \u2013 Physical security of connected devices is paramount. Integrating tamper-proofing measures into device components should be first and foremost on developers\u2019 minds. This ensures that they can\u2019t be decoded. Additionally, ensuring that device data related to authentication, identification codes and account information are erased if a device becomes compromised will prevent private data from being used maliciously. Remote wiping capabilities should be implemented if PII is stored on the device.\n\n\nBuild without backdoors \u2013 Today it\u2019s rather easy to construct a device with a backdoor to be used for surveillance or law enforcement purposes in times of need. However, this should not be a practice as it compromises the integrity and security of the end user. Manufacturers should ensure that no malicious code or backdoor is introduced and the device\u2019s UDID is not copied, monitored or captured. This will help guarantee that when the device registers online, the process is not captured or vulnerable to interception, surveillance or unlawful monitoring.\n\n\nCoding securely \u2013 IoT developers should implement secure coding practices and apply them to the device as part of the software build process. Focusing on QA and vulnerability identification\/remediation as part of the development lifecycle will streamline security efforts while mitigating risk.\n\n\nAuthentication and device identity \u2013 Implementing proper and secure authentication with individual device identification will allow a secure connection to be built between the devices themselves and the backend control system and management consoles. If every device has its own unique identity, organizations will know the device communicating is indeed the device it claims to be. This requires individual device identification based on solutions like PKI.\n\n\nEncryption \u2013 When utilizing IoT solutions, organizations must encrypt traffic flowing between devices and back end servers. Ensuring that the commands are encrypted and looking at command integrity via signing or a strong encoding is vital. Any sensitive user data collected by IoT devices should be encrypted as well.\n\n\nStreamline the update process \u2013 Make device upgrades simple so bugs and security updates can be deployed in an easy and manageable way. Firmware updates can be tricky if they\u2019re not configured correctly from the start. Unfortunately, manufacturers sometimes build the devices with no firmware update capability at all, opting to use write-once memory. While this approach made economic sense in past years \u2013 manufacturers view it as a more cost-effective approach that can be easier to integrate while helping them avoid any aspects of overwriting or implementing a different OS on the device \u2013 it is now more important for them to ensure a consistent process for flexible firmware deployment that allows developers to create new models while distributing security fixes universally across product lines.\n\n\nIoT will soon touch nearly every corner of our lives, and as more IoT-related compromises and data leaks affect consumers, manufacturers will face growing pressure to harden the security of their products. By following these steps, providers of connected technology can ensure they remain competitive within an increasingly crowded IoT market as device security becomes a top consideration for buyers.