The Internet of Things (IoT) is no longer some futuristic thing that\u2019s years off from being something IT leaders need to be concerned with. The IoT era has arrived. In fact, Gartner forecasts there will be 20.4 billion connected devices globally by 2020.\nAn alternative proof point is the fact that when I talk with people about their company's IoT plans, they don\u2019t look at me like a deer in headlights as they did a few years ago. In fact, often the term \u201cIoT\u201d doesn\u2019t even come up. Businesses are connecting more \u201cthings\u201d to create new processes, improve efficiency, or improve customer service.\nAs they do, though, new security challenges arise. One of which is there's no \u201ceasy button.\u201d IT professionals can\u2019t just deploy some kind of black box and have everything be protected. Securing the IoT is a multi-faceted problem with many factors to consider, and it must be built into any IoT plan.\n\nTop challenges associated with securing IoT endpoints\n\nPhysical security is overlooked. Businesses devote a significant amount of time and energy to cybersecurity. However, physical security is often an afterthought or overlooked altogether. Devices need to be protected against theft or hacking of the hardware. Because IoT is often deployed by non-IT individuals, there can be many devices that IT departments are unaware of. These unknown devices can be breached from a console or USB port and create backdoors into other networks. IT and cybersecurity teams need a better way of automating the discovery of IoT endpoints.\nTraditional security doesn\u2019t work with IoT. Today\u2019s cybersecurity is primarily focused on protecting the perimeter of a network with a large, expensive firewall, but ZK Research found only 27 percent of breaches occur there. (Note: I am an employee of ZK Research.) Although firewalls are still required to protect the network, IoT devices enable breaches to occur inside the network. IoT requires organizations to rethink their security strategies and focus on the internal network. Another factor with IoT devices is that many connect back to a cloud service to provide status updates or provide other information. This punches a legitimate but hackable hole through the firewall from the inside.\nMany IoT devices are inherently insecure. Most IT endpoints such as PCs and mobile devices have some embedded security capabilities or can have an agent placed on them. While many IoT devices have old operating systems, embedded passwords, and no ability to be secured by a resident agent. This underscores the importance of rethinking security in a world where everything is connected. If the endpoint can\u2019t be secured, then protection needs to move to the network.\u00a0\nCybersecurity is growing in complexity. Protecting against external threats used to be a straightforward process: Place a state-of-the-art firewall at the perimeter, and trust everything inside of the network. That made sense when all the applications and endpoints were under the control of the IT department. Today, however, workers bring in their own devices, and the use of cloud services is extensive, creating new entry points. To combat this, security teams have been deploying more niche point products, which often increases the level of complexity. My research has found that organizations use an average of 32 security vendors, and this number is growing \u2014 leading to an environment that is becoming increasingly complex and less secure. Also, IT departments struggle today to manage the current set of connected devices. Adding three to five times more endpoints will overwhelm many security teams.\nThe number of blind spots has exploded. Cobbling together a patchwork of security tools from different vendors may seem like a sound strategy, as each device was meant to solve a specific problem. However, this approach leaves massive blind spots because the devices have little to no communications among them. Also, this architecture lacks automation, so the configuration of these devices must be done one at a time, meaning changes can often take months to implement. This delay puts organizations at serious risk.\n\nFailure to have a comprehensive IoT strategy puts businesses at risk\nIt\u2019s important to understand how big the risk is of not having a comprehensive IoT security strategy. Success with IoT requires a number of processes work together. A breach at any point can cause an outage and a possible loss of sensitive data. In many verticals, such as healthcare, state and local government, manufacturing and banking, IoT services are mission critical, so any kind of outage can cost companies millions. Indeed, in May 2016, the Ponemon Institute found the average cost of a data breach to be $3.62 million, up from $3.5 million in 2015.\u00a0\u00a0\nThere is tremendous business value in IoT, and I strongly recommend businesses be aggressive with deployments. However, I also advise building security into the plan instead of trying to implement it after deployment.