While the data protection pitfalls around the Internet of Things are undeniably numerous, new research from security vendor Zscaler underlines that one of the most serious problems emanates from the growing trend of \u201cshadow IoT,\u201d or the use of employee-owned devices on corporate networks.\nThe company\u2019s \u201cIoT in the Enterprise 2020\u201d report says the blurring of the line between home and office is making the enterprise network less secure, even as businesses grapple with security issues around strictly corporate IoT endpoints like data collection terminals and industrial control devices.\n\u201c[T]he analysis also showed enterprise traffic generated by unauthorized IoT devices such as digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems,\u201d the report said.\nBased on an analysis of network traffic from Zscaler\u2019s customers, the report said that fully 83% of all online IoT transactions \u2013 the term that Zscaler uses to indicate instances of communication between devices \u2013 were sent in plain text, without using SSL. That\u2019s partially due to the fact that consumer IoT devices tend to be far less secure than enterprise-focused ones, and highlights the potential volume of insecure traffic on corporate networks.\nThe problem is similar to the one businesses experienced years ago as the BYOD phenomenon took place more than a decade ago. Companies\u2019 networks were insufficiently prepared for an influx of new endpoints that they didn\u2019t actually own, causing a rush to develop new ways to secure those networks against both accidental and opportunistic compromise.\nWhere before the issue was employees using smartphones to access corporate resources in an insecure way \u2013 say, storing sensitive, unencrypted data on an easily lost or stolen iPhone \u2013 the problem now is workers using company networks to connect to less-secure devices, like checking on the nanny cam remotely, according to Zscaler. Bad actors can look for login credentials in all this plain-text communication, and use them to gain access to more secure systems, or enlist insecure devices into botnets.\nIt\u2019s worth taking some details of the report with a grain of salt, of course \u2013 security vendors aren\u2019t famous for their balance and restraint when presenting research on the problems their products are intended to solve. Yet the large proportion of insecure, plain-text traffic and the proliferation of consumer IoT devices on corporate networks are undeniably serious issues.