Zscaler data shows huge amounts of unencrypted IoT traffic moving in and out of enterprise networks. Credit: Getty Images While the data protection pitfalls around the Internet of Things are undeniably numerous, new research from security vendor Zscaler underlines that one of the most serious problems emanates from the growing trend of “shadow IoT,” or the use of employee-owned devices on corporate networks. The company’s “IoT in the Enterprise 2020” report says the blurring of the line between home and office is making the enterprise network less secure, even as businesses grapple with security issues around strictly corporate IoT endpoints like data collection terminals and industrial control devices. “[T]he analysis also showed enterprise traffic generated by unauthorized IoT devices such as digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems,” the report said. Based on an analysis of network traffic from Zscaler’s customers, the report said that fully 83% of all online IoT transactions – the term that Zscaler uses to indicate instances of communication between devices – were sent in plain text, without using SSL. That’s partially due to the fact that consumer IoT devices tend to be far less secure than enterprise-focused ones, and highlights the potential volume of insecure traffic on corporate networks. The problem is similar to the one businesses experienced years ago as the BYOD phenomenon took place more than a decade ago. Companies’ networks were insufficiently prepared for an influx of new endpoints that they didn’t actually own, causing a rush to develop new ways to secure those networks against both accidental and opportunistic compromise. Where before the issue was employees using smartphones to access corporate resources in an insecure way – say, storing sensitive, unencrypted data on an easily lost or stolen iPhone – the problem now is workers using company networks to connect to less-secure devices, like checking on the nanny cam remotely, according to Zscaler. Bad actors can look for login credentials in all this plain-text communication, and use them to gain access to more secure systems, or enlist insecure devices into botnets. It’s worth taking some details of the report with a grain of salt, of course – security vendors aren’t famous for their balance and restraint when presenting research on the problems their products are intended to solve. Yet the large proportion of insecure, plain-text traffic and the proliferation of consumer IoT devices on corporate networks are undeniably serious issues. Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Green IT Servers news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe