As enterprise IoT products range increases, continuous integration of various devices into a central network will increase the probability of malicious attacks by hackers. In addition, the increasing risk of connecting the same IoT device in both home & enterprise networks (BYOD), increases the likelihood of cross contamination. There are cases where apps used for managing an employee’s personal IoT device (with very wide-ranging permission requirements) are installed on organizations PC or Mobile device. Furthermore, IoT devices increase pressure on enterprise infrastructure (e.g. bandwidth) and in many cases, impacts existing enterprise data flow/ data access policies.
Secure integration of IoT into a legacy architecture is preceded by an impact assessment covering aspects such as (not restricted to) network architecture, system functionalities, data CIA triad, attacker profile, geopolitical location, etc. In industrial environments where we often see legacy devices, for example, retrofitting security into existing equipment is one way for many plants to take advantage of industrial IoT. For other plants, a complete overhaul of network security may be necessary, for example updating a legacy network protocol to one with better transport security and continued security patches, integrating low latency network devices that are able to handle secure communication from IoT devices, etc.