Menu
Shadow IoT is prevalent, insecure

Shadow IoT is prevalent, insecure

Huge amounts of unencrypted IoT traffic moving in and out of enterprise networks

Credit: Dreamstime

While the data protection pitfalls around the Internet of Things (IoT) are undeniably numerous, new research from security vendor Zscaler underlines that one of the most serious problems emanates from the growing trend of “shadow IoT,” or the use of employee-owned devices on corporate networks.

The vendor's 'IoT in the Enterprise 2020' report says the blurring of the line between home and office is making the enterprise network less secure, even as businesses grapple with security issues around strictly corporate IoT endpoints like data collection terminals and industrial control devices.

“[T]he analysis also showed enterprise traffic generated by unauthorised IoT devices such as digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches, and even automotive multimedia systems,” the report said.

Based on an analysis of network traffic from Zscaler’s customers, the report said that fully 83 per cent of all online IoT transactions – the term that Zscaler uses to indicate instances of communication between devices – were sent in plain text, without using SSL.

That’s partially due to the fact that consumer IoT devices tend to be far less secure than enterprise-focused ones, and highlights the potential volume of insecure traffic on corporate networks.

The problem is similar to the one businesses experienced years ago as the BYOD phenomenon took place more than a decade ago. Companies’ networks were insufficiently prepared for an influx of new endpoints that they didn’t actually own, causing a rush to develop new ways to secure those networks against both accidental and opportunistic compromise.

Where before the issue was employees using smartphones to access corporate resources in an insecure way – say, storing sensitive, unencrypted data on an easily lost or stolen iPhone – the problem now is workers using company networks to connect to less-secure devices, like checking on the nanny cam remotely, according to Zscaler.

Bad actors can look for login credentials in all this plain-text communication, and use them to gain access to more secure systems, or enlist insecure devices into botnets.

It’s worth taking some details of the report with a grain of salt, of course – security vendors aren’t famous for their balance and restraint when presenting research on the problems their products are intended to solve.

Yet the large proportion of insecure, plain-text traffic and the proliferation of consumer IoT devices on corporate networks are undeniably serious issues.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags CloudnetworkzscalerInternet of Thingssecurity

Events

Featured

Slideshows

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments