Data gathered by security provider Zscaler shows that not only are most internet-of-things transactions unsecured, they are also unauthorized as IoT creeps in as shadow-IT devices. Credit: Iot The majority of Internet of Things (IoT) transactions don’t use even basic security, and there is a great deal of unauthorized IoT taking place inside the perimeter of enterprise firewalls thanks to shadow IT, a new study finds. Security vendor Zscaler analyzed nearly 500 million IoT transactions from more than 2,000 organizations over a two-week period. The survey found 553 different IoT devices from more than 200 different manufacturers, many of which had their security turned off. The study was done on Zscaler’s own Internet Access security service. It found the rate of IoT growth to be explosive: When it first started monitoring IoT traffic in May 2019, IoT traffic generated by its enterprise customer base was 56 million IoT transactions per month. By February 2020, that number had soared to 33 million transactions per day, or one billion IoT transactions per month, a 1,500% increase. Zscaler is a bit generous in what it defines as enterprise IoT devices, from devices such as data-collection terminals, digital signage media players, industrial control devices, medical devices, to decidedly non-business devices like digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches and even automotive multimedia systems. “What this tells us is that employees inside the office might be checking their nanny cam over the corporate network. Or using their Apple Watch to look at email. Or working from home, connected to the enterprise network, and periodically checking the home security system or accessing media devices,” the company said in its report. Which is typical, to be honest, and let (s)he who is without sin cast the first stone in that regard. What’s troubling is that roughly 83% of IoT-based transactions are happening over plaintext channels, while only 17% are using SSL. The use of plaintext is risky, opening traffic to packet sniffing, eavesdropping, man-in-the-middle attacks and other exploits. And there are a lot of exploits. Zscaler said it detects about 14,000 IoT-based malware exploits per month, a seven-fold increase over the previous year. “Folks can keep their smart watches, smart closets, and whatever else they think is making them smart. Banning devices is not going to be the answer here. The answer is changing up the narrative on how we think about IoT devices from a security and risk standpoint, and what expectations we put on manufacturers to increase the security posture of these devices,” wrote Deepen Desai, Zscaler’s vice president of security research in a blog post. Desai said the solution is “taking a zero-trust mentality.” It may be a buzzword but, “it’s about security people not trusting any person or device to touch the network—that is, until you know who the user is, what the device is, and whether that user and device are allowed to access the applications they’re trying to reach.” Naturally Zscaler sells such a solution, but he makes a valid point. This is an ages-old problem I have seen time and again; a hot new technology comes along, everyone rushes to embrace it, then they think about securing it later. IoT is no different. Whatever your device, at least go into the settings and turn on SSL. Related content news High-bandwidth memory nearly sold out until 2026 While it might be tempting to blame Nvidia for the shortage of HBM, it’s not alone in driving high-performance computing and demand for the memory HPC requires. By Andy Patrizio May 13, 2024 3 mins CPUs and Processors High-Performance Computing Data Center news CHIPS Act to fund $285 million for semiconductor digital twins Plans call for building an institute to develop digital twins for semiconductor manufacturing and share resources among chip developers. By Andy Patrizio May 10, 2024 3 mins CPUs and Processors Data Center news HPE launches storage system for HPC and AI clusters The HPE Cray Storage Systems C500 is tuned to avoid I/O bottlenecks and offers a lower entry price than Cray systems designed for top supercomputers. By Andy Patrizio May 07, 2024 3 mins Supercomputers Enterprise Storage Data Center news Lenovo ships all-AMD AI systems New systems are designed to support generative AI and on-prem Azure. By Andy Patrizio Apr 30, 2024 3 mins CPUs and Processors Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe