Data gathered by security provider Zscaler shows that not only are most internet-of-things transactions unsecured, they are also unauthorized as IoT creeps in as shadow-IT devices. Credit: Iot The majority of Internet of Things (IoT) transactions don’t use even basic security, and there is a great deal of unauthorized IoT taking place inside the perimeter of enterprise firewalls thanks to shadow IT, a new study finds. Security vendor Zscaler analyzed nearly 500 million IoT transactions from more than 2,000 organizations over a two-week period. The survey found 553 different IoT devices from more than 200 different manufacturers, many of which had their security turned off. The study was done on Zscaler’s own Internet Access security service. It found the rate of IoT growth to be explosive: When it first started monitoring IoT traffic in May 2019, IoT traffic generated by its enterprise customer base was 56 million IoT transactions per month. By February 2020, that number had soared to 33 million transactions per day, or one billion IoT transactions per month, a 1,500% increase. Zscaler is a bit generous in what it defines as enterprise IoT devices, from devices such as data-collection terminals, digital signage media players, industrial control devices, medical devices, to decidedly non-business devices like digital home assistants, TV set-top boxes, IP cameras, smart home devices, smart TVs, smart watches and even automotive multimedia systems. “What this tells us is that employees inside the office might be checking their nanny cam over the corporate network. Or using their Apple Watch to look at email. Or working from home, connected to the enterprise network, and periodically checking the home security system or accessing media devices,” the company said in its report. Which is typical, to be honest, and let (s)he who is without sin cast the first stone in that regard. What’s troubling is that roughly 83% of IoT-based transactions are happening over plaintext channels, while only 17% are using SSL. The use of plaintext is risky, opening traffic to packet sniffing, eavesdropping, man-in-the-middle attacks and other exploits. And there are a lot of exploits. Zscaler said it detects about 14,000 IoT-based malware exploits per month, a seven-fold increase over the previous year. “Folks can keep their smart watches, smart closets, and whatever else they think is making them smart. Banning devices is not going to be the answer here. The answer is changing up the narrative on how we think about IoT devices from a security and risk standpoint, and what expectations we put on manufacturers to increase the security posture of these devices,” wrote Deepen Desai, Zscaler’s vice president of security research in a blog post. Desai said the solution is “taking a zero-trust mentality.” It may be a buzzword but, “it’s about security people not trusting any person or device to touch the network—that is, until you know who the user is, what the device is, and whether that user and device are allowed to access the applications they’re trying to reach.” Naturally Zscaler sells such a solution, but he makes a valid point. This is an ages-old problem I have seen time and again; a hot new technology comes along, everyone rushes to embrace it, then they think about securing it later. IoT is no different. Whatever your device, at least go into the settings and turn on SSL. Related content news Pure Storage adds AI features for security and performance Updated infrastructure-as-code management capabilities and expanded SLAs are among the new features from Pure Storage. By Andy Patrizio Jun 26, 2024 3 mins Enterprise Storage Data Center news Nvidia teases next-generation Rubin platform, shares physical AI vision ‘I'm not sure yet whether I'm going to regret this or not,' said Nvidia CEO Jensen Huang as he revealed 2026 plans for the company’s Rubin GPU platform. By Andy Patrizio Jun 17, 2024 4 mins CPUs and Processors Data Center news Intel launches sixth-generation Xeon processor line With the new generation chips, Intel is putting an emphasis on energy efficiency. By Andy Patrizio Jun 06, 2024 3 mins CPUs and Processors Data Center news AMD updates Instinct data center GPU line Unveiled at Computex 2024. the new AI processing card from AMD will come with much more high-bandwidth memory than its predecessor. By Andy Patrizio Jun 04, 2024 3 mins CPUs and Processors Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe