Here are four of the most prevalent fallacies:
Nobody cares about the data into or out of the IoT. If they do not care yet, it is only a matter of (short) time before they do.
The IoT device is not an attack vector. With everything connected to everything else and Murphy’s Law always in play, rest assured that it either is or will be.
The IoT implementation only exists in a vacuum. Nature abhors a vacuum.
The implemented security is "good enough." Rarely is anything "good enough" and continuous monitoring and improvement is necessary.
IoT security needs to follow the same established security path as any other enterprise connected solution, as doing anything less is an open invitation for trouble destined to wreak havoc.
The far-reaching implications of the FBI’s attack on encryption and security in general cannot and should not be underestimated.
The construction of backdoors is never a good thing as the control over such technologies never remains limited for long and invariably invites unintended consequences that are worse than the issues they solve.
Corporations should lend their legal support through Congress and lobbying channels to help enterprise security capabilities remain intact without government overreach to ensure data privacy.
Security is and will always be a moving target requiring continuous improvement, and business and IT executives must implement standardized governance, monitoring and enforcement policies across all Internet-connected devices.
About the author
Mr. Braunstein serves as Chairman/CEO and Executive Director of Research at the Robert Frances Group (RFG). In addition to his corporate role, he helps his clients wrestle with a range of business, management, regulatory, and technology issues.
He has deep and broad experience in business strategy management, business process management, enterprise systems architecture, financing, mission-critical systems, project and portfolio management, procurement, risk management, sustainability, and vendor management. Cal also chaired a Business Operational Risk Council whose membership consisted of a number of top global financial institutions.