Skip to content
Microsoft Industry Blogs

view of a large city with tall buildings in the background

This blog is the second in a series highlighting our newest research, IoT Signals. Each week will feature a new top-of-mind topic to provide insights into the current state of IoT adoption across industries, how business leaders can develop their own IoT strategies, and why companies should use IoT to improve service to partners and customers.

Business and technology leaders often cite security as their top concern with the Internet of Things (IoT) initiatives, yet they continue to move forward with project development and deployment without fully addressing this critical issue. As a result, they ignore an IoT security paradox: the significant efficiency gains they seek would be undone if IoT-enabled processes failed due to security issues.

Solving this paradox can help companies truly unleash IoT innovation. Enabling IoT security at scale would empower leaders to deploy IoT across a myriad of applications, rather than taking an incremental approach to adoption and bootstrapping security across each initiative. It would also give them the confidence to manage millions of sensors and IoT devices without concern that they could be compromised, sabotaging business plans and customer confidence. But how could that happen?

Our recent research, IoT Signals, explores IoT adoption and maturity, surveying 3,000 leading business and technology decision-makers about their experiences. Like many analyst reports, this research found that security is a top concern: Nearly 97 percent of respondents have security concerns when implementing IoT projects.

What’s behind the IoT security paradox?

Among this group, 85 percent of IoT decision-makers have at least begun an IoT initiative and 74 percent of respondents are already using their IoT initiative. When these leaders then look at expanding IoT gains, security slides into fifth place with only 19 percent naming it their top concern. Instead, respondents worry most that complexity and technical challenges (38 percent), lack of budget and staff resources (29 percent), lack of knowledge (29 percent), and an inability to find the right solutions (28 percent) will impede progress.

So what’s behind this IoT security paradox? It’s likely that company IoT teams view IoT as an innovation play and are more focused on experimenting to gain business advantages than they are on designing security from the ground up. These teams rely on built-in device security features or management tools, believing that they can solve for security after IoT initiatives gain direction and traction. As a result, they may lack the same sense of urgency that IT teams have when they use DevSecOps to design and test security-hardened IT systems before deploying them.

But is that wise? Media and analyst reports state that IoT incidents are on an upswing, with unsecured IoT devices or applications implicated in a growing number of all IoT breaches. In addition, third-party solutions and platforms have compromised customer security and privacy. Companies’ fears of DDoS attacks due to zombie devices have understandably given way to concerns about data privacy. Physical security of assets and facilities and cyber hackers who use IoT vulnerabilities to play the long game are lurking in company networks to steal valuable data and IP over months and years.

The top three IoT security worries

Thus, it makes sense to be mindful about IoT security. In our survey, decision-makers say their top three IoT security concerns are:

  • Strong user authentications (43 percent)
  • Tracking and managing each IoT device (38 percent)
  • Securing endpoints for each IoT device (38 percent)

All these concerns—and more—can be addressed with a defense-in-depth security strategy that provides strong governance, tools, and platforms to identify, detect, protect, and sense and respond to IoT threats. It’s smart to do it now, because IoT is a volume play, and organizations that pursue it will have millions of sensors and devices to manage. As we have seen from media accounts, even a single unguarded sensor or device can be an entry point to accessing a treasure trove of data.

graphs showing percentages of security considerations

A roadmap for improving IoT security

So it’s clear that ensuring IoT security requires a strategic approach–that starts at the top. There must be an executive commitment to IoT security and a willingness to invest in security as a business practice upfront. Security needs to become a prerequisite for creating connected experiences, along with a foundational understanding that single line-of-defense and second-best solutions are not enough. Organizations need to ensure clear and centralized ownership of IoT management to avoid the silos and gaps that can occur when individual business units experiment with IoT. Because not all IoT scenarios require the same level of security maturity, an IoT security maturity model provides a roadmap to guide the deployment.

Here’s a roadmap we propose to solve security issues:

  • First, security must start in the hardware and extend to the cloud, delivering holistic security that protects, detects, and responds to threats. Comprehensive IoT security solutions that include hardware, OS, and cloud service help you innovate with confidence.
  • Second, we recommend using a centralized platform that provides enterprise-grade security and visibility to connect, monitor and manage IoT assets at scale. A centralized platform also addresses other common security issues, such as a lack of tooling and technical skills and integration concerns.
  • Third, organizations want to ensure unified visibility and control, adaptive threat prevention, and intelligent threat detection and response across workloads running on the edge, on-premises, in Azure, and in other clouds.
  • Finally, business decision-makers also typically want to partner with a reliable IoT vendor that will provide security expertise and customer support to extend their own capabilities. Make sure to do due diligence on vendor security programs to ensure they meet your stringent security requirements and provide a defense-in-depth approach to securing sensors, assets, and systems.

Decision-makers have high hopes for IoT; some 88 percent believe it will be critical to their company’s future success. Solving IoT security paradoxes now can help them accelerate its adoption safely, reaping all its rewards without setbacks that compromise IoT’s promise or senior leaders’ commitments.

Learn more about IoT security concerns and how they affect IoT adoption. Download IoT Signals today.

And in case you missed them, read the other posts in our series on the IoT Signals report: