Step 1: Manage Security at Every Level of IoT
Former RSA CTO Deepak Taneja has called the lack of IoT security a "time bomb." During a panel discussion at the TIE Startup Con panel in May 2015, Taneja said that technology is advancing at a rate that's outstripping enterprises' ability to secure internal and cloud resources, and then along comes IoT in the form of all sorts of networked sensors and gadgets. "Organizations aren't spending that much on security. It's increasing, but it's not enough and IoT only makes it worse. So it is a time bomb."
Take a hospital as an example. Virtually every medical device — from the bedside machine monitoring a patient's vital signs to MRI machines — is connected to a network in order to effectively communicate, share data, and improve collaboration among medical personnel. Very few of these have any security technologies to protect them from attackers either stealing information or easily taking control of these devices.
As the connected world grows, each layer of technology needs to incorporate identity to secure the object, its access, and every transaction. Once we start to formulate a plan for each disconnected "thing" morphing into an intelligent and connected item, it becomes obvious that password security is obsolete and there is a need for a technology that is compatible, open, scalable, and proven trustworthy.