Cisco Blogs

IoT: Securing the Next Chapter of the Digitization “Book”

October 24, 2016 - 8 Comments

The Internet of Things (IoT) era is here: Nearly two-thirds of organizations currently collect data from equipment, devices or other connected endpoints and use it for a business purpose, according to survey findings from 451 Research. The most common sources of IoT data are equipment related to data center IT operations (as cited by 51 percent of companies), camera/surveillance needs (34 percent), data center facilities (33 percent) and smartphones/end-user devices (29 percent).

The insatiable demand for data is driven by efforts to propel efficiency, new capabilities and will fuel IoT growth, with estimates of 50 billion devices connected to the Internet by 2020.

At Cisco, we see this innovation occurring in every customer we touch. We realize that the IoT phenomenon is another chapter in the universal digitization of the enterprise. And, as with any new “thing,” there are reasonable concerns about protection of the information within: Security remains an IoT deployment impediment for 46 percent of the organizations taking part in the 451 Research survey. “The elephant in the room is, of course, security,” as one respondent stated. “I’m getting a lot of push back on my security requirements for all of these IoT projects. I’m not budging, and … I have the blessing of my CIO not to budge.”

Fortunately, if respondents like this one convince their companies to take the right path to IoT adoption, no one will have to budge. As we continue through National Cyber Security Awareness Month in the U.S. and European Cyber Security Month, I’ll weigh in on what the history of digitization can teach us as we navigate our continuously connected lives.

Through past digitization cycles, we learned that – regardless of whether we’re dealing with the cloud, mobility or any technology that connects to the network – we need complete visibility into the way technology interacts with our business. Too often, customers buy something and “plug it in” without considering what the device maker, cloud vendor or other outside party has done to ensure that it’s secure.

With visibility, however, we gain insights into all of a device’s behaviors so we can determine how it will affect our overall security posture. We identify the hidden risks within that could ultimately harm our data. In the process, we segue from implicit trust (“We believe the vendor when they say the product is vetted and safe.”) to explicit trust (“We have asked all the questions, received the answers required to understand and even quantify how the risk factors may impact us and how to reduce the risk, and are ready to move forward.”)

To reach a state of explicit trust, we can’t be bashful about asking vendors the right questions. For example, in setting up an enterprise-wide HVAC or lighting system that’s connected to our network and exterior systems, we come up with a long list of inquiries: Which of our systems and data will the device interact with? How will it interact? What can we control in terms of what it can and cannot access? What security layers have you put in place to protect this product, and our assets? Does the vendor use their own internet connectivity by using a mobile network?

In seeking good answers to these and additional questions, we drive toward explicit trust that’s earned, not assumed. IoT and other waves of digitization are proving themselves as mission-critical – organizations will lose competitive relevance if they choose to ignore them or resist them out of fear. With complete visibility, we can invest in connected machines with our eyes wide open, with absolute awareness about what the risks are – and how to mitigate them. Thus, we successfully complete this “chapter” of the book and look forward to the next; confident that turning the pages won’t compromise our data or systems.


Join the National Cyber Security Month conversation on Twitter @CiscoSecurity #CyberAware.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. great initiative for Cisco. The country Nepal where i belong and preparing for CCIE security. over here in nepal 70% has there own mobile and other IoT stuffs. how to address this issues “I have taken the initiative to build the network, Community based connectivity and e-commerce”.
    as i went through your blog, its great initiative but in the country like mine things are getting too much complex. what i am talking about is how to deal with security issues. is there anything Cisco can help. i apologize if my English is some kind of blur.

  2. Nice Initiative By Cisco!

  3. Cisco, the best first choice for all your network security needs.

  4. I agree that asking the right questions will help a lot in IOT security. but the major issue would still the same (from user’s side – not vendor): do these IOT devices represent a risk? and the answer is yes.
    so before adding IOT device to my network, i have to know how i will respond and defend my network in case of possible attack from IOT device.

  5. Absolutely, IoT devices should not be simply permitted onto the network, but should match multiple requirements in order to be authorized onto the network. They need to be the mostly strictly controlled/audited, while at the same time allowing these devices to serve the required function for the business.

  6. This is excellent since IoT is the most demanding now in terms of advocacy, so i think SECURITY should be the fulcrum on which IoT revolved.

  7. Very informative. The content is always as expected technical and analytical in form…

  8. There is a general hesitation, I guess, to make the right move to digitization, IoT, even knowing that the statistics show a fast growing in the quantification of devices that will be connected and interacting in the IoT in the near future. We know that every time the technological advances come, needs and problems arise, during decision processes. Not only what I had established before, but certainly including security is one of the priority concerns that evolves as the threats are indoors or outdoors. Also the readiness, the appropriate knowledge, the vision, mission and purpose of each business or enterprise are dependant of a particular budget for a particular solution. As long as I read a large quantity of blog posts, I can see the great advances in software, and hardware. The companies’ solutions offering, to solve automation, security, analytics, etc. But again, the access to those wonderful tools depends on the available budget. Many of those who know their needs to be in the right move, have the hands tied to the available budget. That’s one of the main reasons that determines to be one step further or years back of the competency. I am one that likes to read good news about research and design of new solutions and gadgets, but prefer a general clear idea for small, medium and large solutions, to make and idea what will be our capital expense for the coming needs or as a base of comparison with others that offers similar products, as a general rule without looking for and immediate quotation. Thanks again for this interesting article. Deeply appreciated.