Wake Up CIOs, ‘Shadow IoT’ Is Here

by CXOtoday News Desk    Jun 10, 2015


The Internet of Things (IoT) is in its early stages, but it has already created uproar in the enterprise and consumer world. From connecting our smartphones to the Internet to doing a video conferencing over smart TV, experts believe that unseen IoT networks are more or less everywhere, communicating with each other so much so that we are not aware in most cases, giving rise to what is called a ‘Shadow IoT’.

new report by security firm OpenDNS which  explains the implications of ‘Shadow IoT’ believes that the billions of tiny data from IoT devices are popping up everywhere like a digital plague in the enterprise, having serious implications on corporate security.

The report states that shadow IoT is similar to that of shadow IT, in many ways. For example, when employees access unapproved company data, say,a smartphone, which has not been approved by your IT department to access corporate data, falls into wrong hands. It’s likely for such device to not have a mobile security solution like MDM installed, leading to serious threat to the corporate data.

Read more: Why ‘Shadow IT’ Is Still Thriving

In the age of remote access and connectivity, this is becoming even stronger where every other object will be connected to one another. The latest global study by Berg Insight predicts that the number of wireless IoT devices in automation networks will grow at a CAGR of 27.2 percent to reach 43.5 million by 2020.

Another issue with shadow IoT as Malik Zakaria, MD, ExterNetworks notes in his blog, shadow IoT increases the chances of bandwidth and power efficiency conundrums. “The data that these devices use will take up a large amount of bandwidth, possible so much that you’ll need more bandwidth to accommodate the device’s bandwidth needs,” he says.

Overcoming the issue

In simple words, “It’s time for the CIO to wake up!” With round-the-clock access to the Internet, such connectivity issues can be resolved to a great extent. As Zakaria believes, much like the Shadow IT issue, in case of Shadow IoT, the IT department needs to conduct regular reviews of its network data, identifying where data is coming from and where it’s going to. If any non-compliant hardware or software applications are being used, the issue needs to be remedied as quickly as possible.

All network managers should reports to the CIO to ensure that IoT- and shadow IT-related obstacles are identified and addressed in a timely fashion, he says and this should be done ‘quick’ as any type of hidden vulnerability could lead to a data disaster.

 Researchers at OpenDNS discovered that in some companies IoT infrastructure used by devices, such as smart TV was found to be vulnerable to major flaws such as Heartbleed and have greater chances of hackability. In another instance, companies were transferring data to the cloud in heavily regulated organizations on hard drives – something IT departments would surely not approve.

“It’s clear that IoT devices are making their way into our corporate networks, but are not up to the same security standards to which we hold enterprise endpoints or infrastructure,” says head researcher Andrew Hay.

Unless security professionals and researchers can better understand the implications of shadow IoT, the connected devices in their own environments would be subjected to high level of risks.

Hay concludes that today, the risk may be modest but as these devices grow to define a computing future in which untended proprietary systems become the norm, shadow IoT is bound to cause serious concerns, and is now offering enough opportunity for vendors and IT departments to find a way out.