2. The IoT will inevitably intersect with the enterprise network
Just as there are no truly standalone industrial control networks and air traffic control networks anymore, there won't be a truly standalone enterprise network in an IoT world, says Amit Yoran, general manager at RSA and former director of the National Cyber Security Division at the U.S. Department of Homeland Security.
Regardless of whatever network segmentation techniques and air gaps that an enterprise might employ, there will be points where the IoT will intersect with the enterprise network. Those touch points will be highly vulnerable to attack.
The IoT will pervasively connect to everything, including enterprise networks, Yoran said. "Today we have the enterprise network and the cloud. We know we have enterprise users coming in via BYOD directly to cloud-based resources without ever traversing the enterprise network," he said.
The IoT will exacerbate the issue to a point where it's going to be incredibly messy trying to control the various internal and external devices that gain access to enterprise data stored on premise or in the cloud.
"The IoT and the enterprise network will intersect. If you can hack into a web-enabled device which also happens to have connectivity to the corporate network or infrastructure, you can create a bridge to pass traffic back and forth," from the enterprise, Yoran said.
"There are ways we can try and mitigate the risk," he said. But in the end, everything will be interconnected. "You don't have to look far into the annals of computer history to know that it is going to happen. We as a society are running headlong into it."
3. The IoT will be a world of heterogeneous, embedded devices
Most "things" in an IoT world will be appliances or devices with applications embedded in the operating system and wrapped tightly around the hardware, said John Pescatore, director of research at the SANS Institute in Bethesda, Md.
In that sense, the IoT universe will be very different from the layered software model to which IT and IT security groups are so accustomed.
For one thing, the devices themselves will be highly heterogeneous and IT will have a hard time getting everyone to use the same technology, Pescatore said.
Many of the communications protocols in an IoT world will be different as well. Instead of TCP/IP, 802.11 and HTML5, IT organizations will have to deal with newer protocols like Zigbee, WebHooks and IoT6. And instead of the typical two to three year IT lifecycles, IT will need to get accustomed to lifecycles ranging from just a few months to more than 20 years in the case of some devices, he said.
Sign up for CIO Asia eNewsletters.