By 2030, Statista expects more than 32 billion IoT devices in the world. Gartner predicted in 2018 that 75% of enterprise-generated data will be created outside of centralized data centers or clouds by 2025, as data moves closer to the edge.
Enterprise IT teams manage many of these IoT devices. Yet, IoT devices still pose a significant security concern, as demonstrated by a major security breach in February 2025 that exposed over 2.7 billion records in an unprotected IoT database.
For network professionals, this rapid growth of IoT devices should raise major concerns about how to secure edge computing and IoT access points in their networks.
3 Key Edge Risk Points
The first step in hardening edge security begins with a look at the following risk points:
-
Emerging IoT attack methods.
1. IoT devices are inherently insecure
A majority of IoT devices come with wide-open default security settings. The IoT industry has been lax in setting and agreeing to device security standards. Additionally, many IoT vendors are small shops that are more interested in rushing their devices to market than in security standards.
Another reason for the minimal security settings on IoT devices is that IoT device makers expect corporate IT teams to implement their own device settings. This occurs when IT professionals — normally part of the networking staff — manually configure each IoT device with security settings that conform with their enterprise security guidelines.
Unfortunately, IT departments don’t always take this step. IoT and edge computing implementations get rushed, and the detail of setting each IoT device’s security is overlooked when there could be hundreds or thousands of IoT devices on an edge network.
In other cases, the policy requirements and procedural steps for securing IoT devices might not be formally documented in network operations.
2. It’s a challenge to control all user IoT devices
End users frequently have their own IT mini budgets, such as a team at an edge network operation in a remote manufacturing plant or a warehousing facility. They independently purchase RFID readers, smartphones, sensors and routers — and the IT networking group might not know about it until a security crisis, and they get a call.
These incidents are propagating as citizen IT continues to expand in companies. Social engineering — an attempt by attackers to trick humans into giving up access, credentials and other sensitive information — is also growing as a major corporate security threat.
I’ve seen this firsthand during a visit to a small construction company. The user, a construction site manager, spoke about how they had installed their own network for site communications. They did it without IT and followed the vendor’s installation instructions. However, this manager couldn’t answer questions about what kind of security the network used.
3. We’re still learning about IoT attack technologies
Most IoT devices are not enterprise-grade. They might come with weak or outdated internal components that are vulnerable to security breaches or contain sub-components with malicious code.
Because IoT devices are built to operate over various communication protocols, there is also an ever-present risk that they aren’t upgraded for the latest protocol security. Given the large number of IoT devices from so many different sources, it’s difficult to execute a security upgrade across all platforms. Many IoT devices don’t encrypt data during transmission or at rest.
Tackling IoT and Edge Security
Edge networks with IoT present unique challenges, but networking staff can take several steps to harden IoT and edge security.
1. Use zero-trust networks
A zero-trust network can track any activity or user behavior that occurs on a network, whether the network is internal or an edge network installed thousands of miles away. With zero trust, network pros receive an immediate alert if any device is added, modified or removed from a network. This helps identify edge network and IoT device changes that end users might make.
2. Educate
Network managers and CIOs should educate senior management about the necessity of investing in zero-trust networks to secure edge computing and IoT. They need management’s support and dollars for zero-trust investments.
3. Reform the RFP process
Part of the senior management education process should be gaining support from management for a centralized RFP process for any new IT, including edge computing and IoT. This process should occur whether the request is from IT or through an end-user department IT mini budget. This enables IT and others to know what is being planned, and to interview vendors and check out technologies for security and compliance before purchasing.
4. Adopt identity governance and administration
Most enterprise networking groups currently use identity access management (IAM) to manage user identities, credentials and access permissions. IAM works well and gives a top-level view of users and activities in both on-premises and cloud-based environments.
But IAM stops there. It doesn’t have the ability to incorporate cloud-based security technologies, such as cloud identity entitlement management (CIEM), under its software umbrella or to automate compliance across all platforms. Identity governance and administration (IGA) does. Moving to IGA will strengthen the security and compliance of edge networks and IoT.
