A recent bulletin from the FBI to private enterprises stated that the \u201cexploitation of the Internet of Things (IoT) to conduct small-to-large scale attacks on the private industry will very likely continue.\u201d This bulletin came just five days after the Oct. 21 DDoS attacks that sent us all into a bit of a panic. Our favorite sites were down Twitter, Netflix Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast and the PlayStation network. Beyond these high profile sites, it is likely that thousands of online retail operations were disrupted. We all waited with anticipation wondering which big website was next. Was this the start to a cyber warfare attack?\n\n\nTurns out it was hackers using a network (Mirai botnet) of internet-connected devices to attack a large Internet service provider Dynamic Network Services Inc., also known as Dyn.\n\n\nWhile our fears subsided for now, this large attack that affected millions got me thinking, and apparently the FBI too. We have an interesting ride ahead.\n\n\nIoT is still really in the early stages. Yes, it\u2019s been around for years but its full potential is a ways off from being 100 percent realized. Much like the internet and the cloud, companies will also rely heavily on IoT as part of their business practices. We will continue to see it scale and our reliance on it grow as IoT makes its way into full production.\n\n\nAs we get used to this new way of life we are going to see similar issues to what we faced when cloud emerged as part of the IT data center. It\u2019s a positive change, but with that change also enters challenges. I was recently in Washington, DC speaking to Congress just on this very topic. Security is the linchpin to the future of IoT. If consumers, enterprises, and the federal government don\u2019t believe their data and privacy are protected, they\u2019ll be hesitant to adopt new technologies no matter how efficient they are.\n\n\nThere are some things we can do to be better prepared. Here are six ways you can enhance the security of your IoT infrastructure:\n\n\n1)\u00a0\u00a0\u00a0 Before starting an IoT infrastructure project, make sure your IT teams and CISOs are not only consulted, but involved in the process. Right now these programs are largely led by either operational technology or the business itself. IT should be involved so there\u2019s a technology expert who can proactively work with the engineers in building the infrastructure (ideally, security and infrastructure architecture should encompass IoT).\n\n\n2)\u00a0\u00a0\u00a0 Your IoT infrastructure has to be secure by design. Building security controls into the IoT solution from the get-go is far more cost-effective than adding them later in the development cycle or, worse, after deployment, when the vulnerability becomes public.\n\n\n3)\u00a0\u00a0\u00a0 IT is required to have tools for managing and administrating the various gateway devices that bridge the connected \u2018things\u2019 and the Internet. This would eventually resemble a data center with thousands of end points and servers.\n\n\n4)\u00a0\u00a0\u00a0 The architecture must consider data that should reside on the edge, and data that should be in the cloud. Most of these solutions will be a hybrid of both.\n\n\n5)\u00a0\u00a0\u00a0 Traditional IT vendors must take a serious look at the IoT space and get involved in open source and standards consortiums.\n\n\n6)\u00a0\u00a0\u00a0 Segmenting the network between the traditional IT side and the IoT side should be considered. Leveraging a SDN architecture would be a big enabler for this.\n\n\nYou will hear more from me on this topic in the future, in the meantime, please feel free to share your thoughts below.