The continued progression toward the Internet of Things (IoT) is undeniable. After all, fully automated production facilities are now a reality, and we\u2019re even seeing real-world applications such as connected automobiles that can automatically apply the brakes because sensors receive information about an accident around the next curve.\nWith today\u2019s cacophony of technology, the days of building a moat around the castle are over. Depending on which numbers you believe, IoT will usher in as many as 50 billion connected devices in the next five years\u2014which could prove conservative. That represents significantly more devices than there are humans. The question is: How do we fit security around all this technology in a meaningful way despite the challenges? Just consider this short list:\n\nEven though these are mostly machine-to-machine communications, such an increase in connections sends an organization\u2019s attack profile through the roof.\nThere are also brand-new threats. For instance, who really thought industrial control systems would ever connect to the back-office network? Yet bridges exist between once-disparate networks.\nMost CISOs are already drowning in log data, so going from 5,000 to 250,000 endpoints in a day is overwhelming. All of a sudden, analytics are extremely important.\n\nDespite the massive numbers, the steps to IoT security are actually quite simple. Since resources are limited, organizations need to focus on where they are most likely to begin their IoT journey. This often means being at the table when IoT project discussions get started \u2013 to help solidify the organization\u2019s definition of IoT and help determine which projects take priority. What\u2019s more, being an active participant in the IoT discussions enables IT to plug into the innovators. Fortunately, most people are open to having those security conversations, because attacks are so widespread and publicized. There is no turning a blind eye to the problem.\nOf course, using business needs as a guideline, CISOs should narrowly define the parameters of interactions. Acceptable activities and behaviors associated with many of the systems should be limited. For instance, why would an automated corn combine need to download anything from Pandora?\nThe best way to create these definitions is to open communications with the operators and engineers. In doing so, we have an opportunity to get communication and analytics right from the start and can avoid mistakes that potentially lead to catastrophic vulnerability\u2014an extreme example might be not setting definitions on a connected nuclear reactor.\nProperly handled, securing IoT could help transition cybersecurity from its traditional role of gatekeeper to being an enabler. IoT is already driving speed to market in manufacturing, mining and utilities. Aptly secured, IoT can enable the organization to try new things, including chasing new revenue opportunities.