Infosec pros have spent the past decade fighting a rising tide of both more users and more devices connecting to enterprise resources while at the same time trying to decrease the attack surface — that is, trying to shut down as many points of access as possible. Much of this is usually attempted by first inventorying connections, consolidating network systems and targeted servers, building portals to cut down on remote access, and advanced correlation of security events by a central security element.

Introducing IoT devices into the mix is like adding an unknown number of new doors to a building where the 100 existing doors are barely controlled. In 20 years, we’ve gone from one device per user to four or five devices per user, and face a future where we won’t have a handle on how many internet-enabled, exploitable points of entry even exist in our environment.  Read more.