I have to admit, I haven’t given this a lot of thought, mostly because the one discussion I’ve ever been involved with showed so many security risks that we didn’t delve any further in to it. But, I guess people are actually doing this so maybe they should read this:
So far so good. But this reasoning emphatically does not carry over to the emerging practice of shadow IoT, which has become a growing concern in the last year or so. Basically, we are talking about when people in your organization add internet-connected devices (or worse, entire IoT networks!) without IT’s knowledge.
Those renegades are likely seeking the same speed and flexibility that drove shadow IT, but they are taking a far bigger risk for a much smaller reward. Shadow IoT takes shadow IT to another level, with the potential for many more devices as well as new types of devices and use cases, not to mention the addition of wholly new networks and technologies.
The one case I heard of was someone looking into having their Echo read their work emails to them at home. There were a ton of security implications, not the least of which was anyone else in earshot hearing confidential information, or getting the device to read them without you there, let alone how much Amazon would be listening in. There was simply no way they’d be able to satisfy all of the questions around confidential information to make it worthwhile.
We hadn’t even gotten into how many other devices in the home would also be listening in on the Echo, or which of those had been hacked AND listening in.
There’s simply no way to keep that secure right now. I’m not saying you can’t have the convenience of IOT devices, I’m just saying they aren’t secure, so maybe keep your private info away.