In a 2013 high-profile cybersecurity incident, the personal and financial information of nearly 110 million Target shoppers were compromised. The potential path of entry: an HVAC vendor who conducted business with the retail giant. The headline-grabbing news took place a few years ago, but the take-home message remains constant: Internet of Things (IoT)-driven building automation systems (BAS) are a double-edged sword. They deliver a range of much-needed efficiencies but increase the number of threat vectors.
Using IoT for managing BAS does not have to be a game of chance. Organizations can improve their security profile by implementing a plan that includes best practices and rules for compliance along with the technology to implement it. For example, a centralized data infrastructure layer that routes all IoT devices through an application programming interface (API) can effectively deliver IoT data insights without security headaches. Based on zero trust principles, this type of technology offers a defined and monitored perimeter for security operations, and real-time data insights through a single pane of glass.