Is an IoT device an asset or vulnerability? The answer may surprise you.

The following is a guest post from our partner, Securadin. Click here for the original post.


Today, more than ever IoT devices have become an integral part of our daily lives. They are connected to a vast network that allows us to control everything from our thermostats to our garage doors.

More importantly, we rely on IoT devices to manage the security and efficiency of data centers, property management systems, and various other industrial or environmental facilities. However, plain text IoT devices can be notoriously vulnerable to external threats such as hacking and data breaches. This is precisely why it’s critical to implement encryption when it comes to these devices.

When we talk about encryption, we mean the process of encoding data so that it is accessible only to authorized parties. Simply put, encryption works by transforming plaintext into ciphertext, rendering it inaccessible to anyone without the proper authorization. This is extremely important when it comes to IoT devices as plain text communication can be easily intercepted by hackers, putting sensitive information at risk. One of the primary concerns with plain text IoT devices is the possibility of unauthorized individuals gaining physical or logical access to facilities, which is a significant security issue. This could occur, for example, when a hacker gains control of a data center chiller and shuts it down, resulting in significant financial losses and, in some cases, loss of life. Implementing encryption allows for centralized access control for these systems, preventing any hacking attempts before they could cause severe damage.

Another crucial reason why encryption is important for plain text IoT devices is to ensure that the data transmitted between these devices is secure. Since IoT devices involved in critical infrastructure are often connected to the internet, they are prone to an array of attacks such as man-in-the-middle attacks. By encrypting data, we can prevent threat actors from intercepting and reading sensitive information, which is essential in maintaining the integrity of data centers, property management, and other critical infrastructure facilities.

Furthermore, encryption also helps protect data privacy. The IoT devices that monitor and control environmental systems in industrial facilities are designed for ease of use and low-cost installation. However, these benefits can come with risk, as plain text IoT devices can transmit data that can be easily intercepted by unauthorized parties. Encryption provides an added level of protection, making sure that private data always remains secure and private.

So, the short answer is yes—IoT devices are both a critical asset and a vulnerability. That is why it is essential to use encryption in plain text IoT devices such as data center chillers, humidity controls, and power monitoring. That is crucial in safeguarding the safety, profitability and efficiency of industrial facilities. Implementing an always encrypted solution which includes encryption of data even while in-use like Paperclip SAFE® we can minimize the risk of unauthorized access, data breaches, and safeguard data privacy. It’s up to property management teams, CISOs, and data centers management to prioritize the encryption of IoT devices to protect their infrastructure and ensure the safety, profitability and privacy of their sensitive information.

Below are some additional anecdotes from the Paperclip team:

When you think of sensitive information, you are likely thinking of PII, NPI and PHI. Yet, there is a lot of data held by organizations that should be considered critical and valuable.

You can easily assess your data assets based upon two simple questions:

  1. Is this data critical to run or protect our business operations?
    • In the case of a highly available and secure data center, the answer is yes. IoT is directly attached to environmental controls that are critical to server operations and fire suppression. IoT devices also monitor and control access both physical and cyber.
  2. If this data were to fall under control of a threat actor, would it damage our operations?
    • The answer in the case of IoT devices is a resounding yes. Simply modifying the temperature will affect server performance and/or kill operability. Spoofing or mimicking a data center fire will knock out data center operations and potentially affect the safety of staff. Lastly, access controls may be compromised creating a “blind spot” and allowing a threat actor to gain physical access to the controlled environment.

Like the IoT device data identified by Securadin, data often considered to be common or basic operational data, in the wrong hands can be disruptive or catastrophic. Encrypting this data, even while it is in use, will remove it from threat actor manipulation, theft, or exploit.

Contact Paperclip to learn more about how you can protect your controlled, sensitive, and private data today.