An Internet of Things policy (IoT policy) is a document that provides a comprehensive guide to help an organization promote the development of the IoT and/or deal with the complex issues related to that develoment.
Although the burgeoning Internet of Things promises advances in communications that could benefit an almost endless range of human endeavor, it also poses many problems. In terms of IoT security, for example, huge numbers of devices that were never designed to be connected to networks are now being made addressable and given the ability to connect to other devices and exchange data independently over the internet or a similar network. Those capacities are often added to a product without addressing the need to protect a device from unauthorized access -- and if an unprotected device is accessed it may put any networks it connects to at risk.
The specifics of an IoT policy vary among industries and organizations, but security and privacy are usually the highest priorities for personal, public and enterprise safety. Other concerns, such as interoperability and standardization, are essential to IoT development. As the IoT develops and legislation is created to regulate its applications and operation, regulatory compliance is also likely to become increasingly significant for IoT policies.
Here are a few of the many considerations for IoT policies:
What IoT devices should be allowed to access a given network and what controls should be put on that access?
How should network and resource access be prioritized among various IoT devices and systems?
How can IoT infrastructure development be most effectively fostered?
How can standardization and interoperability of devices be mandated?
What legislation should be created to prevent format wars?
What types of measures need to be in place to protect an enterprise across the entirety of its IoT attack surface?