As Internet of Things invades the enterprise, companies need to revamp their approach to protecting data because the old ways aren\u2019t going to get the job done. Not in a world of 25 billion or more IoT devices connected to the Internet by 2020, as Gartner predicts.So, what are the new challenges that IoT will present?The biggest change IoT brings is a new scale to an organization's data protection strategy, both in terms of diversity of devices and volume of data that is generated, according to Basil Hashem, senior director of mobile strategy at VMware.Nick Howell, technology evangelist for Cohesity, a converged storage solution provider, adds, \u201cFrom a data protection perspective specifically, the more data you have, backup windows and second tertiary storage requirements, processes tend to grow exponentially. You get the hockey stick effect, and the continued sprawl of silos intended to handle this individually just can't be tolerated. New approaches have to be taken with the sheer amount of data.\u201dJaspreet Singh, founder and CEO of Druva, a converged data protection provider, points out that not only will there be more data, it will be more dispersed. Consider the difference between having enterprise data living in one place -- your data center -- and having data flowing in from IoT devices located anywhere and everywhere.\u201cData protection becomes more challenging because the vast majority of these devices and the networks they use to communicate are not under the control of enterprise IT. This is because IoT devices are often associated with operational technology (OT) like machinery, aircraft engines, within an automobile, etc. and continuously generate information about various device and environmental parameters (temperature, pressure, torque, etc.),\u201d adds Hashem.That leads into the next challenge. \u201cThe biggest change that comes with the current Internet of Things wave is greater awareness of the existence of (often insular) operational technology systems. This new awareness often sparks the desire to integrate these systems with existing enterprise software for greater transparency, more efficient workflows and innovative approaches to business enabled by these new integration bridges,\u201d says Clemens Vasters, principal architect for Azure IoT at Microsoft.So, what should enterprises do to prepare for IoT?1. Develop a strategyWhen addressing IoT for enterprises that don\u2019t have a data protection strategy, Microsoft\u2019s Vasters recommends creating one that defines the principles and rules for how corporate data is handled, secured and safeguarded against loss, even under catastrophic circumstances.The corporation doesn\u2019t need to own and immediately control all places where data lives. But companies do need to know who holds that data, whether the operator policies are compatible and ensure that clear liability rules exist for noncompliance.2. Assess risk\u201cI think it all comes down to starting with a risk assessment and risk analysis. I think that's the first piece of advice if I was sitting down with someone,\u201d Marc Blackmer, product marketing manager, Industry Solutions, Security Business Group, Cisco, advises. Blackmer also recommends developing an asset catalog. He then recommends understanding the data flow model both within your applications and between your applications, along with any third-party integrations.\u201cSo, part of the complexity we're talking about is the fact that there are a myriad of third parties talking to each other,\u201d Blackmer says. \u201cAnd that becomes very unruly and causes organizations to throw their hands up in the air.\u201d3. The human factorMark Hammond, senior manager, security practice, Cisco, recommends that companies take a number of steps, including conducting risk assessments, understanding and cataloging the data that you do have, minimizing sensitive data, then following best practices for data hygiene and security controls.\u201cAnd probably on top of that adding the complexity of all these interacting systems is obviously the human factor as well,\u201d Hammond says. \u201cSo the policies and procedures that get attached to that, it's probably the other biggest change that folks are going to have to deal with.\u201d4. Think about procurementVasters says enterprises should consider whether to expand IT procurement policies to all networked digital assets. It\u2019s common for corporate IT to require baseline security capabilities in all equipment, and to mandate that all software vendors address any detected security vulnerabilities promptly throughout the support life cycle.5. Protect endpoints Druva\u2019s Singh advises looking at endpoints as your first line of defense as you onboard more IoT devices. He also advises making the information life cycle part of your decision-making process when you choose IoT management applications and devices as part of your enterprise strategy.6. Break down silos Howell says, \u201cThere are a massive amount of data protection silos happening out there and consolidating all of those into a single unified platform that can be dedicated to the management of this massive tier of secondary storage is key.\u201dHowell further recommends consolidation because too many companies are losing track of data at rest onsite, offsite and in the cloud. Companies need to make a complete overhead view of all of that data; including age and location in order to understand what you're truly working with.\u201cJust by virtue of getting yourself organized onto a centralized platform, you're going to eliminate the need for a lot of these silos that you've been using over the last 10 to 15 years if not longer,\u201d Howell offered. \u201cSo there's going to be a massive cost saving associated as well. I think that's going to be required to offset the storage costs needed to house all of the data that the IoT era is going to generate.\u201d7.\u00a0\u00a0\u00a0\u00a0\u00a0 Address identity and encryptionTrent Telford, CEO of Covata, a secure enterprise-grade file storage and sharing solution provider, says, \u201cUnderstand identity from a device perspective, not from a personal human perspective. Because all identity actually means is `do I want to trust a thing or a person\u2019, so you've got to get your head around identity. That's a job for the enterprise because now every endpoint in a way is like the human you allow to log into your network, because now you're allowing a sensor or an endpoint.\u201dYou\u2019ll also need to address how you\u2019ll roll out the encryption or the management of all your keys according to Telford. Key management is going to become difficult to manage and will grow as a problem.Kelly is a freelance writer. He can be reached at\firstname.lastname@example.org.