Hi!
This is a huge question to respond to in a short post in a forum. First of all, the most things that governs any IT-installation applies also to IoT. Use common sense. Then there are some extra things to think about when integrating sensors that can do things in real life and not only in the IT-world.
One of the first things you need to do is to analyze what type of sensors you are deploying. If it is only thermometers measuring outside temperature then it requires one level of security. If you then add thermostats to set the temperature the need for protection increases. Let's say you then add and alarm system and an electronic lock, then it needs even more protection. Say the lock is protecting a vault at a bank, that adds even more. Finally let's say you add a life critical device like a respirator or the protection of something controlling national security.
The same equipment might be used, but there are many differences in the scenarios above.
IoT Open might be used in all the above scenarios but needs different setup. If we are talking national security access to the internet is out of the question for instance.
So to summarise: Use common sense, know what type of data or control you put into the system, and set it up accordingly.
IoT Open has been proven secure in many tests and are used in mission critical applications but if you set up all wrong it might like any other tool not be fit for purpose.
I hope this answer gave some input.
