Zero-trust architecture

Zero trust means there is no lateral movement when the system is hacked. For example, a hacker uses SSH/Linux zero-day exploit to get access to one of your servers. Now the hacker can remotely access all of your IoT devices unless you use zero-trust network.

In such a network no traffic is allowed by default unless specified otherwise by the administrator, i.e. the hacker will not be able to remotely access IoT devices from the main server, but your DevOps engineer will be able to do so from his/her laptop/desktop. This architecture contrasts with traditional perimeter-based security, in which breaching the perimeter gives an attacker access to the whole system.

If you want to further improve security of your system, you should switch to decentralized architecture where there are multiple «main» servers, and hacking one of them will not result in a large data leak.