Data security in the Internet of things (IoT) is often implemented by means of encryption, which can be burdensome for some entities. We propose in this paper a solution based on routing, by which data are forwarded only to entities that are intended to receive them. An IoT network can be seen as a partial order of equivalence classes of entities, and each entity can be labeled according to the position of its equivalence class in the partial order. The partial order can be constructed according to requirements of secrecy (or confidentiality), integrity and conflicts. Routing tables among entities can be compiled by using the labels. The method is demonstrated in this paper for Software defined networking (SDN) routers and controllers. We propose a centralized IoT architecture with a cloud structure using SDN as networking infrastructure, where storage entities (i.e. cloud servers) are associated with application entities. A small ‘hospital’ example is shown for illustration. Procedures for network reconfigurations are discussed. We also demonstrate the method for the normal case where different partial orders coexist among a set of entities. The method proposed does not impose an overhead on the normal functioning of an SDN network, since it requires calculations only when the network must be reconfigured, because of administrative intervention or policies.