Insights

Create and Implement an IoT Strategy

Create and Implement an IoT Strategy

Internet of Things (IoT) has become one of the biggest challenges for IT departments to manage today, according to Info-Tech' Research Group latest findings. With IoT solutions becoming increasingly common, organizations must move quickly to adopt new, IoT-focused ways to collect and analyze data and automate processes and actions.

The firm's research indicates that one of the most common mistakes organizations make when working with an IoT vendor is waiting to include the IT team in the process until the IoT solution is ready to go live, rather than including the team from the beginning. This causes challenges with integrations, communications, and access to data.

"Most of the solutions available are designed to perform a specific function within the parameters of the devices and applications designed by vendors," says Sandi Conrad, principal research director at Info-Tech Research Group. "As these specific use cases proliferate within an organization, the data collected can end up housed in many places, owned by each specific business unit, and used only for the originally designed purpose."

One of the primary reasons IoT management is a challenge for IT teams is that, as many devices suddenly enter the organizational environment, IT must ensure each device is inventoried, added to lifecycle management practices, and secured. The large volume of devices and lack of insight into vendor solutions makes it significantly harder to plan upgrades and contract renewals as well as guarantee that security protocols are being met.

"In order to make these dramatic shifts to using many IoT solutions, IT needs to look at creating an IoT strategy that will ensure all systems meet strategic goals and enable disparate data to be aggregated for greater insights," adds Conrad.

IoT solutions may be chosen by the business, but to be successful and meet their requirements, a partnership with IT will ensure better communications with the service provider and provide several other benefits, such as:

  • New insights into how an organization interacts with its clients and how clients use products and services.
  • A framework to quickly assess the risks and develop a communications plan.
  • A collective understanding of how devices will be tracked, managed, and maintained is imperative to IT securing their systems and data.
  • Quick time to value and immediate implementation of controls to meet operational and security requirements.

Info-Tech recommends that if an loT steering committee doesn't already exist, or if the committee's mandate will not include IoT, to consider creating such a committee to set standards and processes and to quickly evaluate solutions for feasibility and implementation.

Internet of Things framework

Interoperability of multiple IoT systems and data will be required to maximize value.

GOVERNANCE

What should I build? What are my concerns?
Where should I build it? Why does it need to be built?

DATA MODEL ——› BUSINESS OPERATING MODEL
Data quality
Metadata
Persistence
Lifecycle
  Sales, marketing
Product manufacturing
Service delivery
Operations

|—›

BUSINESS USE CASE

‹—|
  Customer facing Internal facing ROI  
  ˆ
|
 
ETHICS
Deliberate misuse
Unintentional consequences
Right to informed consent
Active vs. passive consent
Bias
Profit vs. common good
Acceptable/fair use
Responsibility assignment
Autonomous action
Transparency
Vendor ethical implications
  ˆ
|
 
TECHNICAL OPERATIONAL MODEL
Personal data
Customer data
Non-customer data
Public data
Third-party business data
Data rights/proprietary data
Identification
Vendor data
Profiling (Sharing/linkage of data sets)

CONTROLS

How do I operate and maintain it?

1. SECURITY

  • Risk identification and assessment
  • Threat modeling – ineffective because of scale
  • Dumb, cheap endpoints without users
  • Massive attack surface
  • Data/system availability
  • Physical access to devices
  • Response to anonymized individuals

2. COMPLIANCE

  • Internal
  • External NIST, SOC, ISO
  • Profession/industry
  • Ethics
  • Regulatory PII, GDPR, PIPEDA audit process

3. OPERATIONAL STANDARDS

  • Industry best practices
  • Open standards vs. proprietary ones
  • Standardization
  • Automation
  • Vendor management

4. TECHNICAL OPERATIONAL MODEL

  • Platforms
  • Insourcing/outsourcing
  • Acquisition
  • Asset management
  • Patching
  • Data protection
  • Source image control
  • Software development lifecycle
  • Vendor management
  • Disposition/disposal

BRIDGING THE PHYSICAL WORLD AND THE VIRTUAL WORLD

How should it be built?

This diagram shows 'Data Normalization' from physical to virtual and 'Instructions' from virtual to physical.

To learn about all phases of creating and implementing an IoT strategy, from defining your governance process to defining the intake and assessment process to preparing for a proof of value, download Info-Tech's Create and Implement an IoT Strategy blueprint.

Article published by icrunchdata
Image credit by Getty Images, Moment, Yuichiro Chino
Want more? For Job Seekers | For Employers | For Contributors