IT Governance for IoT Projects
Given the excitement around Digital, IoT based initiatives rarely go through necessary IT governance checks. Governance is often skipped and implementation is rushed, when IT vendors, directly selected by CEO/CFO/Board members approve business cases which talk highly about promised productivity and revenue gains, fuelled by IoT.
Unless IT Leaders assess the IoT risks before the start of project, IoT projects like any other IT project can lead to unmet expectations, frustrations and failures. As an IT Governance and planning professional, I am suggesting a checklist to help IT leaders successfully navigate an IoT project.
- Know all integrations : Poor scope of integrations can spiral project costs. IT leaders need to set clear expectations with the project sponsors for integrating IoT devices with their existing analytics and business applications. While the IoT vendors will claim having API for everything. IT Leaders should remain cautious and preferably conduct a pilot project to understand integration capabilities of proposed solution at device, data and process
- Assess security risks : If not secured properly, IoT devices can allow hackers to compromise corporate networks. IoT device planners should prefer device vendors offering secure devices with authentication, patching and logging at minimum, while encouraging network segmentation and encryption of all traffic moving between nodes.
- Plan disaster recovery : IoT failure during the critical workloads can lead to Health and Safety issues. Hence it is important that IT Leaders plan for DR investments, right at the start of project. Key areas to consider for DR include : provisioning network redundancy and resilient front end application and database architecture with low RTO and RPO.
- Confirm firmware upgrades : IoT devices could require integrations with firmware on board legacy physical systems. IT Leaders should understand the upgrade cycle and version compatibility of IoT products with legacy business applications, some of which might not be upgradable at all.
- Outsource IoT Skills : Hiring resources with IoT skillset can be a challenge. An end to end IoT solutions will require resources with complex skills across embedded applications engineering, cloud computing, networking, security, and analytics domains. Organizations piloting first IoT projects should explore alternative sourcing models such as Managed IoT Services till they reach a scale where volumes justify insourcing IoT talent.
IoT Projects Governance is an emerging discipline. Feel free to share your own experiences and contribute to building knowledge in this area.