Manage Learn to apply best practices and optimize your operations.

Expanding IoT: Evolving cyber and compliance for your business

Today, every business is a digital business. More and more CEOs are seeking opportunities to implement or leverage IoT technologies to reap the benefits of the data economy. The implementation of IoT and its associated connectivity, services and revenue potential signifies the tremendous cusp of business change, liabilities and requirements before us.

IoT expands the information supply chain 360 degrees. As customer solutions, data transfers, vendor and supplier communications, and data resale capabilities arise, new security standards, compliance requirements, and fiduciary and financial liabilities emerge as well. For entities operating in highly regulated industries such as government, healthcare and transportation, comprehensive information security practices must integrate or transition to meet updated standards such as European Union General Data Protection Regulation (EU-GDPR) (Regulation 2016/679), personally identifiable information (PII) and controlled unclassified information (CUI) requirements within both the centralized and edge computing practices of IoT. The result? The data economy of IoT requires greater agility, customer level adaptability and ongoing security updates.

Many CEOs are jumping on the IoT train because they realize the benefits of gaining information, connectivity and new capabilities from a variety of known and unknown data sources. However, deriving business ROI from IoT requires the application of the DevOps mindset in planning, design, integration and across the cybersecurity and regulatory compliance spectrum.

Often, many businesses that are new to IoT are challenged to implement automated system-of-system security capabilities and practices to manage the protection of CUI, EU-GDPR, PII and other regulatory and due diligence risk mitigation. IoT delivers rapid information flow and the potential for rapid response at the edge of connectivity exactly where these exchanges are at the highest risks for data leaks and breaches. In this context, maturing information protection practices, workflows and independent assessments of risk exposure are key to achieving and maintaining compliance and cybersecurity regulations.

How the DevOps mindset may establish IoT security practices

IoT will fundamentally change how companies are collecting, producing and sharing data internally and with their (likely) global supply chain. As the velocity and volume of these data-rich transactions continue to increase, traditional security and compliance practices may become inconsistent with the implementation and use of IoT. Businesses that understand IoT will likely leverage the DevOps mindset in order to apply security-by-design and in context.

IoT cyber and compliance

Figure 1: Automation and scaling of IoT services map to DevOps and the evolution of automated cyber and compliance

Essential to success is using the DevOps mindset for cyber and compliance as a means of achieving reliable data privacy and protections. This focus of constant evolution will evolve further as implementation of CUI for government contractors under the FAR and DFARS clauses are fully implemented and enforced. Additionally, as rules such as GDPR continue to take precedent, companies will need to think about their practices to secure the code, the environment of IoT and the transactions of the IoT customers.

Organizations that are integrating IoT into their business should equally prepare for a deep digital transformation in their cyber and compliance practices. Rethinking device connectivity and enterprise IT needs translates into adopting a new mindset that captures the forces of cloud, revenue-generating IoT, and automated cyber and compliance protections for the applications, customers, and the underlying intellectual property.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close