Developing an IoT policy

IoT is no longer a nascent technology, and with its adolescence comes growing pains. Fittingly, there has been much talk lately in the IoT world about stalled implementations or pilots that are stuck in purgatory. From these missteps, one thing is clear: To successfully implement, advance and maintain an IoT project or implementation, an organization must invest in developing policies and guidelines that steer the work. More substantial upfront work and additional forethought into the issues and ramifications of connecting networks and devices that may have never aligned in the past can help alleviate many of the problems organizations face as they advance their efforts in this space.

As with any modern technology, different components of the IoT ecosystem transition across the maturity curve at their own pace. Many Fortune 500 companies, small and medium-sized businesses and government entities are aiming to transform their business, develop new markets and optimize operations with IoT practices. There is a consistent demand to create a reusable and repeatable framework that can enable this realization while continually accommodating evolving business needs and revolutionizing technology into a broad IoT ecosystem in manufacturing, retail, public safety, government, transportation, education and other segments.

The value proposition of IoT is being enhanced continuously with the rapid pace of innovation and exponential growth of connected devices, diversity of networks, platforms that manage the complete system, data analytics, data lakes, data ponds, security services, mobile applications and end-user services. However, an IoT ecosystem also carries inherent risks due to the evolving nature and sensitivity of data.

The IoT ecosystem is complex, ever-evolving and solving new business needs daily. This complexity is driving a need for guidelines that enable a successful and responsive IoT practice within an enterprise. The Midwest IoT Council recently developed a policy framework which can serve as a guide for any business or government entity providing or using IoT products and systems.

There are four key areas where it’s imperative for organizations to establish guidelines and policies:

1. Governance — Effective governance policies strike a thoughtful balance between participation, accountability, access, privacy, coherence and safety without constricting innovation and creativity;
2. Security — It’s essential to build a system with security in mind from the start, rather than including security in hindsight, with focus and consideration on the protection of the public and resilience to attacks;
3. Data management — Any IoT system should be open and transparent about the ownership and retention of data, any transfers of data and the chain of custody of data; and
4. Privacy — IoT deployments must protect and respect the privacy of individuals and the confidentiality of the enterprise/agency; there is always a balance that needs to be established between transparency and access right.

While the specifics of an IoT policy will vary between industries and organizations, the presence of a plan itself that is readily accessible and widely understood should not. As IoT enters its second decade, it remains an area of tremendous promise for many industries. However, taking steps to ensure that proper procedures and parameters are in place before taking the plunge is essential in any effective and transformative IoT implementation.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.