Manage Learn to apply best practices and optimize your operations.

Expanding IoT: Evolving cyber and compliance for your business

Today, every business is a digital business. More and more CEOs are seeking opportunities to implement or leverage IoT technologies to reap the benefits of the data economy. The implementation of IoT and its associated connectivity, services and revenue potential signifies the tremendous cusp of business change, liabilities and requirements before us.

IoT expands the information supply chain 360 degrees. As customer solutions, data transfers, vendor and supplier communications, and data resale capabilities arise, new security standards, compliance requirements, and fiduciary and financial liabilities emerge as well. For entities operating in highly regulated industries such as government, healthcare and transportation, comprehensive information security practices must integrate or transition to meet updated standards such as European Union General Data Protection Regulation (EU-GDPR) (Regulation 2016/679), personally identifiable information (PII) and controlled unclassified information (CUI) requirements within both the centralized and edge computing practices of IoT. The result? The data economy of IoT requires greater agility, customer level adaptability and ongoing security updates.

Many CEOs are jumping on the IoT train because they realize the benefits of gaining information, connectivity and new capabilities from a variety of known and unknown data sources. However, deriving business ROI from IoT requires the application of the DevOps mindset in planning, design, integration and across the cybersecurity and regulatory compliance spectrum.

Often, many businesses that are new to IoT are challenged to implement automated system-of-system security capabilities and practices to manage the protection of CUI, EU-GDPR, PII and other regulatory and due diligence risk mitigation. IoT delivers rapid information flow and the potential for rapid response at the edge of connectivity exactly where these exchanges are at the highest risks for data leaks and breaches. In this context, maturing information protection practices, workflows and independent assessments of risk exposure are key to achieving and maintaining compliance and cybersecurity regulations.

How the DevOps mindset may establish IoT security practices

IoT will fundamentally change how companies are collecting, producing and sharing data internally and with their (likely) global supply chain. As the velocity and volume of these data-rich transactions continue to increase, traditional security and compliance practices may become inconsistent with the implementation and use of IoT. Businesses that understand IoT will likely leverage the DevOps mindset in order to apply security-by-design and in context.

IoT cyber and compliance

Figure 1: Automation and scaling of IoT services map to DevOps and the evolution of automated cyber and compliance

Essential to success is using the DevOps mindset for cyber and compliance as a means of achieving reliable data privacy and protections. This focus of constant evolution will evolve further as implementation of CUI for government contractors under the FAR and DFARS clauses are fully implemented and enforced. Additionally, as rules such as GDPR continue to take precedent, companies will need to think about their practices to secure the code, the environment of IoT and the transactions of the IoT customers.

Organizations that are integrating IoT into their business should equally prepare for a deep digital transformation in their cyber and compliance practices. Rethinking device connectivity and enterprise IT needs translates into adopting a new mindset that captures the forces of cloud, revenue-generating IoT, and automated cyber and compliance protections for the applications, customers, and the underlying intellectual property.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.