The IoT may be a whole new area for your organization, but sticking to the fundamentals of a tried-and-tested methodology is still the best path to project success, argues John McBride, cloud architect at Asavie.
Yes, you read it correctly: this article will argue that the tried-and-tested IT operating model of ‘plan, build, run’ is still relevant for the IoT.
Many IoT projects start out in shadow IT. This is great for innovation and rapid development, but bringing IoT projects into the more structured realm of the IT group, and adopting a more disciplined approach – such as the plan, build and run methodology – can be the foundation of a successful IoT implementation. If IoT projects remain solely the preserve of shadow IT, they present multiple risks to the organization.
Regardless of the chosen methodology, the planning phase of an IoT project raises many questions. IoT projects are comprised of many complex moving parts, so the right time to ask questions is at the beginning of a project. It is too late to ask these questions once the project is in production. “Plans are useless,” as Eisenhower once said, “but planning is indispensable.”
During the planning stage, there are many variables to consider. Connected devices typically lie outside the organization’s traditional remit, so it is wise to include IT in the planning phase and to assess the impact of IoT devices.
The first consideration is data classification. What is the sensitivity, value and criticality of your data? How should your data be protected against eavesdropping or modification? With the EU General Data Protection Regulation (GDPR) around the corner, what regulatory controls apply? These are important questions that need to be answered early in order to assess the risks to your business and customers. Consider a MedTech IoT application; in this case, privacy and data integrity are key concerns, with potentially fatal consequences if data is compromised.
How will you update your device? This is another question which often gets ignored. It is well-accepted now that software devices require updates. So unless you are prepared to entertain the cost of field force personnel conducting updates on-site, you need to implement a mechanism which will safely update devices remotely.
Consider questions about potential partners during this phase also. As your project scales up from prototype to production, you need to identify the level of service that your connectivity and cloud infrastructure providers are capable of delivering.
The disadvantage of the plan, build and run approach is that it can hamper innovation and delay progress. However, if an organization waits until the production phase to ask these questions, there is no doubt that they will end up spending more time and money in delivering their IoT project.
Building and running
Once you have built your IoT prototype, it is important to release it into the field quickly. Only by running the project in the field can you learn about how it will hold up in an unknown environment. This will enable you to identify and address issues promptly.
In the field, a prototype will present new challenges, such as how to implement a remote software update, how to monitor software version control and data plan caps, or how to handle issues with connectivity or mobile networks.
After the field-test phase, you can take the key learnings back to the lab, prior to putting the project into production. Scaling is a big issue in moving from build to production and the selection of infrastructure, service partners, and mobile network operators is critical.
Network threats are nothing new, of course. IoT expands the scope of IT beyond the traditional enterprise parameters and into a distributed network, where enterprise network threat risks are amplified and management issues are compounded. These new circumstances demand an updated approach to network management, and the plan, build, run framework provides a solid structure to help identify and manage risks.
Using an IoT solution in the field requires network management control, visibility into traffic, alerts on billing overages, help with cost control and help with regulatory compliance for GDPR, HIPAA, and Sarbanes–Oxley.
In a real-world IoT implementation, encryption, network controls, and security are critical. Do you understand how networks operate? Do you understand the security vulnerabilities? Can you determine if and how rogue devices can be disconnected? Discovering a rogue device is far from ideal, so you need a predictive approach to alert your organization about issues before your screen goes blank.
Build your own – or partner?
It is possible to go solo and plan, build and run your own IoT project. If you have the budget and the team to realize your vision, this approach can work.
There are, however, providers that specialize in delivering IoT network connectivity and management services which complement the hardware device and IoT platform component aspects of an IoT project.
Before going too far down the DIY route, ask yourself and your team whether you originally set out to build a private IoT security and management network, or if you wanted to simply sell a solution in a specific market.
Successful IoT implementations center around asking the right questions and equipping the organization with the right tools to deal with problems. It is only a matter of time before litigation hits the IoT space, leaving organizations vulnerable to customers who identify failings in Internet of Things products as having negatively impacted their businesses.
In the future, the plan, build, run methodology may take on a new alias, but its fundamentals will never change.