Get Instant Access
to This Blueprint

Infrastructure Operations icon

Create and Implement an IoT Strategy

IT leaders play a key role in implementing IoT successfully.

While the Internet of Things (IoT) or smart devices have the potential to transform businesses, they have to be implemented strategically to drive value. The business often engages directly with vendors, and many IoT solutions are implemented as point solutions with IT being brought in very late in the process.

This leads to challenges with integration, communication, and data aggregation and storage. IT is often also left grappling with many new devices that need to be inventoried, added to lifecycle management practices, and secured.

Unlock the true potential of IoT with early IT involvement

As IoT solutions become more common, IT leaders must work closely with business stakeholders early in the process to ensure that IoT solutions make the most of opportunities and mitigate risks.

  1. Ensure that IoT solutions meet business needs: Assess IoT solutions to ensure that they meet business requirements and align with business strategy.
  2. Make integration and management smooth: Build and execute plans so IoT devices integrate with existing infrastructure and multiple devices can be managed efficiently.
  3. Ensure privacy and security: IoT solutions should meet clearly outlined privacy and security requirements and comply with regulations such as GDPR and CCPA.
  4. Collect and store data systematically: Manage what data will be collected and aggregated and how it will be stored so that the business can recognize value from the data with minimal risk.

Create and Implement an IoT Strategy Research & Tools

1. Create and Implement an IoT Strategy Deck – A framework to assess and onboard IoT devices into your environment.

The storyboard will help to create a steering committee and a playbook to quickly assess IoT ideas to determine the best way to support these ideas, test them in Proof of concepts, when appropriate, and give the business the confidence they need to get the right solution for the job and to know that IT can support them long term.

2. Steering Committee Charter Template – Improve governance starting with a steering committee charter to help you clearly define the role of the steering committee to improve outcomes.

Create a steering committee to improve success of IoT implementations.

3. IoT Solution Playbook – Create an IoT playbook to define a framework to quickly assess new solutions and determine the best time and method for onboarding into your operational environment.

Create a framework to quickly evaluate IoT solutions to mitigate risks and increase success.

Create and Implement an IoT Strategy

Gain control of your IoT environment

Create and Implement an IoT Strategy

Gain control of your IoT environment


Table of Contents

Page Contents Page Contents
4 Analyst Perspective 27 Phase 2: Define the intake & assessment process
5 Executive Summary 29 Define requirements for requesting new IoT solutions
7 Common Obstacles 32 Define procedures for reviewing proposals and projects – BA/BRM
8 Framework 38 Define criteria for assessing proposals and projects – data specialists
9 Insight Summary 43 Define criteria for assessing proposals & projects – Privacy & Security
10 Blueprint deliverables 47 Define criteria for assessing proposals & projects – Infrastructure & Operations
11 Blueprint benefits 48 Define service objectives & evaluation process
13 Measure the value of IoT 49 Phase 3: Prepare for a proof of value
15 Guided Implementation 58 Create a template for designing a proof of value
16 Phase 1: Define your governance process 59 Communications
21 Define the committee’s roles & responsibilities 60 Research contributors and experts
23 Define the IoT steering committee’s vision statement and mandate 61 Related InfoTech Research
26 Define procedures for reviewing proposals and projects

Analyst perspective

IoT is an extremely efficient automated data collection system which produces millions of pieces of data. Many organizations will purchase point solutions to help with their primary business function to increase efficiency, increase profitability, and most importantly provide scalable services that cannot exist without automated data collection and analytical tools.

Most of the solutions available are designed to perform a specific function within the parameters of the devices and applications designed by vendors. As these specific use cases proliferate within any organization, the data collected can end up housed in many places, owned by each specific business unit and used only for the originally designed purpose. Imagine though, if you could take the health information of many patients, anonymize it, and compare overall health of specific regions, rather than focusing only on the patient record as a correlated point; or many data points within cities to look at pedestrian, bike, and vehicle traffic to better plan infrastructure changes, improve city plans, and monitor pollution, then compared to other cities for additional modeling.

In order to make these dramatic shifts to using many IoT solutions, it’s time to look at creating an IoT strategy that will ensure all systems meet strategic goals and will enable disparate data to be aggregated for greater insights. The act of aggregation of systems and data will require additional scrutiny to mitigate the potential perils for privacy, management, security, and auditability

The strategy identifies who stewards use of the data, who manages devices, and how IT enables broader use of this technology. But with the increased volume of devices and data, operational efficiency as part of the strategy will also be critical to success.

This project takes you through the process of defining vision and governance, creating a process for evaluating proposed solutions for proof of value, and implementing operational effectiveness.

Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group.

Sandi Conrad
Principal Research Director
Info-Tech Research Group

Executive Summary

Your Challenge

The business needs to move quickly to adopt new ways to collect and analyze data or automate actions. IoT may be the right answer, but it can be complex and create new challenges for IT teams.

Many of these solutions are implemented by vendors as point solutions, but more organizations are recognizing they need to bring the data in-house to start driving insights.

As IoT solutions become more prolific, the need to get more involved in securing and managing these solutions has become evident.

Common Obstacles

The business is often engaging directly with the vendors to better understand how they can benefit from these solutions, and IT is often brought in when the solution is ready to go live.

When IT isn’t involved early, there may be challenges around integrations, communications, and getting access to data.

Management becomes challenging as many devices are suddenly entering the environment, which need to be inventoried, added to lifecycle management practices, and secured.

Info-Tech’s Approach

Info-Tech’s approach starts with assessing the proposed solutions to:

  • Ensure they will meet the business need.
  • Understand data structure for integration to central data store.
  • Ensure privacy and security needs can be met.
  • Determine effort and technical requirements for integration into the infrastructure and appropriate onboarding into operations.

Early intervention will improve results. IoT is one of the biggest challenges for IT departments to manage today. The large volume of devices and lack of insight into vendor solutions is making it significantly harder to plan for upgrades and contract renewals, and to guarantee security protocols are being met. Create a multistep onboarding process, starting with an initial assessment process to increase success for the business, then look to derive additional benefits to the business and mitigate risks.

Your challenge

Scaling up and out from an IoT point solution is complicated and requires collaboration from stakeholders that may not have worked well together before
  • Point solutions may be installed and configured with support outsourced to vendors, where integrations may be light or non-existent.
  • Each point solution will be owned by the business, with data used for a specific purpose, and may only require infrastructure support from the internal IT department.
  • Operational needs must be met to protect the business’ investment, and without involving IT early, agreements may be signed that don’t meet long-term goals of high value at reasonable prices.
  • To fully realize value from multiple disparate systems, a cohesive strategy to bring together data will be required, but with that comes a need to improve technology, determine data ownership, and improve oversight with strengthened security, privacy, and communications.
  • Where IoT is becoming a major source of data, taking a piecemeal approach will no longer be enough to be successful.

IoT solutions may be chosen by the business, but to be successful and meet their requirements, a partnership with IT will ensure better communications with the service provider for a less stressful implementation with governance over security needs and protection of the organization’s data, and it will ensure that continual value is enabled through effective operations.

Pie chart titled 'IoT project success' with '12% Fully successful', '30% Mostly successful', '40% Mostly unsuccessful', and 'Not at all successful'.
(Source: Beecham Research qtd. in Software AG)

Common obstacles

These barriers make IoT challenging to implement for many organizations:
  • Solutions managed outside of IT, whether through an operational technology team or an outsourced vender, will require a comprehensive approach that encourages collaboration, common understandings of risk, and the ability to embrace change.
  • Technical expertise required will be broad and deep for a multi-solution implementation. Many types of devices, with varied connections and communications methods, will need to be architected with flexibility to accommodate changing technology and scalability needs.
  • Understanding the myriad options available and where it makes sense to deploy cutting-edge vs. proven technologies, as well as edge computing and digital twins.
  • External consultants specializing in IoT may need to be engaged to make these complex solutions successful, and they also need to be skilled in facilitating discussions within teams to bring them to a common understanding.
  • Analysis skills and a data strategy will be key to successfully correlating data from multiple sources, and AI will be key to making sense of vast amounts of data available and be able to use it for predictive work. According to the Microsoft IoT Signals report of October 2020, “79% of organizations adopt AI as part of their IoT solution, and those who do perceive IoT to be more critical to their company’s success (95% vs. 82%) and are more satisfied with IoT (96% vs. 87%).“
Pie chart with two tiers titled 'Challenges to using IT'. The inner circle are challenge categories like 'Security', 'Lack of budget/staff', and the outer circle are the more specific challenges within them, such as 'Concerned about consumer privacy' and 'No human resources to implement & manage'.
(Source: Microsoft IoT Signals, Edition 2, October 2020 n=3,000)

Internet of Things Framework

Interoperability of multiple IoT systems and data will be required to maximize value.


What should I build? What are my concerns?
Where should I build it? Why does it need to be built?

Data quality
Sales, marketing
Product manufacturing
Service delivery



Customer facing Internal facing ROI
Deliberate misuse
Unintentional consequences
Right to informed consent
Active vs. passive consent
Profit vs. common good
Acceptable/fair use
Responsibility assignment
Autonomous action
Vendor ethical implications
Personal data
Customer data
Non-customer data
Public data
Third-party business data
Data rights/proprietary data
Vendor data
Profiling (Sharing/linkage of data sets)


How do I operate and maintain it?

    • Risk identification and assessment
    • Threat modeling – ineffective because of scale
    • Dumb, cheap endpoints without users
    • Massive attack surface
    • Data/system availability
    • Physical access to devices
    • Response to anonymized individuals
    • Internal
    • External
      NIST, SOC, ISO
    • Ethics
    • Regulatory
      Audit process
    • Industry best practices
    • Open standards vs. proprietary ones
    • Standardization
    • Automation
    • Vendor management
    • Platforms
    • Insourcing/outsourcing
    • Acquisition
    • Asset management
    • Patching
    • Data protection
    • Source image control
    • Software development lifecycle
    • Vendor management
    • Disposition/disposal


How should it be built?

Diagram with 'Physical World' 'Internet of Things Devices' on the left, connected to 'Virtual World' 'Central Compute (Cloud/Data Center)', 'Edge Computing', and 'Business Systems and Applications' via 'Data - data-verified= Data Normalization' from physical to virtual and 'Instructions' from virtual to physical.">

Insight summary

Real value to the business will come from insights derived from data

Many point solutions will solve many business issues and produce many data sets. Ensure your strategy includes plans on how to leverage data to further your organizational goals. A data specialist will make a significant difference in helping you determine how best to aggregate and analyze data to meet those needs.

Provide the right level of oversight to help the business adopt IoT

Regardless of who is initiating the request or installing the solution, it’s critical to have a framework that protects the organization and their data and a plan for managing the devices.

The business doesn’t always know what questions to ask, so it’s important for IT to enable them if moving to a business-led innovation model, and it’s critical to helping them achieve business value early.

Do a pre-implementation assessment to engage early and at the right level

Many IoT solutions are business- and vendor-led and are hosted outside of the organization or managed inside the business unit.

Having IT engage early allows the business to determine what level of support is appropriate for them, allows IT to ensure data integrity, and allows IT to ensure that security, privacy, and long-term operational needs are managed appropriately.

Blueprint deliverables

IoT Steering Committee Charter

Create a steering committee to improve success of IoT implementations

Sample of the IoT Steering Committee Charter.

IoT Solution Playbook

Create a framework to quickly evaluate IoT solutions to mitigate risks and increase success

Sample of the IoT Solution Playbook.

Blueprint benefits

IT Benefits

  • Aggregation of processes and data may have compelling implications for increasing effectiveness of the business, but this may also increase risk. A framework will help to drive value while putting in appropriate guardrails.
  • IoT use cases may be varied within many industries, and the use of many types of sensors and devices complicates management and maintenance. A common understanding of how devices will be tracked, managed, and maintained is imperative to IT securing their systems and data.
  • A pilot program to evaluate effectiveness and either reject or move forward with a plan to onboard the solution as quickly as possible will ensure quick time to value and enable immediate implementation of controls to meet operational and security requirements.

Business Benefits

  • Aggregation of many disparate groups of data can provide new insights into the way an organization interacts with its clients and how clients are using products and services.
  • As organizations innovate and new IoT solutions are introduced to the environment, solutions need to be evaluated quickly to determine if they’re going to meet the business case and then determine what needs to be put in place for technology, process, and policy to ensure success.
  • As new solutions are introduced, anyone who may be impacted through this new data-collection process will need to be informed and feel secure in the way information is analyzed and managed. This project will provide the framework to quickly assess the risks and develop a communications plan.

Evaluate digital transformation opportunities with these guiding principles for smart solutions

Problem & opportunity focus
  • Search for real problems to solve, with visible improvement possibilities
  • Don’t choose technology for technology’s sake
  • Keep an eye to the future
  • Strategic foresight
Piece by piece
  • Avoid the “Big Bang” approach
  • Test technologies in multiple conditions
  • Run inexpensive pilots
  • Increase flexibility
  • Technology ecosystem
User buy-in
  • Collaborate with the community
  • Gain and sustain support
  • Increase uptake of city technology
  • Crowdsource community ideas
Focus on real problems • Be a fast follower • Build a technology ecosystem

Info-Tech Insight

When looking for a quick win, consider customer journey mapping exercises to find out what it takes to do the work today, for example, map the journey to apply for a building permit, renew a license, or register a patient.

Measure the value of IoT

There is a broad range of solutions for IoT all designed to collect information and execute actions in a way designed to increase profitability and/or improve services. McKinsey estimates value created through interoperability will account for 40% to 60% of the potential value of IoT applications.

Revenue Generating
  • Production increases and efficiency
  • Reliability as data quality increases
  • New product development opportunities through better understanding of how your products are used
  • New product offerings with automated data collection and analysis of aggregated data
Improved outcomes
  • Improved wellness programs for employees and patients through proactive health management
    • Reduction in health care/insurance costs
    • Reduction in time off for illness
  • Reduction in human error
  • Improved safety – fewer equipment malfunction incidents
  • Sustainability – reduction in emissions
Increased access to data, especially if aggregating with other data sources, will increase opportunities for data analysis leading to more informed decision making.
Cost Avoidance
  • Cost efficiency – lower energy consumption, less waste, improved product consumption
  • Reliability – reduced downtime of equipment due to condition-based maintenance
  • Security – decrease in malware attacks
Operational Metrics
  • # supported devices
  • % of projects using IoT
  • % of managed systems
  • % of increase in equipment optimization

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation



"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 4 to 8 calls over the course of 2 to 4 months.

What does a typical GI on this topic look like?

Phase 1 Phase 2 Phase 3
Call #1: Determine steering committee members and mandates.

Call #2: Define process for meeting and assessing requests.

Call #3: Define the intake process.

Call #4: Define the role of the BRM & assessment criteria.

Call #5: Define the process to secure funding.

Call #6: Define assessment requirements for other IT groups.

Call #7: Define proof of value process.

Create and Implement an IoT Strategy

Phase 1

Define your governance process

Steering Committee

1.1 Define the committee’s roles and responsibilities in the IoT Steering Committee Charter

1.2 Define the IoT steering committee’s vision statement and mandates

1.3 Define procedures for reviewing proposals and roles and responsibilities

Intake Process

2.1 Define requirements for requesting new IoT solutions

2.2 Define procedures for reviewing proposals and projects – BA/BRM

2.3 Define procedures for reviewing proposals and projects – Data specialists

2.4 Define procedures for reviewing proposals and projects – Privacy & Security

2.5 Define procedures for reviewing proposals and projects – Infrastructure & Operations

2.6 Define service objectives and evaluation process

Proof of Value

3.1 Determine the criteria for running a proof of value

3.2 Define the template and process for running a proof of value

This phase will provide the following activities

  • Create the steering committee project charter
If a steering committee exists, it may be appropriate to define IoT governance under their mandate. If a committee doesn’t already exist or their mandate will not include IoT, consider creating a committee to set standards and processes and quickly evaluate solutions for feasibility and implementation.

Create an IoT steering committee to ensure value will be realized and operational needs will be met

The goals of the steering committee should be:

  • To align IoT initiatives with organizational goals. 
  • To effectively evaluate, approve, and prioritize IoT initiatives.
  • To approve IoT strategy & evaluation criteria.
  • To reinforce and define risk evaluation criteria as they relate to IoT technology.
  • To review pilot results and confirm the value achievement of approved IoT initiatives.
  • To ensure the investment in IoT technology can be integrated and managed using defined parameters.

Assemble the right team to ensure the success of your IoT ecosystem

Business stakeholders will provide clarity for their strategy and provide input into how they envision IoT solutions furthering those goals and how they may gain relevant insights from secondary data.

As IoT solutions move beyond their primary goals, it will be critical to evaluate the continually increasing data to mitigate risks of unintended consequences as new data sets converge. The security team will need to evaluate solutions and enforce standards.

CDO and analysts will assess opportunities for data convergence to create new insights into how your services are used.

Lightbulb with the word 'Value' surrounded by categories relative to the adjacent paragraph, 'Data Scientists', 'Security and Privacy', 'Business Leaders', 'IT Executives', 'Operations', and 'Infrastructure & Enterprise Architects'. IT stakeholders will be driving these projects forward and ensuring all necessary resources are available and funded.

Operational plans will include asset management, monitoring, and support to meet functional goals and manage throughout the asset lifecycle.

Each solution added to the environment will need to be chosen and architected to meet primary functions and secondary data collection.

Identify IoT steering committee participants to ensure broad assessment capabilities are available

  • The committee should include team members experienced enough to provide an effective assessment of IoT projects, and to provide input and oversight regarding business value, privacy, security, operational support, infrastructure, and architectural support.
  • A data specialist will be critical for evaluating opportunities to expand use of data and ensure data can be effectively validated and aggregated. Additional oversight will be needed to review aggregated data to protect against the unintended consequences of having data combined and creating personas that will identify individuals.
  • Additional experts may be invited to committee meetings as appropriate, and ideas should be discussed and clarified with the business unit bringing the ideas forward or that may be impacted by solutions.
  • Invite appropriate IT and business leaders to the initial meeting to gain agreement and form the governance model.

Determine responsibilities of the committee to gain consensus and universal understanding

Icon of binoculars. STRATEGIC
  • Define the IoT vision in alignment with the organizational strategy and mission.
  • Define strategy, policies and communication requirements for IoT projects.
  • Assess and bring forward proposals to utilize IoT to further organizational strategy.
Icon of a person walking up an ascending bar graph. VALUE
  • Define criteria for evaluating and prioritizing proposals and projects.
  • Validate the IoT proposals to ensure value drivers are understood and achievable.
  • Identify opportunities to combine data sets for secondary analysis and insights.
Icon of a lightbulb. RISK
  • Evaluate data and combined data sets to avoid unintended consequences.
  • Ensure security standards are adhered to when integrating new solutions.
  • Reinforce privacy regulations, policy, and communications requirements.
Icon of an arrow in a bullseye. RESOURCE
  • Identify and validate investment and resource requirements.
  • Evaluate technical requirements and capabilities.
  • Align IoT management requirements to operations goals within IT.
Icon of a handshake. PERFORMANCE
  • Assess validity of pilot project plan, including success criteria.
  • Identify corner cases to assess functionality and potential risks beyond core features.
  • Monitor progress, evaluate results, and ensure organizational needs will be met.
  • Evaluate pilot to determine if it will be moved into full production, reworked, or rejected.

IT leaders play a key role in implementing IoT successfully.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

You Get:

  • IoT guidance in three phases, a playbook, and a charter template.
  • Detailed guidance on defining your organization’s IoT vision and governance.
  • A deeper understanding of how to evaluate IoT solutions for proof of value and operational effectiveness.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 7 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Define your governance process.
  • Call 1: Determine steering committee members and mandates.
  • Call 2: Define process for meeting and assessing requests.

Guided Implementation 2: Define the intake and assessment process.
  • Call 1: Define the intake process.
  • Call 2: Define the role of the BRM & assessment criteria.
  • Call 3: Define the process to secure funding.
  • Call 4: Define assessment requirements for other IT groups.

Guided Implementation 3: Prepare for a proof of value.
  • Call 1: Define proof of value process.


Sandi Conrad


  • John Burwash, Senior Director, Executive Services, Info-Tech Research Group
  • Jennifer Jones, Senior Research Advisor, Industry, Info-Tech Research Group
  • Rajesh Parab, Research Director, Applications, Data & Analytics, Info-Tech Research Group
  • Scott Young, Principal Research Advisory, Infrastructure, Info-Tech Research Group
  • Aaron Shum, Vice-President, Security, Privacy & Risk, Info-Tech Research Group
  • Frank Sargent, Senior Director Practice Lead, Security, Privacy & Risk, Info-Tech Research Group
  • Rocco Rao, Director, Research Advisor, Industry, Info-Tech Research Group
  • 4 anonymous company contributors
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019