Get Instant Access
to This Blueprint

Infrastructure Operations icon

Create and Implement an IoT Strategy

Early intervention will improve success of IoT initiatives.

  • The business needs to move quickly to adopt new ways to collect and analyze data or automate actions. IoT may be the right answer, but it can be complex and create new challenges for IT teams.
  • Many of these solutions are implemented by vendors as point solutions, but more organizations are recognizing they need to bring the data in-house to start driving insights.
  • As IoT solutions become more common, the need to get more involved in securing and managing these solutions has become evident.

Our Advice

Critical Insight

  • The business is often engaging directly with vendors to better understand how they can benefit from these solutions, and IT is often brought in when the solution is ready to go live.
  • When IT isn’t involved early, there may be challenges around integrations, communications, and getting access to data.
  • Management becomes challenging as many devices are suddenly entering the environment, which need to be inventoried, added to lifecycle management practices, and secured.

Impact and Result

Info-Tech’s approach starts with assessing the proposed solutions to:

  • Ensure they will meet the business needs.
  • Understand data structure for integration to central data store.
  • Ensure privacy and security needs can be met.
  • Determine effort and technical requirements for integration into the infrastructure and appropriate onboarding into operations.

Create and Implement an IoT Strategy Research & Tools

1. Create and Implement an IoT Strategy Deck – A framework to assess and onboard IoT devices into your environment.

The storyboard will help to create a steering committee and a playbook to quickly assess IoT ideas to determine the best way to support these ideas, test them in Proof of concepts, when appropriate, and give the business the confidence they need to get the right solution for the job and to know that IT can support them long term.

2. Steering Committee Charter Template – Improve governance starting with a steering committee charter to help you clearly define the role of the steering committee to improve outcomes.

Create a steering committee to improve success of IoT implementations.

3. IoT Solution Playbook – Create an IoT playbook to define a framework to quickly assess new solutions and determine the best time and method for onboarding into your operational environment.

Create a framework to quickly evaluate IoT solutions to mitigate risks and increase success.


Create and Implement an IoT Strategy

Gain control of your IoT environment

Create and Implement an IoT Strategy

Gain control of your IoT environment

EXECUTIVE BRIEF

Table of Contents

Page Contents Page Contents
4 Analyst Perspective 27 Phase 2: Define the intake & assessment process
5 Executive Summary 29 Define requirements for requesting new IoT solutions
7 Common Obstacles 32 Define procedures for reviewing proposals and projects – BA/BRM
8 Framework 38 Define criteria for assessing proposals and projects – data specialists
9 Insight Summary 43 Define criteria for assessing proposals & projects – Privacy & Security
10 Blueprint deliverables 47 Define criteria for assessing proposals & projects – Infrastructure & Operations
11 Blueprint benefits 48 Define service objectives & evaluation process
13 Measure the value of IoT 49 Phase 3: Prepare for a proof of value
15 Guided Implementation 58 Create a template for designing a proof of value
16 Phase 1: Define your governance process 59 Communications
21 Define the committee’s roles & responsibilities 60 Research contributors and experts
23 Define the IoT steering committee’s vision statement and mandate 61 Related InfoTech Research
26 Define procedures for reviewing proposals and projects

Analyst perspective

IoT is an extremely efficient automated data collection system which produces millions of pieces of data. Many organizations will purchase point solutions to help with their primary business function to increase efficiency, increase profitability, and most importantly provide scalable services that cannot exist without automated data collection and analytical tools.

Most of the solutions available are designed to perform a specific function within the parameters of the devices and applications designed by vendors. As these specific use cases proliferate within any organization, the data collected can end up housed in many places, owned by each specific business unit and used only for the originally designed purpose. Imagine though, if you could take the health information of many patients, anonymize it, and compare overall health of specific regions, rather than focusing only on the patient record as a correlated point; or many data points within cities to look at pedestrian, bike, and vehicle traffic to better plan infrastructure changes, improve city plans, and monitor pollution, then compared to other cities for additional modeling.

In order to make these dramatic shifts to using many IoT solutions, it’s time to look at creating an IoT strategy that will ensure all systems meet strategic goals and will enable disparate data to be aggregated for greater insights. The act of aggregation of systems and data will require additional scrutiny to mitigate the potential perils for privacy, management, security, and auditability

The strategy identifies who stewards use of the data, who manages devices, and how IT enables broader use of this technology. But with the increased volume of devices and data, operational efficiency as part of the strategy will also be critical to success.

This project takes you through the process of defining vision and governance, creating a process for evaluating proposed solutions for proof of value, and implementing operational effectiveness.

Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group.

Sandi Conrad
Principal Research Director
Info-Tech Research Group

Executive Summary

Your Challenge

The business needs to move quickly to adopt new ways to collect and analyze data or automate actions. IoT may be the right answer, but it can be complex and create new challenges for IT teams.

Many of these solutions are implemented by vendors as point solutions, but more organizations are recognizing they need to bring the data in-house to start driving insights.

As IoT solutions become more prolific, the need to get more involved in securing and managing these solutions has become evident.

Common Obstacles

The business is often engaging directly with the vendors to better understand how they can benefit from these solutions, and IT is often brought in when the solution is ready to go live.

When IT isn’t involved early, there may be challenges around integrations, communications, and getting access to data.

Management becomes challenging as many devices are suddenly entering the environment, which need to be inventoried, added to lifecycle management practices, and secured.

Info-Tech’s Approach

Info-Tech’s approach starts with assessing the proposed solutions to:

  • Ensure they will meet the business need.
  • Understand data structure for integration to central data store.
  • Ensure privacy and security needs can be met.
  • Determine effort and technical requirements for integration into the infrastructure and appropriate onboarding into operations.

Early intervention will improve results. IoT is one of the biggest challenges for IT departments to manage today. The large volume of devices and lack of insight into vendor solutions is making it significantly harder to plan for upgrades and contract renewals, and to guarantee security protocols are being met. Create a multistep onboarding process, starting with an initial assessment process to increase success for the business, then look to derive additional benefits to the business and mitigate risks.

Your challenge

Scaling up and out from an IoT point solution is complicated and requires collaboration from stakeholders that may not have worked well together before
  • Point solutions may be installed and configured with support outsourced to vendors, where integrations may be light or non-existent.
  • Each point solution will be owned by the business, with data used for a specific purpose, and may only require infrastructure support from the internal IT department.
  • Operational needs must be met to protect the business’ investment, and without involving IT early, agreements may be signed that don’t meet long-term goals of high value at reasonable prices.
  • To fully realize value from multiple disparate systems, a cohesive strategy to bring together data will be required, but with that comes a need to improve technology, determine data ownership, and improve oversight with strengthened security, privacy, and communications.
  • Where IoT is becoming a major source of data, taking a piecemeal approach will no longer be enough to be successful.

IoT solutions may be chosen by the business, but to be successful and meet their requirements, a partnership with IT will ensure better communications with the service provider for a less stressful implementation with governance over security needs and protection of the organization’s data, and it will ensure that continual value is enabled through effective operations.

Pie chart titled 'IoT project success' with '12% Fully successful', '30% Mostly successful', '40% Mostly unsuccessful', and 'Not at all successful'.
(Source: Beecham Research qtd. in Software AG)

Common obstacles

These barriers make IoT challenging to implement for many organizations:
  • Solutions managed outside of IT, whether through an operational technology team or an outsourced vender, will require a comprehensive approach that encourages collaboration, common understandings of risk, and the ability to embrace change.
  • Technical expertise required will be broad and deep for a multi-solution implementation. Many types of devices, with varied connections and communications methods, will need to be architected with flexibility to accommodate changing technology and scalability needs.
  • Understanding the myriad options available and where it makes sense to deploy cutting-edge vs. proven technologies, as well as edge computing and digital twins.
  • External consultants specializing in IoT may need to be engaged to make these complex solutions successful, and they also need to be skilled in facilitating discussions within teams to bring them to a common understanding.
  • Analysis skills and a data strategy will be key to successfully correlating data from multiple sources, and AI will be key to making sense of vast amounts of data available and be able to use it for predictive work. According to the Microsoft IoT Signals report of October 2020, “79% of organizations adopt AI as part of their IoT solution, and those who do perceive IoT to be more critical to their company’s success (95% vs. 82%) and are more satisfied with IoT (96% vs. 87%).“
Pie chart with two tiers titled 'Challenges to using IT'. The inner circle are challenge categories like 'Security', 'Lack of budget/staff', and the outer circle are the more specific challenges within them, such as 'Concerned about consumer privacy' and 'No human resources to implement & manage'.
(Source: Microsoft IoT Signals, Edition 2, October 2020 n=3,000)

Internet of Things Framework

Interoperability of multiple IoT systems and data will be required to maximize value.

GOVERNANCE

What should I build? What are my concerns?
Where should I build it? Why does it need to be built?

DATA MODEL ——› BUSINESS OPERATING MODEL
Data quality
Metadata
Persistence
Lifecycle
Sales, marketing
Product manufacturing
Service delivery
Operations

|—›

BUSINESS USE CASE

‹—|
Customer facing Internal facing ROI
ˆ
|
ETHICS
Deliberate misuse
Unintentional consequences
Right to informed consent
Active vs. passive consent
Bias
Profit vs. common good
Acceptable/fair use
Responsibility assignment
Autonomous action
Transparency
Vendor ethical implications
ˆ
|
TECHNICAL OPERATIONAL MODEL
Personal data
Customer data
Non-customer data
Public data
Third-party business data
Data rights/proprietary data
Identification
Vendor data
Profiling (Sharing/linkage of data sets)

CONTROLS

How do I operate and maintain it?

  1. SECURITY
    • Risk identification and assessment
    • Threat modeling – ineffective because of scale
    • Dumb, cheap endpoints without users
    • Massive attack surface
    • Data/system availability
    • Physical access to devices
    • Response to anonymized individuals
  2. COMPLIANCE
    • Internal
    • External
      NIST, SOC, ISO
      Profession/industry
    • Ethics
    • Regulatory
      PII, GDPR, PIPEDA
      Audit process
  1. OPERATIONAL STANDARDS
    • Industry best practices
    • Open standards vs. proprietary ones
    • Standardization
    • Automation
    • Vendor management
  2. TECHNICAL OPERATIONAL MODEL
    • Platforms
    • Insourcing/outsourcing
    • Acquisition
    • Asset management
    • Patching
    • Data protection
    • Source image control
    • Software development lifecycle
    • Vendor management
    • Disposition/disposal

BRIDGING THE PHYSICAL WORLD AND THE VIRTUAL WORLD

How should it be built?

Diagram with 'Physical World' 'Internet of Things Devices' on the left, connected to 'Virtual World' 'Central Compute (Cloud/Data Center)', 'Edge Computing', and 'Business Systems and Applications' via 'Data - data-verified= Data Normalization' from physical to virtual and 'Instructions' from virtual to physical.">

Insight summary

Real value to the business will come from insights derived from data

Many point solutions will solve many business issues and produce many data sets. Ensure your strategy includes plans on how to leverage data to further your organizational goals. A data specialist will make a significant difference in helping you determine how best to aggregate and analyze data to meet those needs.

Provide the right level of oversight to help the business adopt IoT

Regardless of who is initiating the request or installing the solution, it’s critical to have a framework that protects the organization and their data and a plan for managing the devices.

The business doesn’t always know what questions to ask, so it’s important for IT to enable them if moving to a business-led innovation model, and it’s critical to helping them achieve business value early.

Do a pre-implementation assessment to engage early and at the right level

Many IoT solutions are business- and vendor-led and are hosted outside of the organization or managed inside the business unit.

Having IT engage early allows the business to determine what level of support is appropriate for them, allows IT to ensure data integrity, and allows IT to ensure that security, privacy, and long-term operational needs are managed appropriately.

Blueprint deliverables

IoT Steering Committee Charter

Create a steering committee to improve success of IoT implementations

Sample of the IoT Steering Committee Charter.

IoT Solution Playbook

Create a framework to quickly evaluate IoT solutions to mitigate risks and increase success

Sample of the IoT Solution Playbook.

Blueprint benefits

IT Benefits

  • Aggregation of processes and data may have compelling implications for increasing effectiveness of the business, but this may also increase risk. A framework will help to drive value while putting in appropriate guardrails.
  • IoT use cases may be varied within many industries, and the use of many types of sensors and devices complicates management and maintenance. A common understanding of how devices will be tracked, managed, and maintained is imperative to IT securing their systems and data.
  • A pilot program to evaluate effectiveness and either reject or move forward with a plan to onboard the solution as quickly as possible will ensure quick time to value and enable immediate implementation of controls to meet operational and security requirements.

Business Benefits

  • Aggregation of many disparate groups of data can provide new insights into the way an organization interacts with its clients and how clients are using products and services.
  • As organizations innovate and new IoT solutions are introduced to the environment, solutions need to be evaluated quickly to determine if they’re going to meet the business case and then determine what needs to be put in place for technology, process, and policy to ensure success.
  • As new solutions are introduced, anyone who may be impacted through this new data-collection process will need to be informed and feel secure in the way information is analyzed and managed. This project will provide the framework to quickly assess the risks and develop a communications plan.

Evaluate digital transformation opportunities with these guiding principles for smart solutions

Problem & opportunity focus
  • Search for real problems to solve, with visible improvement possibilities
  • Don’t choose technology for technology’s sake
  • Keep an eye to the future
  • Strategic foresight
Piece by piece
  • Avoid the “Big Bang” approach
  • Test technologies in multiple conditions
  • Run inexpensive pilots
  • Increase flexibility
  • Technology ecosystem
User buy-in
  • Collaborate with the community
  • Gain and sustain support
  • Increase uptake of city technology
  • Crowdsource community ideas
Recommendations:
Focus on real problems • Be a fast follower • Build a technology ecosystem

Info-Tech Insight

When looking for a quick win, consider customer journey mapping exercises to find out what it takes to do the work today, for example, map the journey to apply for a building permit, renew a license, or register a patient.

Measure the value of IoT

There is a broad range of solutions for IoT all designed to collect information and execute actions in a way designed to increase profitability and/or improve services. McKinsey estimates value created through interoperability will account for 40% to 60% of the potential value of IoT applications.

Revenue Generating
  • Production increases and efficiency
  • Reliability as data quality increases
  • New product development opportunities through better understanding of how your products are used
  • New product offerings with automated data collection and analysis of aggregated data
Improved outcomes
  • Improved wellness programs for employees and patients through proactive health management
    • Reduction in health care/insurance costs
    • Reduction in time off for illness
  • Reduction in human error
  • Improved safety – fewer equipment malfunction incidents
  • Sustainability – reduction in emissions
Increased access to data, especially if aggregating with other data sources, will increase opportunities for data analysis leading to more informed decision making.
Cost Avoidance
  • Cost efficiency – lower energy consumption, less waste, improved product consumption
  • Reliability – reduced downtime of equipment due to condition-based maintenance
  • Security – decrease in malware attacks
Operational Metrics
  • # supported devices
  • % of projects using IoT
  • % of managed systems
  • % of increase in equipment optimization

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 4 to 8 calls over the course of 2 to 4 months.

What does a typical GI on this topic look like?

Phase 1 Phase 2 Phase 3
Call #1: Determine steering committee members and mandates.

Call #2: Define process for meeting and assessing requests.

Call #3: Define the intake process.

Call #4: Define the role of the BRM & assessment criteria.

Call #5: Define the process to secure funding.

Call #6: Define assessment requirements for other IT groups.

Call #7: Define proof of value process.

Create and Implement an IoT Strategy

Phase 1

Define your governance process

Steering Committee

1.1 Define the committee’s roles and responsibilities in the IoT Steering Committee Charter

1.2 Define the IoT steering committee’s vision statement and mandates

1.3 Define procedures for reviewing proposals and roles and responsibilities

Intake Process

2.1 Define requirements for requesting new IoT solutions

2.2 Define procedures for reviewing proposals and projects – BA/BRM

2.3 Define procedures for reviewing proposals and projects – Data specialists

2.4 Define procedures for reviewing proposals and projects – Privacy & Security

2.5 Define procedures for reviewing proposals and projects – Infrastructure & Operations

2.6 Define service objectives and evaluation process

Proof of Value

3.1 Determine the criteria for running a proof of value

3.2 Define the template and process for running a proof of value

This phase will provide the following activities

  • Create the steering committee project charter
If a steering committee exists, it may be appropriate to define IoT governance under their mandate. If a committee doesn’t already exist or their mandate will not include IoT, consider creating a committee to set standards and processes and quickly evaluate solutions for feasibility and implementation.

Create an IoT steering committee to ensure value will be realized and operational needs will be met

The goals of the steering committee should be:

  • To align IoT initiatives with organizational goals. 
  • To effectively evaluate, approve, and prioritize IoT initiatives.
  • To approve IoT strategy & evaluation criteria.
  • To reinforce and define risk evaluation criteria as they relate to IoT technology.
  • To review pilot results and confirm the value achievement of approved IoT initiatives.
  • To ensure the investment in IoT technology can be integrated and managed using defined parameters.

Assemble the right team to ensure the success of your IoT ecosystem

Business stakeholders will provide clarity for their strategy and provide input into how they envision IoT solutions furthering those goals and how they may gain relevant insights from secondary data.

As IoT solutions move beyond their primary goals, it will be critical to evaluate the continually increasing data to mitigate risks of unintended consequences as new data sets converge. The security team will need to evaluate solutions and enforce standards.

CDO and analysts will assess opportunities for data convergence to create new insights into how your services are used.

Lightbulb with the word 'Value' surrounded by categories relative to the adjacent paragraph, 'Data Scientists', 'Security and Privacy', 'Business Leaders', 'IT Executives', 'Operations', and 'Infrastructure & Enterprise Architects'. IT stakeholders will be driving these projects forward and ensuring all necessary resources are available and funded.

Operational plans will include asset management, monitoring, and support to meet functional goals and manage throughout the asset lifecycle.

Each solution added to the environment will need to be chosen and architected to meet primary functions and secondary data collection.

Identify IoT steering committee participants to ensure broad assessment capabilities are available

  • The committee should include team members experienced enough to provide an effective assessment of IoT projects, and to provide input and oversight regarding business value, privacy, security, operational support, infrastructure, and architectural support.
  • A data specialist will be critical for evaluating opportunities to expand use of data and ensure data can be effectively validated and aggregated. Additional oversight will be needed to review aggregated data to protect against the unintended consequences of having data combined and creating personas that will identify individuals.
  • Additional experts may be invited to committee meetings as appropriate, and ideas should be discussed and clarified with the business unit bringing the ideas forward or that may be impacted by solutions.
  • Invite appropriate IT and business leaders to the initial meeting to gain agreement and form the governance model.

Determine responsibilities of the committee to gain consensus and universal understanding

Icon of binoculars. STRATEGIC
ALIGNMENT
  • Define the IoT vision in alignment with the organizational strategy and mission.
  • Define strategy, policies and communication requirements for IoT projects.
  • Assess and bring forward proposals to utilize IoT to further organizational strategy.
Icon of a person walking up an ascending bar graph. VALUE
DELIVERY
  • Define criteria for evaluating and prioritizing proposals and projects.
  • Validate the IoT proposals to ensure value drivers are understood and achievable.
  • Identify opportunities to combine data sets for secondary analysis and insights.
Icon of a lightbulb. RISK
OPTIMIZATION
  • Evaluate data and combined data sets to avoid unintended consequences.
  • Ensure security standards are adhered to when integrating new solutions.
  • Reinforce privacy regulations, policy, and communications requirements.
Icon of an arrow in a bullseye. RESOURCE
OPTIMIZATION
  • Identify and validate investment and resource requirements.
  • Evaluate technical requirements and capabilities.
  • Align IoT management requirements to operations goals within IT.
Icon of a handshake. PERFORMANCE
MANAGEMENT
  • Assess validity of pilot project plan, including success criteria.
  • Identify corner cases to assess functionality and potential risks beyond core features.
  • Monitor progress, evaluate results, and ensure organizational needs will be met.
  • Evaluate pilot to determine if it will be moved into full production, reworked, or rejected.

1.1 Exercise:
Define the committee’s roles & responsibilities in the IoT steering committee charter

1-3 hours

Input: Current policies and assessment tools for security and privacy, Current IT strategy for introducing new solutions and setting standards

Output: List of roles and responsibilities, High-level discussion points

Materials: Whiteboard/flip charts, Steering committee workbook

Participants: IT executive, Privacy & Security senior staff, Infrastructure & Operations senior staff, Senior data specialist, Senior business executive(s)

  1. Identify and document core and auxiliary members of the committee, ensuring all important facets of the IoT environment can be assessed.
  2. Identify and document the committee chair.
  3. Gain consensus on responsibilities of the steering committee.

Download the IoT Steering Committee Charter

Define the vision statement for the IoT committee to clarify mandate and communicate to stakeholders

The vision statement will define what you’re trying to achieve and how. You may have the statement already solidified, but if not, start with brainstorming several outcomes and narrow to less than 5 focus areas.

A vision statement should be concise and should be in support of the overall IT strategy and organizational mission. The vision statement will be used as a high-level guide for defining and assessing proposed solutions and evaluating potential outcomes. It can be used as a limiter to quickly weed out ideas that don’t fit within the mandate, but it can also inspire new ideas.

  • Support innovation
  • Enable the business
  • Enable operations for continual value

New York City has a broad plan for implementing IoT to meet several aspects of their overall strategy and subsequently their IT strategy. Their strategic plan includes several focus areas that will benefit from IoT:
  • A vibrant democracy
  • An inclusive economy
  • Thriving neighborhoods
  • Healthy lives
  • Equity and excellence in education
  • A livable climate
  • Efficient mobility
  • Modern infrastructure
Their overall mission is: “OneNYC 2050 is a strategy to secure our city’s future against the challenges of today and tomorrow. With bold actions to confront our climate crisis, achieve equity, and strengthen our democracy, we are building a strong and fair city. Join us.”

In order to accomplish this overall mission, they’ve created a specific IT vision statement: “Improve digital infrastructure to meet the needs of the 21st century.”

This may seem broad, and it includes not just IoT, but also the need to upgrade infrastructure to be able to enable IoT as a tool to meet the needs to collect data, take action, and better understand how people move and live within the city. You can read more of their strategy at this
link: http://onenyc.cityofnewyork.us/about/

1.2 Exercise:
Define the IoT steering committee’s vision statement and mandate

1 hour

Input: Organizational vision and IT strategy

Output: Vision statement

Materials: Whiteboard/flip charts, Steering committee workbook

Participants: Steering committee, which may include: IT executive, Privacy & Security senior staff, Infrastructure & Operations senior staff, Senior data specialist, Senior business executive(s)

  1. Starting with the organizational mission statement, brainstorm areas of focus with the steering committee and narrow down the statement.
  2. Make sure it’s broad enough to encompass your goals, but succinct enough to allow you to identify projects that don’t meet the vision.
  3. Test with a few existing ideas.
  4. Document in your steering committee charter.

Download the IoT Steering Committee Charter

Use the COPIS methodology to define your project review process

COPIS is a customer-focused methodology used to focus on the areas around the process, ensuring a holistic view starting with who the customer is and what they need, then building out the process and defining what will be required to be successful and who will be involved in fulfilling the work.

Customer

  • Executive leadership
  • Business leaders

Outputs

  • Risk assessment
  • Approvals to proceed
  • Pilot plan
  • Assessment to approve for production or reject

Process

  • Review proposals
  • Ask questions and discuss with proposer & committee
  • Review pilot & testing plan
  • Engage with IT Team to define requirements

Inputs

  • Request form including:
  • New idea
  • Business value defined
  • Data collected
  • Initial risk assessment
  • Implementation plan
  • Definition of success

Suppliers

  • IT operations team
  • Device and software vendors
  • IT leaders
  • Risk committee
Agenda & process flow



Determine where people will access request form Ending point
Sequence of right-facing arrows labelled 'Agenda & process flow'. Text in each arrow from left to right reads 'Confirm attendees required are in attendance', 'Review open action items', 'Assess new items', 'Assess prioritization', 'Review metrics & pilots in progress', 'Decisions & recommendations'.

Create a committee charter to ensure roles are clarified and mandates can be met

The purpose of the committee is to quickly assess and protect organizational interests while furthering the needs of the business

The committee needs to be seen as an enabler to the business, not as a gatekeeper, so it must be thorough but responsive.

The charter should include:
  • The vision to ensure clarity of purpose.
  • IoT mandates to focus the committee on assessment criteria.
  • Roles, responsibilities, and assignments to engage the right people who will provide the kind of guidance needed to ensure success.
  • Procedures to make the best use of each committee member’s time.
  • Process flow to guide evaluations to avoid unnecessary delays while reducing organizational risks.
Stock image of someone reading on a tablet.

1.3 Exercise:
Define procedures for reviewing proposals and projects

2-3 hours

Input: Schedules of committee members, Process documentation for evaluating new technology

Output: Procedures for reviewing proposals, Reference documentation for evaluating proposals

Materials: Whiteboard/flip charts, Steering committee workbook

Participants: Steering committee, which may include: IT executive, Privacy & Security senior staff, Infrastructure & Operations senior staff, Senior data specialist, Senior business executive(s)

  1. Discuss as a group how often you will meet for reviews and project updates. Which roles will have veto rights on project approvals?
  2. Define the intake process and requirements for scheduling based on average lead time to get the group together and preview documentation.
  3. Identify where process documentation already exists to use for evaluation of proposals and projects, and what needs to be created to quickly move from evaluation to action phases.
  4. Define basic rules of engagement.
  5. Define process flow using COPIS methodology as a framework. Note the different stages that may be part of the intake flow. Some business partners may bring solutions to IT, and others may just have an idea that needs to be solutioned.

Download the IoT Steering Committee Charter

Create and Implement an IoT Strategy

Phase 2

Define the intake and assessment process

Steering Committee

1.1 Define the committee’s roles and responsibilities in the IoT Steering Committee Charter

1.2 Define the IoT steering committee’s vision statement and mandates

1.3 Define procedures for reviewing proposals and roles and responsibilities

Intake Process

2.1 Define requirements for requesting new IoT solutions

2.2 Define procedures for reviewing proposals and projects – BA/BRM

2.3 Define procedures for reviewing proposals and projects – Data specialists

2.4 Define procedures for reviewing proposals and projects – Privacy & Security

2.5 Define procedures for reviewing proposals and projects – Infrastructure & Operations

2.6 Define service objectives and evaluation process

Proof of Value

3.1 Determine the criteria for running a proof of value

3.2 Define the template and process for running a proof of value

This phase will provide the following activities

  • Define requirements for requesting new IoT solutions
  • Define procedures for review proposals and projects
  • Define service objectives and evaluation process for reviewing proposals and projects

Determine what information is necessary to start the intake process

To encourage your business leaders to engage IT in evaluating and appropriately supporting the solution, start with an intake process that is simple and easily populated with business information.
  • Review intake forms from the PMO or build your own from the IoT Solution Playbook:
  • Start by asking for a clear picture of the solution. Ensure the requester can clearly articulate the business benefit to the solution, including what issues are being resolved and what success looks like.
  • Requesters may not be expected to seek out all relevant information to make the decision.
    • Consider providing a business analyst (BA) to assist with data gathering for further assessment and to launch the review process.
    • Review may require additional steps if it is not clear the proposed solution will perform as expected and could include conversations with the vendor or a determination that a full requirements-gathering process may need to be done.
  • Typically, a BA will launch the review process to have appropriate experts assess the feasibility of the solution; assess regulatory, privacy, and security concerns; and determine the level of involvement needed by IT and the project managers.
  • Have options for different starting points. Some requesters may be further along in their research as they know exactly what they want, while others will be early in the idea stage. Don’t discourage innovation by creating more work than they’re able to execute.

Business goals and benefits are important to ensure the completed solution meets the intended purpose and enables appropriate collection, analysis, and use of data in the larger business context.

Ongoing operational support and service need to be considered to ensure ongoing value, and adherence to security and privacy policies is critical.

2.1 Exercise:
Define requirements for requesting new IoT solutions

1 hour

Input: Business requirements for requesting IT solutions

Output: Request form for business users, Section 1 of the IoT Solution Playbook

Materials: Whiteboard/flip charts, IoT Solution Playbook

Participants: Steering committee, which may include: IT executive, Privacy & Security senior staff, Infrastructure & Operations senior staff, Senior data specialist, Senior business executive(s)

  1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
  2. Determine requirements for initiating an assessment.
    1. Will a business case be necessary to start, or can the assessment feed into the business case?
    2. How can you best access the work already done by the requester to not start over?
    3. Determine the right questions to understand how they will define success to ensure this solution will do what they need.
    4. Do you need a breakdown of the way they do the job today?
    5. What level of authorization needs to be on the request to move forward?
  3. Try to balance the effort of the requester against their role. Don’t expect them to investigate solutions beyond the business value.
  4. Provide them with a means to provide you any information they have gathered, especially if they have already spoken to vendors.

Download the IoT Solution Playbook

Define what role the BA or BRM will play to support the request process

Identify questions that will need to be answered in order to assess if the solution will be fit for purpose, to help build out business cases, and to enable the appropriate assessments and engagement with project managers and technical teams.
  • Project sponsorship is key to moving the project ahead. Ensure the project sponsor and business owner will be in alignment on the solution and business needs.
  • Note any information that will help to prioritize this project among all other requests. This will feed into implementation timing and the project management needs, resourcing, and vendor engagement required.
  • Determine if a proof of value would be an asset. A proof of value can be time consuming, but it can mitigate the risks of large-scale failures.
  • Ask about data collection and data type, which will be a major part of the assessment for the data team and for security, privacy, infrastructure, and operational assessments.
  • Determine if any actions will need to be taken, which might include data transfer, notifications and alerts, or others. This may require additional discussions on actuators, RPA, data stores, and integrations.
  • Determine if any automation will be part of the solution, as this will help to inform future discussions on power, connectivity, security, and privacy.

Download the blueprint Embed Business Relationship Management in IT if you need help to support the business in a more strategic manner.

Info-Tech Insight

Understanding the business issue more deeply can help the business analyst determine if the solution needs a review of business process as well as helping to build out the requirements well enough to improve chances of success.

The BA should be able to determine initial workload and involvement of project managers and evaluators.

Clearly articulate the business benefits to secure funding and resources

If the business users need to build a business case, the information being collected will help to define the value, estimate costs, and evaluate risk

IoT point solutions can be straightforward to articulate the business benefits as they will have very specific benefits which will likely fit into one of these categories:
  • Financial – to increase profitability or reduce costs through predictive maintenance and efficiency.
  • Business Development – innovation for new products, services, and methodologies
  • Improve specific outcomes – typically these will be industry specific, such as improved patient health care, reduced traffic congestion or use of city resources, improved billing, or fire prevention for utility companies.

As you start to look at the bigger picture of how these different systems can bring together disparate data sets, the benefits will be harder to define, and the costs to implement this next level of data analysis can be daunting and expensive.

This doesn’t necessitate a complete alignment of data collection purposes; there may be benefits to improving operations in secondary areas such as updating HVAC systems to reduce energy costs in a hospital, though the updated systems may also include sensors to monitor air quality and further improve patient outcomes.

In these cases, there may be future opportunities to use this data in unexpected ways, but even where there aren’t, applying the same standards for security, privacy, and operations should apply.

Table titled 'Increasing productivity through efficiency and yield are the top benefits organizations expect to see from IoT implementations' with three columns, one for type of benefit (ie efficiency, yield, quality, etc), one for different IoT implementations and one for percent increase.
(Microsoft IoT Signals Report 2020, n= 3,000 IT Professionals)

2.2 Exercise – BA/BRM: Define procedures for reviewing proposals and projects

1 hour

Input: Process documentation for evaluating new technology, Business case requirements

Output: Interview questions and assessment criteria for BA/BRM

Materials: Whiteboard/flip charts, IoT Solution Playbook

Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive(s), Senior data specialist, Senior business executive(s)

  1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
  2. Identify the questions that will need to be asked of the business to determine whether the request will be fit for purpose.
  3. Additional questions may help to:
    1. Identify project sponsors to determine if requirements are defined or need to be, and who will champion this project through to implementation.
    2. Identify what additional work will be needed for you to shepherd the project through the various stage gates.
    3. Identify any prioritization criteria including business-specific milestones and outcomes.
  4. Document when a formal business case needs to be created.

Download the IoT Solution Playbook

Assess the vendor’s solution for accessibility to ensure data will be available and useable

Data governance, including stewardship and ownership; lineage; and the ability to scale, deduplicate, normalize, validate, and aggregate disparate data will be critical to being able to analyze data to execute on strategic goals.

If your organization isn’t poised to manage and make the best use of the data, see Info-Tech’s related blueprints:

Relevant Research: Diagnostic:
Data ownership is important to establish early on, as the owner(s) will be accountable for how data is used and accessed. Data needs to be owned by the organization (not the vendor) and needs to be accessible for:
  • Regulatory compliance.
  • Data quality and validation.
  • Data normalization.
  • Data aggregation and analysis.
Vendor assessments need to investigate how data will be accessed, where data is normalized and how data will be validated.
Data validation will have different levels of importance depending on the use case. Where data validation is critical, there may be a need to double up sensors in key areas, validate against adjacent sensors, better understand how and where data will be collected.
  • Infrared sensors may include intelligence to count people or objects.
  • Cameras might require manual counts but may provide better images.
  • Good quality images may require technology to distort faces for privacy.
If data validation will include non-sensor data, such as validation against a security access database or visitor log, access to the data for validation may be required in near real time.

Determine how often you need to access and download data

Requirements will vary depending on whether sensors are collecting data for later analysis or if they are actuators that need to process data at the source.

Determine where the data will reside and how it will be structured. If it will be open and controlled within your own environment, confer with your data team to ensure the solution is integrated into your data systems. If, however, the solution is a point solution which will be hosted by the vendor, understand who will be normalizing the data and how frequently you can export or transfer it into your own data repository. If APIs will need to be installed to enable data transfer, work with the vendor to test them.

Self-contained or closed solutions may be quick to install and configure and may require minimal technical support from within your own IT team, but they will not provide visibility to the inner workings of the solution. This may create issues around integration and interoperability which could limit the functionality and usability beyond the point solution.

If the solution chosen is a closed system, determine how you will need to interact with the vendor to gain access to the data. Interoperability may not be an option, so work with the vendor to set up a regular cadence for accessing the data.

Questions for the vendor could include:

  1. How often can we access the data? Will the vendor push it on a regular basis? Is it on demand?
  2. Or will we need to pull the data? Is there an API?
  3. Will the data be normalized?
  4. Will the data be transferred, or will the vendor keep a historical record?
  5. Are there additional fees for archiving or for data extraction?
Stock image of a large key inserted into the screen of a laptop.

Identify whether digital twins are needed

Create a virtual world to safely test and fail without impacting the real-world applications.

As actuators are processing information and executing actions, there may be a benefit to assess the effectiveness and impact of various scenarios in a safe environment. Digital twins enable the creation of a virtual world to test these new use cases using real world scenarios.

These virtual replicas will not be necessary for every IoT application as many solutions will be very straightforward in their application. But for those complex systems, such as smart buildings, smart cities and mechanically complex projects, digital twins can be created to run multiple simulations to aid in business continuity planning, performance assessments, R&D and more.

Due to the expense and complexity of creating a full digital twin, carefully weighing the benefits, and identifying how it will be used, can help to build the business case to invest in the technology. Without the skills in house, reliance on a vendor to create the model and test scenarios will likely be part of the overall solution.

The assessment will also include understanding what data will be transferred into the model, how often it will be updated, how it will be protected and who will need to be involved in the modeling process.

Download the blueprint: Double Your Organization’s Effectiveness With a Digital Twin. if you need more information on how to leverage digital twin technology.

Stock image of a twin mirroring the original person's action.

To fully realize value in IoT, think beyond single use case solutions to leverage the data collected

Expertise in data analysis will be key to moving forward with an enterprise approach to IoT and the data it produces.
  • A single IoT solution can add hundreds of sensors, collecting a wide variety of data for specific purposes. If multiple solutions are in place, there may be divergent data sets that may never be seen by anyone other than their specific data stewards.
  • Many organizations have started out with one or two solutions that support their primary business and may include some more mature offerings such as HVAC systems, which have used sensors for years. However, not all data is used today. In many cases, data is used for anomaly detection to improve operations, and only the non-standard information is used for alerting. McKinsey estimates less than 1% of data is used in these applications, with the remaining data stored or deleted, rather than used for optimization and predictive analysis.
  • Thinking beyond the initial use cases, there may be opportunities to create new services, improve services for existing products, or improve insights through analysis of juxtaposed data.
  • McKinsey reports up to $11.1 trillion a year in economic value may be possible by 2025 through the linking of the physical and digital worlds. Personal devices and all industries are potential growth areas – though factories and anywhere that could use predictive maintenance, cities, retail, and transportation will see the largest probable increases. Interoperability was identified as being required to maximize value, accounting for 40% to 60% of the potential value of IT applications.
  • Where data is used to correct and control anomalies, very little data is retained and used for optimization or predictive analysis. By taking a deliberate approach to normalize, correlate, and analyze data, organizations can gain insight into the way their products are used, benefit from predictive maintenance, improve health care, reduce costs, and more.
(Source: McKinsey, 2015)

By 2025 an estimated data volume of 79.4 zettabytes will be attributed to connected IoT devices. (Statistia)

Build data governance and analysis into your strategy to find new insights from correlating new and existing data

As a point solution, IoT provides a means to collect large amounts of data quickly and act. When determining the use case for IoT and best fit solutions, it’s important to think about what data needs to be collected and what actions will need to be coordinated. As the need for more than just a few IoT solutions surfaces, the complexity and potential usefulness of data increases. This can lead to significant changes to the scope of data collection, storage, and analysis and may lead to unintended consequences.
  • Some industries, such as governments looking to build smart cities, will have a very broad range of opportunities for IoT devices, as well as high levels of difficulty managing very disparate systems; other industries, such as healthcare, will have very focused prospects for data collection and analysis.
  • In any case, the introduction of new IoT solutions can create very large amounts of data quickly, and if used only for a single purpose, there may be lost opportunity for expanding use of data to better understand your product, customers, or environment.
  • Don’t limit analysis to only IoT-collected data, as this can be consolidated with other sources for validation, enhancement, and insights. For example, fleet transponders can be connected to travel logs and dispatch records for validation and evaluation of fuel and resource consumption.
  • Determine the best time and methods for consolidation and normalization; consider using data consolidation vendors if the expertise is not available in-house.
  • As data combines, there may be unintended consequences of unique anonymous identifiers combining to identify employees or customers, and the potential for privacy breeches will need to be evaluated as all new systems come on-line.

“We find very little IoT data in real life flows through analytics solutions, regardless of customer size. Even in the large organizations, they tend to build at-purpose applications, rather than creating those analytical scenarios or think of consolidating the IoT data in a data lake like environment.” (Rajesh Parab, Info-Tech Research Group)

2.3 Exercise – data specialists: Define criteria for assessing proposals and projects

1-2 hours

Input: Process documentation for evaluating new technology, Data governance documents

Output: Interview questions and assessment criteria for data specialists

Materials: Whiteboard/flip charts, IoT Solution Playbook

Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

  1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
  2. Identify the questions that will need to be asked of the solution to ensure data governance and accessibility needs will be met.
  3. Additional questions may help to:
    1. Identify data owners or stewards to determine who will have authority over data and ensure their needs will be met.
    2. Identify what additional work will be needed for the data team to access, validate, normalize, and centralize data.
    3. Identify any concerns that will identify the solution as unviable.
    4. Identify any risks to data accessibility which will require mitigation.

This initial review is designed to identify risks to data ownership or integrity and ensure data is available for additional uses as deemed appropriate to the organizational goals. This assessment is designed to find major flaws and to mitigate and integrate should the project be approved as viable.

Download the IoT Solution Playbook

Security assessments will need to include risk reviews specific to IoT

The increase of data collectors and actuators creates a large attack surface that could easily provide an entry point for hackers to connect into an organization’s network. Assess existing protocols and risk registry to ensure all IoT systems are reviewed for security threats.

The significant increase in devices and applications will require a review of security practices related to IoT to understand and mitigate risks. Even if the data collected is not considered integral to the business, such as with automated HVAC systems or an aquarium monitoring system, the devices can provide an entry point to access the network.

IoT and ICS devices are functionally diverse and may include more mature solutions that have been acquired many times over. There are a wide variety of protocols that may not be recognized by vulnerability scanners as safe to operate in your environment. Many of these solutions will be agentless and may not be picked up by scanners on the network. Without knowing these devices exist or understanding the data traffic patterns, protecting the devices, data, and systems they’re attached to becomes challenging.

Discovery and vulnerability scanners tuned specifically for IoT to look for and allow unusual protocols and traffic patterns will enable these devices to operate as designed without being shut down by vulnerability scanners protecting more traditional devices and traffic on an IT network. Orphaned devices can be found and removed. Solutions that will provide detailed asset inventories and network topologies will improve vulnerability detection.

Systems that are air gapped or completely segregated may provide a layer of protection between IoT devices and the corporate network, but this may create additional difficulties in vulnerability assessment, identifying and responding to active threats, or managing the operational side. Additionally, if there are still functional connections between these systems for traffic to flow back to central repositories, operational systems, or remote connections, there are still potential threats.

If security controls are not yet documented, see Info-Tech’s related blueprints:

Relevant Research: Diagnostic:

Align risk assessments to your existing risk registry, to quickly approve low-risk solutions and mitigate high risk

Work with the business owner to understand how these systems are designed to work. Tracking normal patterns of behavior and traffic flow may be key to fine-tuning security settings to accommodate these solutions and prevent false positive shutdowns, especially if using automated remediation. Is the business owner identified, and will they be accessible throughout the lifecycle of the solution?

Physical security: Will these systems be accessible to the public, and can they be secured in a way to minimize theft and vandalism? Will they require additional housing or waterproofing? Could access be completely secured? For example, could anyone access and install malware on a disconnected camera’s SD card?

Security settings: For ease of service and installation, a vendor may use default security settings and passwords. This can create easy access for hackers to access the network and access sensitive data. Is there a possibility of IP theft though access by sensors? Determine who will have remote access to the system, and if the vendor will be supporting the system, will they be using least privilege or zero trust models? Determine their adherence to your security policy.

Internet and network access and monitoring: Review connectivity and data transmission requirements and whether these can be accommodated in a way that balances security with operational needs. Will there be a need for air gapping, firewalls, or secure tunnelling, and will these solutions allow for discovery and monitoring? Can the vendor guarantee there are no back doors built into the code? Will the system be monitored for unauthorized access and activity, and what is the response process? Can it be integrated into your security operations center?

Failover state: IoT devices with actuators or that may impact health and safety will need to be examined. Can you ensure actions in event of a failure will not be negatively impactful? For example, a door that locks on failover and cannot be opened from the inside will create safety risks; however, a door that opens on failover could result in theft of property or IP. Who controls and can access these settings?

Firmware updates: Assess the history of updates released by the vendor and determine how these updates are sent to the devices and validated. Ensure the product has been developed using trusted platforms with security lifecycle models. Many devices will have embedded security solutions. Ensure these can be integrated into organizational security solutions and risk mitigation strategies.

Enterprise IoT strategy will require a focus on privacy and risk

Data aggregation creates new privacy concerns as data may be used outside of the original project parameters. The change of scope will need to be evaluated to determine personally identifiable information and what new issues it can create for the program, organization, and your audience.

As a point solution, IoT provides a means to collect large amounts of data and, if actuators are completing tasks, act quickly. When determining the use case for IoT and best fit solutions, it’s important to think about what data needs to be collected and what actions will need to be coordinated.

As the need for more than just a few IoT solutions surfaces, the complexity and potential usefulness of data increases. This can lead to significant changes to the scope of data collection, storage, and analysis, and may lead to unintended consequences.

Questions to ask your vendors:
  1. Where may there be physical access to sensors and a possibility of theft, and can the data be encrypted?
  2. What type of information is captured by sensors and stored in the solution?
  3. Where is personally identifiable information captured, and where is it stored? How will you meet regulatory requirements such as GDPR? Where does the data fit within existing retention policies, and how long should it be kept?
  4. Will there be a need to post signage or update privacy statements in response to the information being collected?

If data classification, privacy, and security controls are not yet documented, see Info-Tech’s related blueprints:

Relevant Research:

Don’t make assumptions about the type of data gathered with devices – ask the vendor to clearly state how and what is collected

Carefully review how this information can be used by machine learning, in combination with other solutions, and if there is a possibility of unintended consequences that will create issues for your customers and therefore your own data sets.

Look for ways of capturing information that will meet your business requirements while mitigating risk of capturing personally identifiable information. Examples would be LiDAR to capture movement instead of video, or AI to blur faces or license plate numbers at time of image capture.

This chart identifies data collected by smartphone accelerometers which could be used to identify and profile an individual and understand their behaviors.

Mobile device accelerometer data

Table of Mobile device accelerometer data with columns 'Detection of sound vibrations', 'Body movements', and 'Motion trajectory of the device', and a key for color-coding labelling purple items as 'Health', yellow items as 'Personality traits, moods & emotions', and green items 'Identification'.
Overview of sensitive inferences that can be drawn from accelerometer data. (Source: Association for Computing Machinery, 2019.)

2.4 Exercise – Privacy & Security specialists: Define criteria for assessing proposals and projects

1-2 hours

Input: Process documentation for evaluating new technology, Data governance documents

Output: Interview questions and assessment criteria for Privacy & Security specialists

Materials: Whiteboard/flip charts, IoT Solution Playbook

Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

  1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
  2. Identify the questions that will need to be asked of the solution to ensure security and privacy needs will be met.
  3. Additional questions may help to:
    1. Identify biggest risks created by a large influx of sensors and additional vendors.
    2. Identify options for mitigating risks for privacy and regulatory requirements.

This initial review is designed to identify risks to data ownership or integrity and ensure data is available for additional uses as deemed appropriate to the organizational goals. This assessment is designed to find major flaws and to mitigate and integrate should the project be approved as viable.

Download the IoT Solution Playbook

Review infrastructure requirements to proactively engage with vendors

A modernized architecture will provide needed flexibility for onboarding new IoT solutions as well as providing the structure to collect, transport, and house data; however, not everything will be on the network. Knowing requirements for integrations, communications, and support will eliminate surprises during implementation.

The supporting applications will be collecting and analyzing data for each of these solutions, with most being hosted on public clouds or privately by the vendor. Access to the applications for data collection may require APIs or other middleware to transfer data outside of their application. Data transfer may be unimportant if the data collected will stand alone and never be integrated to other systems, but it will be critical if IoT plans include retrieving, aggregating, and analyzing data from most systems. If these systems are closed, determine the process to get this information, whether it’s through scheduled exports or batch transfers.

Determine if data will be backed up by the vendor or if backups are the responsibility of your team. Work with the business owner to better understand business continuity requirements to plan appropriately for data transmission, storage, and archiving.

Network and communications will vary dramatically depending on where sensors and actuators are located. On-premises solutions may rely on Wi-Fi on your network or may require an air-gapped or segregated network. External sensors may rely on public Wi-Fi, cellular, or satellite, and this may impact reliability and serviceability. If manual data collection is required, such as collecting SD cards on trail cams, who will be responsible, and will they have the tools and data repository they need to upload data manually? Are you able to work with the vendor to estimate traffic on these networks, and how will that impact costs for cellular or satellite service?

Investigate power requirements. On-premises solutions may require additional wiring, but if using wind or solar, what is the backup? If using batteries, what is the expected lifespan? Who will be monitoring, and who will be changing the batteries?

Determine monitoring requirements. Who should be responsible for performance monitoring, outages, data transmission, and validation? Is this a vendor premium service or a process to manage in-house? If managed by the vendor, discuss required SLAs and their ability to meet them.

If your organization is dealing with technical debt and older architecture which could prevent progress, see Info-Tech’s related blueprints to build out the foundation.

Relevant Research:

Determine operational readiness to support and secure IoT solutions

Availability and capacity planning, business continuity planning, and management of all operational and support requirements will need to be put in place. Execution of controls, maintenance plans, and operational support will be required to mitigate risks and reduce value of the solutions.

One of the biggest challenges organizations that have already adopted IoT face is management of these systems. Without an accurate inventory, it’s impossible to know how secure the IoT systems are. Abandoned sensors, stolen cameras, and old and unpatched firmware all contribute to security risks.

Existing asset management solutions may provide the right solution, but they are limited in many cases by the discovery tools in place. Many discovery tools are designed to scan the network and may not have access to segregated or air-gapped networks or a means to access anything in the cloud or requiring remote access. Evaluate the effectiveness of current tools, and if they prove to be inadequate, look for solutions that are geared specifically to IoT as they may provide additional useful management capabilities.

IoT management tools will provide more than just inventory. They can discover IoT devices in a variety of environments, possibly adding micro-agents to access device attributes such as name, type, and date of build, and allowing metadata and tags to be added. Additionally, these solutions will provide the means to deploy firmware updates, change configuration settings, send notifications if devices are taken offline, and run vulnerability assessments. Some may even have diagnostics tools for troubleshooting and remediation.

If operational processes aren’t in place, see Info-Tech’s related blueprints to build out the foundation.

Relevant Research: Diagnostic:

Identify what needs to happen to onboard these solutions into your support portfolio

Evaluate support options to determine the best way to support the business. Even if support is completely outsourced, a support plan will be critical for holding vendors to account, bringing support in-house if support doesn’t meet your needs, and understanding dependencies while navigating through incidents and problem- and change-enablement processes.

Regular maintenance for your team may include battery swaps, troubleshooting camera outages or intermittent sensors, or deploying patches. Understand the support requirements for the product lifecycle and who will be responsible for that work. If the vendor will be applying patches and upgrading firmware, get clarity on how often and how they’ll be deployed and validated. Ask the vendor about support documentation and offerings.

Determine the best ways of collecting inventory on the solution. Determine what the solution offers to help with this process; however, if the project plan requires specific location details to add sensors, the project list may be the best way to initially onboard the sensors into inventory.

Determine if warranty offerings are an appropriate solution for devices in each project, to schedule and record appropriate maintenance details and plan replacements as sensors reach end of life. Document dependencies for future planning.

Stock image of an electrical worker fixing a security camera.

2.5 Exercise – Infrastructure & Operations specialists: Define criteria for assessing proposals and projects

1-2 hours

Input: Process documentation for evaluating new technology, Data governance documents

Output: Interview questions and assessment criteria for Infrastructure & Operations specialists

Materials: Whiteboard/flip charts, IoT Solution Playbook

Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

  1. Review template for the IoT Solution Playbook to ensure it meets your needs; modify as necessary.
  2. Identify the questions that will need to be asked of the solutions to ensure the solutions can be integrated into the existing environment and operational processes.
  3. Additional questions may help to:
    1. Reduce risks and project failures from solutions that will be difficult to integrate or secure.
    2. Improve project planning for projects that are often driven by the vendor and the business.
    3. Reduce operational risks due to lack of integration with asset and operational processes.

This initial review is designed to identify risks to data ownership or integrity and ensure data is available for additional uses as deemed appropriate to the organizational goals. This assessment is designed to find major flaws and to mitigate and integrate should the project be approved as viable.

Download the IoT Solution Playbook

2.6 Exercise: Define service objectives and evaluation process

1 hour

Input: List of criteria in the playbook, Understanding of resource availability of solution evaluators

Output: Steering committee criteria for progressing projects through the process

Materials: Whiteboard/flip charts, IoT Steering Committee Charter workbook

Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

Now that you’ve defined the initial review requirements, meet as a group once more to finalize the process for reviewing requests. Look for ways to speed the process, including asynchronous communications and reviews. Consider meeting as a group for any solutions that may be deemed high risk or highly complex.

  1. Agree on what can be identified as a reasonable SLA to respond to the business on these requests.
  2. Agree on methods of communication between committee members and the business.
  3. Determine the criteria for determining when a proof of value should be initiated, and who will lead the process.

Download the IoT Steering Committee Charter

Create and Implement an IoT Strategy

Phase 3

Prepare for a Proof of Value

Steering Committee

1.1 Define the committee’s roles and responsibilities in the IoT Steering Committee Charter

1.2 Define the IoT steering committee’s vision statement and mandates

1.3 Define procedures for reviewing proposals and roles and responsibilities

Intake Process

2.1 Define requirements for requesting new IoT solutions

2.2 Define procedures for reviewing proposals and projects – BA/BRM

2.3 Define procedures for reviewing proposals and projects – Data specialists

2.4 Define procedures for reviewing proposals and projects – Privacy & Security

2.5 Define procedures for reviewing proposals and projects – Infrastructure & Operations

2.6 Define service objectives and evaluation process

Proof of Value

3.1 Determine the criteria for running a proof of value

3.2 Define the template and process for running a proof of value

This phase will provide the following activities

  • Create proof of value criteria
  • Create proof of value template

A proof of value can quickly help you prove value or fail fast

Investing a small amount of time and money up front will validate the possibility of your proposed solution.

A proof of value will require a vision and definition of your criteria for success, which will be necessary to determine if the project should go ahead. It should take no longer than three months and may be as short as a week.

When should you run a proof of value?

  • When it is difficult to confirm that the solution is fit for purpose.
  • When the value of the solution is indeterminate.
  • When the solution is early in its lifecycle and not widely proven in the marketplace.
  • When scalability is questionable or unproven.
  • When the solution requires customization or configuration.

Info-Tech Insight
Where a solution is well known in the market, requires minimal customization, and is proven to be fit for purpose, a shorter evaluation or conversations with reference clients or partners may be all that is necessary.

Table titled 'Reasons IoT proof of value projects fail'. There is a column for type of project (ie Scaling, Business, etc), one for reasons, and one for percentages.
(Microsoft IoT Signals Report 2020, n= 3,000 IT Professionals)

3.1 Exercise: Define the criteria for running a proof of value

1 hour

Input: Agreement of steering committee members to create a process to mitigate risk for complex solutions.

Output: Proof of value template for use as appropriate to evaluate IoT solutions.

Materials: IoT Solution Playbook

Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

  1. As a group, review the circumstances for when to run a proof of value.
  2. Determine who will help to build the proof of value plan.
  3. Determine requirements for participation in the proof of value process. Consider project size, complexity and risk and visibility.

Download IoT Solution Playbook

Design your proof of value to test the viability of the solution

Engage the right stakeholders early to gather feedback and analysis and determine suitability

Determine the proof of value methodology to ensure plan allows for fast testing
  • Go back to the original request: What are the goals for implementing this solution? Has this been clearly defined with criteria for success?
  • Define the technical team that will configure the solution, including vendors and technicians. Ensure the vendor fully understands your use cases and goals. Identify the level of support you’ll need to be implement and assess the solution.
  • Define the testing team, including technical and business users. Complete a journey map if needed to define the use case(s) at the right level of detail.
  • Ensure the test use case(s) have been defined and they all agree on the definition of success.
  • Make sure the team is available to do the testing and provide feedback, as high adoption will improve feedback which will be critical to successfully implementing the full solution.
  • Determine how to evaluate scalability with process, resources, and capacity.
  • Evaluate the risks and obstacles to reject the solution or mitigate and prevent scope creep.
  • Evaluate the vendor’s roadmap, training materials, and technical support options.

Info-Tech Insight

Additional information on building out a process for testing new technology can be found in the blueprint: Exploit Disruptive Infrastructure Technology.

“Although scope creep is not the only nemesis a project can have, it does tend to have the farthest reach. Without a properly defined project and/or allowing numerous changes along the way, a project can easily go over budget, miss the deadline, and wreak havoc on project success.” (University Alliance, Villanova University)

Define your objectives for the proof of value

Referencing documents submitted to the committee, continue to refine the problem statement.

Objectives are a key first step to show the solution will meet your needs.
  • Every technology is designed to solve a problem faced by somebody somewhere. For each technology that your team has decided to move forward with, identify and clearly state the problem it would solve.
  • A clear problem statement is a crucial part of a new technology’s business case. It is impossible to earn buy-in from the rest of the organization without demonstrating the necessity of a solution.
  • Perfection is impossible to achieve, especially during a proof of value (POV). However, knowing the pain points of the way things are done without this technology, and noting a reduction in pain and increase in efficiency and accuracy of data gathering will help in the initial feedback of the tests. Ensure the proof of value includes data validation to test accuracy.

Info-Tech Insight

Know your metrics going into the proof of value. Document performance, quality, and time to do the work and compare to metrics in the proof of value. Agree on what success looks like, to ensure that improvements are substantial enough to justify the expense and effort of implementing the solution.

Questions to consider:
  • What are the project’s goals?
  • What is the desired future state?
  • What problems must be solved to call the POV a viable solution?
  • Where will the project be rolled out? Are there any concerns about communications and power that may need to be addressed?
  • Are there any risks to watch for?

Info-Tech Insight

Be sure to avoid scope creep! Remember: the goal of the proof of value project is to produce a minimum case for viability in a carefully defined area. Reserve a detailed accounting of costs and benefits for after the proof of value stage.

Define use cases to test against current methods

Outline the solution to the problem

Determine how the solution should perform in completing tasks. Be careful not to focus too heavily on how things are done today: You’re looking for dramatic improvements, not going back to existing workarounds.
  • The use case will help to define the scope of the project, define adjacent use cases or tasks that will be out of scope, and to contain the test to a reasonable effort and time frame, while still testing core functionality.
  • Map processes based on expectations of how the solution should work, and compare these to the way things are done today. Identify if there are obvious improvements to the existing processes that if done, would change the existing results significantly. Take this into account when reviewing results. (This will also be useful if the project isn’t approved or is delayed.)
  • Identify where tasks and data collection will be automated and where they will need to stay manual or require additional integrations or solutions such as RPA. These other solutions may not factor into the proof of value but will need to be identified on the solution roadmap if it goes ahead.

Blocks with arrows in between them, like an example of a step progression.

Define steps to reach these goals today:
  • Discuss steps to completion
  • Effort to collect data
  • Effort to validate and correct data
  • Effort and ability to use the data for decision making, understanding your customers, and process improvements
  • Quality of data available with current methods compared to quality and volume of data using an IoT solution

Determine the appropriate project team

Bring in team members from the business and technical sides to test for those functions that matter most to each team. This effort will enable them to quickly identify risks and mitigate them as part of the product rollout or start the process to look at alternative solutions.
  • Stakeholders: Anyone who is impacted by the new technology and who will end up using, approving, or implementing it. Identify team members who will be willing and able to test the systems for data quality, collection, and workflow improvements.
  • Data analysts: Include someone who can validate the usefulness of data to meet the needs of the organization.
  • Security & Privacy: Include these team members to validate their expectations of how privacy and security needs can be met.
  • Infrastructure & Operations: These team members can test integrations, data collections, traffic flow, etc.
  • Vendor: Discuss what part the vendor can play in setting up the solution for running the proof of value.
  • Other business units: Identify business units that could benefit or be impacted by this solution. Invite them to participate in the roof of value, but remember to contain scope.
Leverage the insights of the diverse working group
  • Processes are designed to transform inputs into outputs. All business activities can be mapped into processes.
  • A process map illustrates the sequence of actions and decisions that transform an input into an output.
  • Effective mapping gives managers an “aerial” view of the company’s processes, making it easier to identify inefficiencies, reduce waste, and ultimately streamline operations.
  • To identify business processes, have group members familiar with the affected business units identify how jobs are typically accomplished within those units.
  • Ensure they have the time to test the solution and provide valid feedback.

Estimate the resources required for the pilot

Time, money, technology, resources

The benefit of running a proof of value is to make a decision on viability of a solution without the expense of implementing a full solution. This isn’t necessary for low-risk, highly proven solutions, which could be validated with references instead.

Estimate

Estimate the number of hours needed to implement the proof of value.

Estimate

Estimate the hours needed for business users to test.

Estimate

Estimate the costs of technology. If the solution can be run in a vendor sandbox or in a test/dev instance in the cloud, you may be able to keep these costs very low.

Determine

Determine the appropriate number of devices to test in multiple locations and environments; work with the vendor to see if they have evaluation devices or discounts for proof of value purposes.

Conduct a post-proof of value review to finalize the decision to move forward

Gather evaluators together to ensure the pilot team completed their assessments. A common failure of pilots is making assumptions around the level of participation that has taken place.
  • The core working group is responsible for producing a vision of the future and outlining new technology’s disruptive potential. The actual implementation of the proof of value (purchasing the hardware, negotiating the SLA with the vendor) is beyond the committee’s responsibilities.
  • If the proof of value goes ahead, the facilitator should block some time to evaluate the completed project against the key performance indicators identified in the initial plan.
  • Use the Proof of Value Template section of the IoT Solution Playbook to document POV requirements as well as finalizing the feedback loop.
  • Determine ratings for the proof of value to identify which solutions are not viable and which levels of viability are worth moving forward. Some viable solutions may need a different vendor, and some may need customization or multiple integrations. This is important for the project team to move ahead with the implementation.
  • Encourage everyone to provide enough feedback on the various processes to be confident in their declarations of worthiness and to confirm the proof of value was thorough.
  • Communicate your working group’s findings and success to a wide audience to gain interest in IoT solutions as well as to encourage the business to work with the committee to integrate solutions into the governance and operational structure.

3.2 Exercise: Create a template for designing a proof of value

1-3 hours

Input: Agreement of steering committee members to create a process to mitigate risk for complex solutions

Output: Proof of value template for use as appropriate to evaluate IoT solutions

Materials: Whiteboard/flip charts, IoT Solution Playbook

Participants: Steering committee, which may include: Business analyst or business relationship manager, IT executive, Senior data specialist, Senior business executive(s), Privacy & Security senior staff, Infrastructure & Operations senior staff

  1. As a group, review the Proof of Value Template section of the IoT Solution Playbook to determine if it will meet the needs of your business and technical groups.
  2. Determine who will work with the business to create the proof of value plan.
  3. Modify the template to suit your needs, keeping in mind a need for clarity of purpose, communications throughout the POV, and clearly stated goals and definitions of success.
  4. Set a target timeframe to run the POV, preferably no longer than 90 days.
  5. Determine appropriate steps to take for POVs that do not garner the expected participation to qualify a solution to move forward.
  6. Determine appropriate reporting for the evaluation process.

Download IoT Solution Playbook

Communications

As with any new product, marketing and communications will be an important first step in letting the business know how to engage IT in its assessments of IoT innovations. As these solutions prove themselves, or even as you help the business to find better solutions, share your successes with the rest of the organization.

Business units are already being courted by the vendors, so it’s up to IT to insert themselves in the process in a way that helps improve the success of the business team while still meeting IT’s objectives.

Your customers will not willingly engage in highly bureaucratic processes and need to see a reason to engage.

  1. Keep the intake process simple.
  2. Provide support to answer the tough questions.
  3. Be clear on the benefits to the organization and the business unit by engaging with your group, and be clear about how you will help within a reasonable time frame.
    • IT will help navigate the vendor prerequisites, contracts, and product setup.
    • IT will assume some of the responsibility for the solution, especially around security and privacy.
    • The business unit will reap the rewards of the solution with minimal operational effort.

Info-Tech Insight

Consider building your playbook into your service catalog to make it easy for business users to start the request process. From there, you can create workflows and notifications, track progress, set and meet SLAs, and enable efficient asynchronous communications.

Research Contributors and Experts

Photo of John Burwash, Senior Director, Executive Services, Info-Tech Research Group.

John Burwash
Senior Director, Executive Services
Info-Tech Research Group

INFO~TECH RESEARCH GROUP

Info-Tech Research Group is an IT research and advisory firm with over 23 years of experience helping enterprises around the world with managing and improving core IT processes. They write highly relevant and unbiased research to help leaders make strategic, timely, and well-informed decisions.

External contributors
4 external contributors have asked to remain anonymous.

Photo of Jennifer Jones, Senior Research Advisor, Industry, Info-Tech Research Group.

Jennifer Jones
Senior Research Advisor, Industry
Info-Tech Research Group

Photo of Aaron Shum, Vice President, Security, Privacy & Risk, Info-Tech Research Group.

Aaron Shum
Vice President, Security, Privacy & Risk
Info-Tech Research Group

Photo of Rajesh Parab, Research Director, Applications, Data & Analytics, Info-Tech Research Group.

Rajesh Parab
Research Director, Applications, Data & Analytics
Info-Tech Research Group

Photo of Frank Sargent, Senior Director Practice Lead, Security, Privacy & Risk, Info-Tech Research Group.

Frank Sargent
Senior Director Practice Lead, Security, Privacy & Risk
Info-Tech Research Group

Photo of Scott Young, Principal Research Advisor, Infrastructure, Info-Tech Research Group.

Scott Young
Principal Research Advisor, Infrastructure
Info-Tech Research Group

Photo of Rocco Rao, Director, Research Advisor, Industry, Info-Tech Research Group.

Rocco Rao
Director, Research Advisor, Industry
Info-Tech Research Group

Bibliography

Ayyaswamy, Regu, et al. “IoT Is Enabling Enterprise Strategies for New Beginnings.” Tata Consulting Services, 2020. Web.

“Data Volume of Internet of Things (IoT) Connections Worldwide in 2019 and 2025.” Statistia, 2020.

Dos Santos, Daniel, et al. “Cybersecurity in Building Automation Systems (BAS).” Forescout, 2020. Web.

Earle, Nick. “Overcoming the Barriers to Global IoT Connectivity: How Regional Operators Can Reap Rewards From IoT.” IoTNow, 30 June 2021. Web.

Faludi, Rob. “How Do IoT Devices Communicate?” Digi, 26 Mar. 2021. Web.

Halper, Fern, and Philip Russom. “TDWI IoT Data Readiness Guide, Interpreting Your Assessment Score.” Cloudera, 2018. Web.

Horwitz, Lauren. “IoT Enterprise Deployments Continue Apace, Despite COVID-19.” IoT World Today, 22 Apr. 2021.

“How Does IoT Data Collection Work?” Digiteum, 13 Feb. 2020. Web.

“IoT Data: How to Collect, Process, and Analyze Them.” Spiceworks, 26 Mar. 2019. Web.

IoT Signals Report: Edition 2, Hypothesis Group for Microsoft, Oct. 2020. Web.

King, Stacey. “4 Key Considerations for Consistent IoT Manageability and Security.” Forescout, 22 Aug. 2019. Web.

Krämer, Jurgen. “Why IoT Projects Fail and How to Beat the Odds.” Software AG, 2020. Web.

Kröger, Jacob Leon, et al. “Privacy Implications of Accelerometer Data: A Review of Possible Inferences” ICCSP, Jan. 2019, pp. 81-7. Web.

Manyika, James, et al. “Unlocking the Potential of the Internet of Things.” McKinsey Global Institute, 1 June 2015. Web.

Ricco, Emily. “How To Run a Successful Proof of Concept – Lessons From Hubspot.” Filtered. Web.

Rodela, Jimmy. “The Blueprint, Your Complete Guide to Proof of Concept.” Motley Fool, 2 Jan 2021. Web.

Sánchez, Julia, et al. “An Integral Pedagogical Strategy for Teaching and Learning IoT Cybersecurity.” Sensors, vol. 20, no. 14, July 2020, p. 3970.

The IoT Generation of Vulnerabilities. SC Media, 2020. E-book.

Woods, James P., Jr. “How Consumer IoT Devices Can Break Your Security.” HPE, 2 Nov. 2021.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Early intervention will improve success of IoT initiatives.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 3-phase advisory process. You'll receive 7 touchpoints with our researchers, all included in your membership.

Guided Implementation #1 - Define your governance process.
  • Call #1 - Determine steering committee members and mandates.
  • Call #2 - Define process for meeting and assessing requests.

Guided Implementation #2 - Define the intake and assessment process.
  • Call #1 - Define the intake process.
  • Call #2 - Define the role of the BRM & assessment criteria.
  • Call #3 - Define the process to secure funding.
  • Call #4 - Define assessment requirements for other IT groups.

Guided Implementation #3 - Prepare for a proof of value.
  • Call #1 - Define proof of value process.

Author

Sandi Conrad

Contributors

  • John Burwash, Senior Director, Executive Services, Info-Tech Research Group
  • Jennifer Jones, Senior Research Advisor, Industry, Info-Tech Research Group
  • Rajesh Parab, Research Director, Applications, Data & Analytics, Info-Tech Research Group
  • Scott Young, Principal Research Advisory, Infrastructure, Info-Tech Research Group
  • Aaron Shum, Vice-President, Security, Privacy & Risk, Info-Tech Research Group
  • Frank Sargent, Senior Director Practice Lead, Security, Privacy & Risk, Info-Tech Research Group
  • Rocco Rao, Director, Research Advisor, Industry, Info-Tech Research Group
  • 4 anonymous company contributors
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019