IOT security is not a technical question
I was reviewing a research report from the 451 Global Digital Alliance that brought me back to the subject of how to manage security in the “IoT” world. Let me start at the end - Security, like most of the technical stack in IoT, is seen as a technical question rather than commercial, and that is where the problems begin.
Proviso, I don’t want to comment on the Consumer products and services area as avoiding the Internet in IoT is near nigh impossible in these services.
For businesses integrating “Things” into your business processes, products, and service experience is vital to your business survival, whether you believe it or not. To echo Obama on the Daily Show – the world will keep on warming whether you believe in global warming or not, so technology (new and old) will impact on how businesses work!
In spite of all the IoT hype (and yes there is!) lets reflect on a simple business truth.
The quality of decision-making is closely aligned with the quality of information supporting the decision. Decision-making without information is called guessing.
Connecting things is firstly about building a more detailed understanding of what is going on in your business, whether it is internal business operations, product operational performance, customer service experience, or a complex multi-party supply chain.
To manage, first you must measure, and that is the first outcome of “IoT”.
Having a more granular understanding (and measurement) of your processes opens more doors to improvement.
One of the first is increasing process automation.
An example is if a delay occurs in your logistics operation, notification to impacted customers, partners, staff can be messaged automatically advising of the issue. A step further can inject the delay information into a dependent production process – slow a production line to make the existing components last until the delivery arrives, for example.
The culminating step is the integration of this deeper understanding into planning and development across the business. It will inform business strategy, product development, customer engagement (selling, fulfilment, and in-life engagement), as well as all aspects of business operations.
So coming back to the term Internet of Things, let’s be blunt, why the hell would you want the public Internet being associated with these processes in any shape or form?
The starting point for security is not in the technology but in understanding what is important, and why, and what are the risks of incorrect data, of loss of data, and what if the data gets into the wrong hands.
This is a standard business risk assessment.
Next is to understand the data set – is it data to underpin a real-time process or is it supporting periodic analysis, is logic deployed with the data or back on a server (whether cloud or enterprise hosted), what is the volume of data, both a single event and aggregated over time, what is the value/risk profile for each data set.
Now you have a starting point for engaging with technology – both the people and the things!
You will here many a religious statement about the technology of IoT – edge versus cloud, proprietary versus open, and endless debate about differing communications, architectures and platforms.
All of them, are true, but maybe not for you. Several of them will probably be necessary for your solution, depending on the complexity of what you’re measuring and acting upon. I am not entering into the technical selection process in this piece, we’ll leave that for another day .
In summary I have a simple message to the Commercial leaders and decision-makers. The value of Things in your business (Your Things, not the Internets!), the data sets that define them, the actions they can enable, these need to be understood commercially if you are to be in control of driving value through your business. These are not technology questions, they are commercial.
It’s about value and risk assessments of the range of data sets and associated automation you envisage for your business.
The technology cacophony that characterises IoT can only be quietened through your having a clear vision of the business outcomes you want to achieve. These will drive your technology team and partners through the confusing landscape from sensors to communications, data capture to processing, automation and analytics, and all in a reliable and secure architecture that works for your business.