Are connected devices leaving you exposed?

Risk and governance will help you safely land your automation goals

In the eye of the storm, devices that are now online—your cell phone, your refrigerator, your car, your heart monitor, the electrical grid that powers your neighborhood, and much more.

As companies seek competitive advantages through deeper data insights, consumers demand smart technology in everyday products, and organizations continue to increase reliance on interconnected technology, the IoT is poised for exponential growth in nearly every industry and marketplace. By 2020, Gartner expects to see 20 billion internet-connected things and predicts 65 percent of enterprises will have adopted IoT products.

However, you cannot realize the business opportunities of the IoT without managing the risks inherent in such a complex and connected ecosystem. As such, the need to govern connected products, while incorporating risk management, is incredibly high. Failure to secure IoT devices while incorporating risk management could prevent you from delivering services, protecting sensitive data, or even keeping customers safe. A single exploit can tarnish your reputation and damage consumer trust. But although 32 percent of IT leaders surveyed by Gartner cited security as a top barrier to IoT success, KPMG research found that 46 percent of companies are adopting IoT technologies without even assessing the associated risk.

How can an agile risk and governance drive program value, enabling companies to tap into the tremendous market opportunity for connected products?

IoT governance basics

Most organizations today recognize the need for a robust, comprehensive IoT governance program that standardizes the initial development and ongoing operation of connected products and establishes guardrails to mitigate risks along the way. However, few know how to get started.

Of course, IoT governance does not follow an exact formula. The program should be malleable to the needs of an organization, and this begins with involving the right people and functions. IoT programs typically require involvement from various teams, including engineering, information technology, and operations. Selected members from these teams should then be aligned to promote and enable IoT program governance. For example, they could operate as a formal centralized function with dedicated resources, as a center of excellence (CoE) that defines and promotes best practices, or as a steering committee made up of various stakeholders. What works best will differ not only by industry, but by where the organization plays in the IoT ecosystem.

The need for customization certainly doesn’t mean IoT governance is a free-for-all. In our experience, we have learned that all effective IoT governance functions—regardless of how they are established—play an instrumental role in critical activities focused around building consumer trust and driving desired business outcomes. Successful IoT governance functions:

  • Are strategic. They shape the overall direction and goals of the IoT program.
  • Empower collaboration. They enable cooperation and teamwork between cross-functionalstakeholders.
  • Drive consistency. They promote process standardization and reliability to increase ROI.
  • Provide guidance. They share best practices for IoT development and implementation.
  • Mitigate risk. They establish controls and define key metrics and indicators to monitor and optimize business outcomes.

These activities should be embedded throughout an IoT program, and we believe that successful governance programs support the full lifecycle of an IoT program, from the initial strategy, to program delivery and ongoing operations. For the remainder of this paper, we will explore example risk exposures and governance techniques throughout this lifecycle .