The hype over the internet of things isn’t overblown, it truly is transformational technology. But organizations won’t embrace IoT just because it’s cool. They’ll only deploy IoT solutions that will give their businesses a competitive advantage. Today, IoT deployments commonly revolve around traditional use cases such as fleet management, video analytics, asset management, and advanced building technologies.
The promise of a very modern solution for these established business functions is refreshing to organizations today. However, given the radically different nature of IoT compared to traditional network and data center technologies, any organization adopting IoT needs to think long and hard about the plan for deployment and management before diving in. For example, IoT systems are dependent on the operations of a large number of oftentimes inexpensive devices and software instances, so there may be a need for more frequent updates or changes to the initial implementation that could impact the cost model.
Additionally, in the process of making a change to an IoT solution, there may be overlooked operational or capital expenses. This includes many tasks that are not as common with other solutions: fixed device retirement dates, certificate management, supporting network solutions, risk of cascading failure, and device replacement.
One of the common unforeseen IoT situations is related to security and certificate management. Take, for example, this familiar story of an Internet-connected car wash being exploited to physically damage and trap a car inside. Thankfully, the car belonged to researchers, who were conducting a test with the car wash owner’s permission, but the story illustrates how high the stakes can be. It's important to note that many IoT systems can put property and human safety in jeopardy if not secured adequately. While much of this problem is solvable by standard security and device management practices, ensuring that this process is consistently followed downstream to all devices and systems could entail a lot of work. In each situation, the security capabilities are a result of not just the devices and software, but more importantly, how they're implemented.
When considering an IoT solution, IT should also consider lifecycle management. The IoT market, for both hardware and software, is an incredibly fast-moving space. It is possible that an IoT solution today with a three-year return on investment could be made obsolete by a new solution available 12 months later. Additionally, some devices may have shorter life spans or even be actively set for a replacement schedule ahead of their planned life span.
An additional aspect of IoT systems that many organizations may not have considered is the potential requirement for separate, additional networks. How many times have you seen a separate WiFi network for some line of business function of the company? I’ve seen many line-of-business solutions (especially in retail) mixed with public areas for customers or visitors of a business. This may mean that organizations must support one or more additional networks to deliver an IoT solution. At face value, this can provide an added layer of security – a network administrator will generally favor segmentation of a solution such as this – but also introduces more complexity and more networks.
Due to the nature of IoT, IT needs to think carefully about how it will handle significant events that could affect the IoT infrastructure. This could include a cascading failure of the devices or the software that controls them. While not applicable to every solution, there is a risk of "bricking" devices. For example, an IoT failure could affect smart refrigerators and put perishable inventories in danger of spoilage. Any bricked device could put business inventory or operational costs at risk; therefore, organizations should take protections to mitigate these risks. One strategy is to keep a stash of spare parts, a practice that is common in IT data centers for endpoints and other critical systems.
IoT presents a powerful solution for many vexing business and IT problems, but the risks and additional operational work required must be fully considered to avoid a failure or crisis that could potentially erase any value provided by the solution.