Transcription
IoT GovernanceGovernance framework
Deloitte IoT GovernanceContentsIntroduction04Background and context05Why do we need IoT Governance?07Aspects and key components of IoT Governance08Roles and responsibilities of IoT Governance stakeholders10Implementing the IoT Governance framework11IoT Center of Excellence12IoT Governance challenges related to future trends13Conclusion14References1403
Deloitte IoT GovernanceIntroductionThe major change that the Internet ofThings (IoT) is bringing to the digitalecosystem at various levels (organizationaland national) is the opening up of thediscussion on how to govern the workaround this new disruptor.This paper focuses on IoT governancerelated issues. In the sections of thispaper we will provide the context and abrief background on the emergence ofIoT, discuss how IoT operations can begoverned and what is needed, includingthe roles and responsibilities involved inIoT governance, and describe a proposedgovernance framework implementationas well as the future challenges facing IoTgovernance.04This paper is intended to showcase howIoT governance can be implemented.However, it is important to note thatthe IoT industry is going through rapidand major developments on a dailybasis, hence agility and an open mindsetare crucial for the success of any suchgovernance schemes.IoT is essentially a giantnetwork of connecteddevices. The JointCoordination Activity onInternet of Things (JCAIoT) calls IoT “a globalinfrastructure for theinformation society.”
Deloitte IoT GovernanceBackground and context5,6In recent years, the Internet of Things(IoT) has been a buzzword in thetechnology space, used to refer to multipleapplications and scenarios. However, letus take a step back and ask just what IoTexactly is. In simple terms, it is essentiallythe connection of devices to the Internetand the connection between them throughsensors. These devices include everythingfrom handheld gadgets to washingmachines, coffee makers to toasters andalmost any other device you can think of.According to Business Insider, forecastspredict that by 2027 there will be over 41billion connected devices. Therefore, IoTis essentially a giant network of connecteddevices. The Joint Coordination Activityon Internet of Things (JCA-IoT) calls IoT “aglobal infrastructure for the informationsociety”.To understand the complexity of IoT andthe pressing need to properly governthis ecosystem, it is worth looking intothe components that build up this giantnetwork of connected devices.1. GatewaysGateways enable the easy managementof data traffic flowing between IoT devicesand networks. They also translate thenetwork protocols and make sure thatthe devices and sensors are connectedappropriately. Gateways can also work topre-process the data from sensors andsend them off to the next layer, as wellas providing proper encryption with thenetwork flow and data transmission.2. AnalyticsThe analog data that are derived fromdevices and sensors are converted into aformat that is easy to read and analyze.The key attribute of the IoT ecosystemis that it supports real-time analysis thatdetects irregularities and prevents dataloss or data scams to prevent maliciousattacks.3. Connectivity of devicesThe main component completing theconnectivity layer are sensors and devices.Sensors collect information and send it offto the next layer, where it is processed.With the advancement of technology,semiconductor technology allows theproduction of smart micro sensors thatcan be used for several applications, someof which are as follows: Proximity detection Humidity or moisture level Temperature sensors and thermostats Pressure sensors RFID tags, etc.Modern smart sensors and devices usevarious ways to connect. Wireless networkslike LoRAWAN, Wi-Fi, and Bluetooth makeit easy for them to maintain connectivity(please refer to figure 1 to view theindicative layers for IoT).4. Cloud computingWith the help of the IoT ecosystem,organizations are able to collect bulkamounts of data from sensors, devices,and applications. There are various toolsthat are used for the purpose of datacollection that can collect, process, handleand store the data efficiently and in realtime; this can be performed by using IoTCloud.5. User interfaceThe IoT ecosystem depends immensely onuser interfaces, which provide a visible andphysical part that can be easily accessedby the user. It is important to have a userfriendly interface to ensure a proper userand administrator experience.The term IoT governance is still in itsearly stages and there are no definitivelimits on what IoT governance shouldinclude, or which areas it should cover.05
Deloitte IoT Governance6. Standards and protocolsIt is important to choose a platform thatwill enable IoT devices to interact with thesystem. Thus, interaction with differentdevices and networks with the samestandard as IoT is possible. It is importantto have the same protocol to have asuccessful interaction.7. DatabaseThe usage of IoT is increasing dynamicallyand this is dependent on data that isgenerated by the IoT network. The amountand type of data generated by the IoTnetwork requires a proper data lake inplace to be able to store and process thedata sets generated.8. AutomationAutomated decision-making is enabledby the type, frequency, and amount ofdata generated by the IoT network. Inaddition to that, the emergence of AItechnologies supports proactive predictivedecision-making scenarios. Such predictivescenarios relate to user behavior and howit affects the activation/deactivation of IoTconnected devices.9. InteroperabilityIoT is the latest advancement in technologywhere the need for development isgrowing and increasing with time. IoTrelated technologies and devices arestill undergoing rapid development andenhancement cycles without commonindustry standards in place as yet. AsIoT works with more than one deviceand system, it is important to ensureinteroperability across the whole IoTecosystem.With the rise of IoT, while we have seen anincrease in convenience, it has also givenrise to challenges. The most importantquestion is how do we govern theinteraction between these devices?06We believe that at a minimum,IoT governance should addressa combination of IT governance,enterprise architecture governance,data management governance, andinformation security governance.Governance originates from the Greekverb kubernaein [kubernáo] (meaningto steer, and can be traced back to earlyModern England. The term was used inconstitutional publications and letterswhere it was used to refer to arrangementsof governing and ruling methods.Currently, the term is used to describea broader set of institutional activitiesfor different types of institutions(Public, Private, and corporate), and itcan be associated to a particular field(Environmental, Internet or InformationTechnology). Governance is a theoreticalset of rules, actions, and processes usedto stabilize institutions, organizations andcommunities and to ensure a persistentand stable outcome from the members ofthose entities.From an information technologyperspective, the term governance refersto the tools, processes, controls, andframeworks that ensure efficient andeffective use of technology resources toenable an organization to achieve its goals.As IoT has emerged, along with thedevelopment of sensors that can transmitdata about the status of their environment,organizations, governments and civilsociety institutions have become moreinterested in setting the right processesand frameworks to ensure that devicesare functioning in a controlled mannerand can be protected against any unlawfulintrusions or intercepts.The term IoT governance is still in itsearly stages and there are no definitivelimits on what IoT governance shouldinclude, or which areas it should cover.IoT devices are rapidly evolving in termsof their capabilities and functions, andthe large-scale implementations of IoTdevices is still growing. Hence, it is still notclear which areas should be addressedby any IoT governance framework thatwill evolve. However, we believe thatat a minimum, IoT governance shouldaddress a combination of IT governance,enterprise architecture governance, datamanagement governance, and informationsecurity governance.
Deloitte IoT GovernanceWhy do we need IoT Governance?The rationale behind any governance framework is to stabilize the operations of anyinstitution and ensure a consistent and stable outcome.Systems/ApplicationsFigure 1: IoT layers indicative architecturePortalsAppsIndicative IoT architectureApplication layerAggregated data is processed atthis layer, to give insights aboutthe environments the sensorsare embedded in. Systems/Applications at this layer can beIoT Specific (IoT Platform) orEnterprise Specific (CRM,ERP).Mobile myInventoryPlatformDigital Command CenterCRMDVERPGISVerticals Integration PlatformBig DataInfrastructureOthersBlockchainIndustrial IoT nDevicesMobilityLoRASecurityZigbeeSignals forTraffic Steering Electricity sensors Open onlinecoursesAnti Fraud SystemIn the case of IoT, the IT areas affectedby this new technology could be splitinto three: data, infrastructure, andarchitecture. In the same manner, theaspects of any IoT governance frameworkshould cover these three areas. An IoTgovernance framework should ensure integrity and data security for informationshared by all IoT devices in the enterprisenetwork. It should also maintain thetrusted source of information across thedifferent layers of the IoT architecture.FinancialservicesMiddle layerData coming from IoT devices,through the network layer andthe enterprise systems, can beaggregated to be visualized on aData visualization platform (DV).Different IoT devices havedifferent platforms.Network layerIoT devices transmit data to theirrespective platforms using thewireless networks available (LoRA).Those networks can be public orprivate owned ones. LoRA wirelessnetworks are getting morepopularity in the EU as they haveless initial cost than the fiber ones.Physical layerAt this layer, IoT devicescommunicate with their edgerouters using a specificcommunication protocols. Thosesensors can transmit data abouttemperature, light intensity, noiselevel, traffic conditions.etc.In addition, the framework should ensurethat all infrastructure devices, and IoTdevices in particular, are well protected,physically and digitally, to prevent anyunlawful intrusion or improper functioning.07
Deloitte IoT GovernanceAspects and key components of IoTGovernance1,2As previously mentioned, the IoTframework should cover the threemain areas of data, infrastructure, andarchitecture. However, which aspects ofthese should be of higher concern to anyIoT governance framework?First is the applications associated withcollecting, analyzing and monitoring thedata provided by the IoT devices. At a highlevel, these applications should be wellgoverned to protect the data acquired andprocessed by them. It should also providecontrols for accessing this data, such asrole-based access, for example.Second is the platform; all platformsrelated to data management, applicationintegration, and IoT device managementshould have a well-defined framework asto how to register/de-register IoT devices,how to collect data, how and where topublish this data, and how to interact withupper and lower layers of the IoT referencearchitecture.Third is the communication. This refers toall communication between devices at thephysical end up to the consumption of thecollected data. The IoT framework shouldtap into the protocols of transportingthis data across all layers and take intoconsideration any regulatory requirements(local and international), with the GeneralData Protection Regulation (GDPR) as anexample.Fourth is the IoT device itself. At this level,the IoT framework should tap into thesecurity of the device, the monitoring ofthe device, intrusion detection, booting,remote control and firmware management,08and interoperability with multiple vendors’devices.Across all these areas and aspects ofIoT governance, fundamental pillarsare required to execute an effectivegovernance framework. In addition, it isimportant to realize the importance of IoTgovernance in reaching the aspired digitalmaturity level. The Deloitte Digital MaturityModel (DMM) is the first industry-standarddigital maturity assessment tool developedin partnership with the TM forum with keycontributions from other industry andsubject matter experts.First, the IoT governance frameworkshould foster and support digitalinnovation; IoT adoption is still in the earlystages of large-scale adoption and needsan effective IT governance approach toeffectively harness its benefits. By that, wemean that a mix of agile and classical ITgovernance models should evolve to bettercope with the fast changing and real-timenature of the IoT ecosystem.Second, balancing the risk and compliancein the IoT framework is essential to be ableto move along the curve of digital maturity.Among the Deloitte 4 dimensions of digitalmaturity, IoT will affect three of them(Strategy and Culture, Technology, andOperations).In the Strategy and Culturedimension, the framework shouldtap into forcing a clear adoption ofthe right tools and systems to runthe IoT ecosystem. A well-defined IoTstrategy should be part of the overalldigital strategy of any organization.The right balance of IoT investment isof paramount importance as any IoTgovernance framework will prove uselessif the investment strategy is not welldefined.In the Technology dimension, thegovernance framework should ensureinteroperability across the differentlayers of the IoT reference architecture,and this can be very specific to theorganization’s needs and should alignwith the communication standards andprotocols (like periodic log transmissions,detection of anomalies, etc.) of otherdigital ecosystems at the organization.As part of the technology dimension,there should be a clear data lifecyclemanagement for all data sets generatedby the IoT ecosystem, given its specificityand frequency.In the Operations dimension, thegovernance framework should set therules for an integrated digital servicemanagement, workflow integrationmanagement, and a well-defined servicecatalogue with other IT systems. Themost important aspect of the Operationsdimension is the real-time insightsand data analytics; as mentioned, thespecificity and frequency of the IoT dataimplies a high level of correlation controlpoints, time-related rules to account fordata loss, and data-trust checkpointsfor data sources. Finally, a well-definedautomation scheme of all relevantresources in the IoT ecosystem is crucialfor any successful IoT governanceframework.
Deloitte IoT GovernanceFundamental Pillars of IoT GovernanceFigure 2: IoT Governance Pillars mapped to the Dimensions of the Deloitte Digital Maturity Framework12TechnologyUnderpins the success of digital strategyby helping to create, process, store, secureand exchange data to meet the needs ofcustomers at low cost and low overheads.3OperationsExecuting and evolving processes andtasks by utilizing digital technologiesto drive strategic management andenhance business efficiency andeffectiveness.Strategy & CultureFocuses on how the businesstransforms or operates to increase itscompetitive advantage through digitalinitiatives, which are embedded withinthe overall strategy, alongside theorganizational culture.CustomersProviding an experience where customers view theorganization as their digital partner using their preferredchannels of interaction to control their connected futureon and offline.Third i e implemented and how IoT is likelyto change even more in the future. Aholistic approach of this nature will helporganizations and nations maximize theirbenefits while minimizing the risks of IoTimplementation.References1. Dayal, “IoT Ecosystem Components: The Complete Connectivity Layer”, May 28, 20182. Gantait, Patra, Mukherjee, “Defining your IoT governance practices”, Jan. 19, 20183. Serbanati, Rotondi, Vermesan, Baldini, “IoT governance, Privacy and Security Issues”, Nov. 14,20144. Jones, Wallin “How an IoT Center of Excellence Can Help CIOs Deliver Better IoT Solutions”, July27, 20175. Newman, Peter “THE INTERNET OF THINGS 2020: Here’s what over 400 IoT decision-makerssay about the future of enterprise connectivity and how IoT companies can use it to growrevenue”, March 6, 20206. IBM “Defining your IoT governance practices”, January 19, 201814
Deloitte IoT GovernanceAuthorsBhavesh MorarPartner – ConsultingDubaibhamorar@deloitte.comYousef BarkawiePartner – ConsultingDubaiybarkawie@deloitte.comRajesh BalakrishnanSenior Manager – ConsultingAbu Dhabirabalakrishnan@deloitte.comMohammad KhasawnehManager – ConsultingDubaimkhasawneh@deloitte.comJassim BangaraManager – ConsultingAbu Dhabijbangara@deloitte.comHussam Abu BakerConsultant – ConsultingAbu Dhabihabubaker@deloitte.com15
This publication has been written in general terms and therefore cannot be relied on to cover specificsituations; application of the principles set out will depend upon the particular circumstances involvedand we recommend that you obtain professional advice before acting or refraining from acting on any ofthe contents of this publication.Deloitte & Touche (M.E.) LLP (“DME”) is the affiliate for the territories of the Middle East and Cyprus ofDeloitte NSE LLP (“NSE”), a UK limited liability partnership and member firm of Deloitte Touche TohmatsuLimited, a UK private company limited by guarantee (“
IoT, discuss how IoT operations can be governed and what is needed, including the roles and responsibilities involved in IoT governance, and describe a proposed governance framework implementation as well as the future challenges facing IoT governance. This paper is intended to showcase how IoT governance can be implemented.
