Internet of Things – IoT governance and your IT department.


The IoT (Internet of things) is nothing new in that networked, connected and (semi) intelligent devices have been around for a long, long time.  However, what is different is the explosion of the type and number  of ‘smart’ devices that can be connected to the internet. Welcome to the IoT governance challenge for your organisation.  Are you up for the task?

Given that the connectivity between devices with an IP address via the internet is a fact of life, the combination of the microminiaturization of devices with mobility, has given birth to the IoT.

Whilst the convenience of being able to check out your home refrigerator’s contents, status of your home heating system or your BBQ via your Smartwatch may appeal to some, how this translates into your business with known value, known cost and known risk as another matter altogether.

Internet of Things (IoT) in the new world of IT

Anyone with a manufacturing or industrial background would recognise that many organisation’s own IoT has been doing the serious work of supervising, controlling and otherwise managing key physical processes within the organisation.  Just that they were known by another, less alluring name- SCADA systems. SCADA is an acronym for Supervisory Control And Data Acquisition.

Many industrial, engineering or related processes, whether that be your manufacturing plant and equipment, automated warehouse and distribution systems, building security, water reticulation,  airport air traffic control systems or city traffic management systems, are monitored and remotely managed by SCADA systems.

SCADA is regarded as a subset of the broader term for what are termed Industrial Control Systems (ICS). These are computer controlled systems which help keep industrial or engineering processes operating within their expected performance envelopes. More importantly, these systems manage processes that exist in the physical world.

Now add in the pervasive IP addressability of devices, connectivity via the internet and mobility, and voilà- we have the IoT on a potentially massive scale.

IoT governance + IT department = ?

Enterprise IT departments have their origins in the processing of financial and back-office data. Historically IT was known as the EDP Department (Electronic Data Processing). This is a far cry from the current remit of most enterprise IT functions, which support most, if not all business activities. Contemporary business has become, for the most part, absolutely dependent on the effective running of their IT systems, irrespective whether they be owned an operated within their own data centers, externally hosted and managed or in the Cloud.

Now that the IoT has potentially extended the scope of SCADA systems or introduced new, interconnected systems, how certain are you that your organization’s executives and shareholders are fully aware of the value, costs and risks associated with embarking on an ‘IoT’ initiative? More importantly, what value is placed on effective IoT governance processes?

“It is imperative that assurance, security and governance professionals take notice of the IoT trend because it has the potential to redefine the risk equation within many enterprises.”  ~ ISACA 2015 report entitled ‘Internet of Things: Risk and Value Considerations’

If your IT department is being bypassed or excluded from any IoT governance discussions within your organisation, maybe it’s time consider which specific executive is accountable for managing the risk?

If you’re not sure, then ask the question before plunging your organization into the IoT sea.