Surviving and Succeeding with the Internet of Things

R Vittal Raj, International Vice President , ISACA | Saturday, 30 May 2015, 06:07 IST

It is clearly not too far into the future when the gadgets and appliances that we now use, talk to each other and exchange information and instructions. Research shows; we are poised for the next big revolution of the Internet of Things, when our cars, personal wear and gadgets, office and home appliances, and an explosion of apps seamlessly inter-connect and make our daily lives a page out of the science fiction movies that awed us in the past. Garter predicts that by 2020 the Internet of Things will grow to 20 billion units and IoT products and service supplies will generate incremental revenue of $300 billion.

The latest technical frameworks, such as the one from All Seen Alliance which provides a universal framework to enable seamless connectivity and inter-operability amongst diverse devices and software, are pointers to the emerging scale of the Internet of Things.

And it may not be fictional to imagine a time when manufacturers of such gadgets will have to deal with complaints from customers of their gadgets ‘mis-behaving’ and that these gadgets getting to know too much about their behavior and life-style information.

“The world is increasingly being populated by connected devices that collect and share information over the Internet.” Internet of Things offers business, but it also raises concerns about data privacy and security,” says the 2013 IT Risk/Reward Barometer Report published by ISACA. It further uncovers the belief/behavior gaps that underlie the belief of people and business on the value and risks underlying the Internet of Things and on the contrary, what they actually do. These gaps are early warning indicators that point to the key steps that enterprises should take to provide sound governance and management of enterprise IT for this new era.

If in today’s world, platforms such as Facebook and Twitter dot our privacy and security concerns, the privacy and security concerns of our near tomorrow center around the IoT devices that will not only store and exchange private information but also behavioral information of consumers. As the ISACA survey finds, consumers clearly feel the benefits of convenience and time savings out-weigh security and privacy risks around the IoT devices, but they do have significant concerns. Hence, enterprises forming the IoT ecosystem need to factor security and privacy risk management into the governance. Both enterprises and info-security professionals are grappling with the challenges around IoT privacy and security breaches that in turn have a bearing on the challenges associated with identity and access administration and management, ownership of technology vis-à-vis data by stakeholders outside IT, requests to share private data with third parties and regulators, unknown costs of handling and storing the Big IoT Data that is bound to emerge, managing network diversity and complexity, acquiring skill sets and ensuring regulatory compliance.

Organizations and institutions that intend to participate in the IoT ecosystem would do well to adopt structured, framework-based approaches rather than ad hoc and narrow approaches. Managements need to be aware of the corporate governance demands of ensuring business value from IT-enabled investments; they must achieve and deliver operational excellence through reliable application of technology while ensuring risks are optimized.

The business goals need to be supported and aligned with IT-enabled goals. For effective achievement of the goals, it is critical to focus on the IT enablers that form the consideration for the IT processes that drive the governance and management aspects of enterprise IT. COBIT provides a usable framework that businesses can use in establishing a framework for enterprise IT governance.

ISACA recommends that organizations adopt a five-step “Agile” process to ensure trust and to capture value to leverage sensitive information in the Internet of Things era:

• Act quickly; enterprises cannot afford to be reactive.
• Govern the initiative to ensure that data remain secure and risks are managed.
• Identify expected benefits and how to measure them.
• Leverage internal technology steering committee to communicate benefits to the board.
• Embrace creativity and encourage innovation.

According to the IT Risk/Reward Barometer, 70% percent of enterprises in India say; they plan to capitalize on the Internet of Things. Clearly, more devices will be collecting massive amounts of consumer information. Effective governance over the Internet of Things is not just a “nice to have” it is a necessity.