by Amitranjan Gantait, Joy Patra, Ayan Mukherjee | Updated January 20, 2018 - Published January 19, 2018
IoT solutions are complex. The integration of connected devices and IT services poses major challenges in networking, communication, data volume, real-time data analysis, and security. IoT solutions involve many different technologies and require complex development cycles, including significant testing and ongoing monitoring.
To overcome these challenges, IT organizations must:
An IoT solution governance model should address these challenges.
IoT solution governance can be viewed as the application of business governance, IT governance, and enterprise architecture (EA) governance to Internet of Things (see ). In effect, IoT governance is an extension to IT governance, where IoT governance is specifically focused on the lifecycle of IoT devices, data managed by the IoT solution, and IoT applications in an organization’s IT landscape. IoT governance defines the changes to IT governance to ensure the concepts and principles for its distributed architecture are managed appropriately and are able to deliver on the stated business goals.
Successful IoT engagements require that IT organizations define a technical strategy that includes developing a reference architecture, deciding the technology platforms, and developing the processes that are required to design, develop, and operate the IoT solution. Unless teams develop an IoT technical strategy, individual teams across the organization will define their own approaches which often lead to fragmented initiatives that will cost the company more with less chance of success.
A technical strategy can include phase-wise activities and clearly defined roles, responsibilities, and deliverables (see ).
The technical strategy must document and address all business, technical, and operations requirements and constraints. It must also address current and future business needs and adapt to business and technical changes.
You can read more about strategies for planning IoT architectures in this article, “Simplifying the development of your IoT solutions with IoT architectures.”
To ensure consistency across multiple IoT projects, IoT solutions should adopt a repeatable framework and develop a standard reference architecture that guides individual IoT implementations. Each project must not define their unique way of integrating devices, or communicating with the IoT platform. The IoT reference architecture must meet the needs of different organizational units and define technology standards for all IoT projects to use.
An IoT reference architecture provides a set of architectural patterns, standards, and best practices for use in developing IoT solutions. Use of the approved architectural artifacts from the IoT reference architecture will reduce project risk and lower costs, by reducing the number and complexity of design activities in the project. Your organization’s IoT reference architecture can be based on standard IoT reference architectures or industry reference architectures.
An IoT ecosystem needs to connect to all types of devices and collect and store data securely. A complete IoT solution needs to include all components of the ecosystem – including devices, network, software, services, security of the complete solution. Your IoT reference architecture must consider all aspects of the IoT ecosystem (see ).
Data is generated from devices, and insights from that data are consumed by users or automated operations. Real-time data and near real-time analysis enables timely actions. The type of industry and the nature of the data drives the outcome and selection of a reference architecture.
As companies mature on their IoT journey, they evolve from simple monitoring of the assets to include optimization and advanced prediction of different asset parameters. However, collection and storage of data that comes from devices is just the initial step. The value of IoT solutions can be improved by adding more analysis and optimization capabilities. Your IoT reference architecture must address these more advanced capabilities.
Finally, having a great IoT solution would be worthless unless it is secure. All layers of the IoT solution must be protected from vulnerabilities and potential attacks. Your IoT reference architecture can help ensure that security is not an afterthought.
After organizations have a clear understanding of the IoT solution ecosystem as depicted in , a detailed technical reference architecture can be created to support that ecosystem. shows a somewhat simple reference architecture for IoT solutions for organizations to adopt based on their specific needs. You can view a more detailed IoT reference architecture in the IBM Cloud Architecture Center.
The IoT reference architecture needs to consider these aspects of your IoT solution for your IoT governance policies to enforce:
Provide a reliable network for capturing and controlling sensor data
Support for reliably transporting data from devices to the IoT platform
Address security. Read more about IoT security in this series, “Design and build secure IoT solutions.”
Read more about IoT networking considerations and challenges in this article, “Connecting all the things in the Internet of Things.”
Physical devices layer
Support the wide variety of sensors, devices, and gateways
Support remote monitoring and management
Address security, such as secured booting, firmware upgrades, intrusion detection, and logging of security events. Read more about IoT security in this series, “Design and build secure IoT solutions.”
After organizations have their technology strategy and reference architecture in place, organizations must train technical professionals in the technologies. Organizations need to have sufficient skills in all the tiers of an IoT solution.
The key roles and responsibilities of an IoT development team include:
An IoT Center of Excellence (CoE) can also be a key organization within the IT department of an enterprise and can keep all stakeholders focused on a common goal. The function of an IoT CoE includes defining proper processes for managing device lifecycle, identifying proper technology that is suitable for the enterprise, and defining policies, standards, and guidelines to govern the IoT solution from business need to operations. A dedicated IoT Center of Excellence (CoE) is one of the most important additions an organization can make to increase the likelihood of a successful IoT implementation. See .
The IoT solution architect plays a key role for the planning and governance of IoT solutions and works closely with business architects, enterprise architects, and security architects. All the IoT-related efforts and activities must be channeled through this CoE to eliminate duplication and realize quicker return on investments.
An IoT CoE provides a comprehensive approach to the establishment and adoption of the IoT solution. When implemented at the proper level, the IoT CoE will lessen the political issues and complexities that often impede IoT solution adoption. The IoT CoE responsibilities include:
Processes and policies are the actionable part of any governance model. They are the activities that are followed, applied, and enforced to govern and manage all IoT initiatives.
shows the key components of an IoT governance and management model.
In addition to managing IoT solution development, the IoT governance model defines principles, processes, and standards in these areas:
Many organizations want to be able to take advantage of the benefits of IoT solutions. However, without a proper governance model in place, most of these initiatives are likely to fail or not result in the expected benefits. IoT governance models need to develop an appropriate technical strategy and reference architecture to drive standardization and best practices in all IoT initiatives across the organization. Also, the IoT governance model needs to identify roles with proper skills and define responsibilities to streamline all such initiatives; ideally, an IoT Center of Excellence should be instituted. Finally, the IoT governance model needs to define appropriate governance processes and policies to manage fully all IoT lifecycle activities. Security and privacy concerns are one of the major bottlenecks for deploying IoT based solutions, so IoT governance processes must be developed with these security concerns in mind and not leave security as an afterthought in the IoT solution process.
One of the key functions of an IoT governance solution is to manage the device lifecycle – including new device registration, upgrading the existing devices, and decommissioning old or obsolete devices. Different standards are emerging to manage IoT devices. Part 2 of this series will discuss different approaches to device management and demonstrate the device management capabilities of IBM Watson IoT Platform.
As data is the core component of any IoT solution, governing the full data lifecycle is a key component of any IoT governance model. IoT data governance covers full lifecycle of the data, starting from data generation in the devices, sending the data over the network to Cloud-based IoT platforms, storing the data, and finally analyzing and reporting on the data. Any IoT governance solution needs to address privacy and security concerns, keeping in mind regulatory and other compliance requirements. Part 3 of this series will focus on IoT data governance.
To address the challenges inherent in planning and implementing complex IoT solutions, teams need a governance model. This article series…
Learn how to manage your enterprise-wide IoT initiatives.
Learn how to govern your devices by choosing the right device for your solution and managing the lifecycle of those…
Back to top