16 questions CXOs should ask before starting an IoT project

Is your company ready for an IoT implementation? Here's a checklist to help you decide.
Written by Mary Shacklett, Contributor
Image: iStock/AndreyPopov

In a 2015 global survey conducted by IT services and consulting firm Tata Associates, 79 percent of 3,764 executives responded that they had Internet of Things (IoT) initiatives in place, and 64 percent of those who didn't that they planned to launch IoT applications by 2020. This same survey revealed that almost half of companies' IoT apps were focused on common devices like smartphones and tablets.

This article takes a look at the next tier of IoT that goes beyond smartphones and tablets and into combinations of software and sensors that do everything from monitoring security and HVAC systems in buildings to tracking cargo and monitoring the traffic levels of highways and subway lines. The focus is also on how companies are (and will) be using this deeper level of IoT to improve their bottom lines and internal operations, in contrast to companies that are commercializing IoT for their end customers, and that have additional liability, profitability, security and support issues that are a topic in their own right.

For companies looking to get into that aspect of IoT, here is a readiness checklist that should be on the CIO's desk:

Area 1: IT organization

Do you have an IoT Team?

Do you have a team of individuals that will focus on IoT development? The team should be interdisciplinary (that is, applications, networks, database/ storage, system infrastructure and operations) because for IoT to work, it must cross the boundaries and engage the resources of all of these disciplines.

Are IT/OT partnerships in place?

Internal IoT will involve people in the business as well as IT. If the project is automating machines on the manufacturing floor so alerts are automatically issued when a production problem arises, manufacturing and engineering are the ones to define the business processes and the rulesets that will be needed for the IoT, while IT ensures that the technology works. This means that cooperative partnerships between IT and end business units should be in place before any IoT work is started.

Do you have the right project leads?

Cooperative end user IT projects require IoT project leads in IT with strong communication, collaborative and people skills. Your lead technologist might understand the nuts and bolts of IoT, but if they can't excel in people skills, they shouldn't be a project lead.

Do you have the IoT skillsets in your organization?

IoT specialists are in high demand in the U.S. and worldwide. If you don't have IoT expertise, or the ability to develop it, on your staff, hiring will be tough, and you may have to rely on contractors or vendors. As a result, you could face pushback from your own staff because they will perceive that you aren't investing in them. CIOs need to first figure out how to obtain the short-term skillsets they need for IoT before they pursue IoT, and second, collaborate with HR and upper level management on a longer-term employee skills development plan.

Area 2: IT strategy

Do you have an IoT sandbox?

There's a lot we don't know about IoT. How will it change business operations? Will it work in every case we think it will? Does it create new problems in maintenance, security and reliability that we didn't think of? For these reasons, IT needs to strategically promote the idea of an IoT for proofs of concept that will test an idea before it's widely deployed to confirm that it will deliver the business value that the company thinks it will.

Do you have a strategic roadmap for IoT?

IoT is a direction, not a destination. Consequently, your strategic plan should show a roadmap of IoT evolution, not just a single IoT project. If the first IoT project is placing sensors on vehicles so they can be monitored for geographic location and redeployed if necessary to cover other nearby routes, great. However, this IoT technologically can be further leveraged into monitoring and analyzing whether your fleet is consuming fuel economically, whether drivers are driving safely, and whether refrigerated trailer doors are being left open too long, thereby threatening the safety of perishable food cargo.

How well-positioned is your IT infrastructure for IoT?

IoT, with its rapid transport requirements and its enormous data payloads, will require revisions in IT infrastructure and security -- from networks and databases, to storage and processing. These infrastructure changes must be defined and budgeted for. Do you have central data repositories and networks that will ultimately collect and process IoT data, or are you planning to adopt an edge computing approach where separate facilities in your enterprise monitor and collect their own data? How are security and governance administered? These are major IT infrastructure decisions not only for the CIO, but for the enterprise as a whole.

Do you have strong IoT vendor partnerships?

Few organizations are 'going it alone' with their IoT projects. Most are teaming with best-in-class vendors for their industries or applications, whether the project involves monitoring manufacturing and the supply chain, or using IoT to monitor building security and environmentals. Carefully vetting IoT vendors and then determining who to partner with should be an organizational priority.

Area 3: Security, compliance and governance

Do you have an IoT policy development and compliance function?

Any IoT development project should include compliance and governance. If your company has an internal legal or compliance department, it should be part of the IoT project to determine whether there are any compliance and/or policy limitations or barriers. These same functions should also be looking at potential liability issues relating to the IoT.

Have you thought through IoT security?

There is no consensus on how to implement security in IoT on a device. Consequently, if your IoT uses commodity devices such as sensors, which most will, security warranties from vendors and your own security practices will be very important. Many vendors develop embedded software that implants 'smart' behavior into their devices, but it isn't uncommon for embedded software to not be thoroughly tested. Your security team should have an action plan in the event that a harmful breach occurs through one of these devices. A secondary level of security is authorizing and monitoring access to IoT devices. Only authorized personnel should be allowed access to these machines for purposes of programming or maintenance.

Is IoT in your disaster recovery and business continuation plan?

Most companies struggle to keep their DR plans updated, and IoT is no exception. Since IoT presents unique security challenges, this is one time that CIOs and others responsible for DR planning should be proactive. What happens, for instance, if the IoT fails? Do you have the ability to manually override it and keep things running? This is especially important in IoT infrastructure monitoring and functions, and in areas like unmanned vehicles, drones and robots.

Do you have an IoT audit function?

If your company has an internal audit group, that group should be charged with working with IT and compliance to develop best practices for auditing IoT technology. If your company doesn't have an internal audit group, an external auditor can be asked in to recommend best practices to ensure that security, logging, internal controls and other IoT functions are working properly.

Area 4: Organizational buy-in

Is your management on-board with IoT?

Before starting any IoT project, it is vital that your board, your CEO and other top-level officials and key business managers see the value in it. Part of this will depend on how well you and your operational partners present IoT projects as value to the business.

Do you have well-defined business value cases for IoT?

It is up to IT and end business users to identify 'best fit' cases for IoT in the company that will bring back measurable business value in the form of economizing operations, improving quality, and so on. No IoT project should be started without first defining a clear business issue (or value proposition) that it will deliver on.

Do you have a method in place for defining and measuring the ROI of your IoT projects?

Like other technology projects, IoT will enjoy a 'honeymoon' period -- and then the CEO, the board and other stakeholders will come looking for the return on their IOT investments. It is important that metrics for financial investment recoupment, and other benefits delivered to the business, be identified up front with IoT projects. If you see that a project can't deliver on these promises, you should plan to pull the plug while it's still in pilot.

Do you have an IoT support team?

Once an IoT project is implemented in your organization, you will need a team in place to support and maintain it. Does your helpdesk do this? Or an outside service provider? Or does IT combine with operations to support maintenance and support? If a sensor goes out in a plant, do you keep spares nearby so operations personnel can replace the defective sensor? All of these support and maintenance issues should be worked out in advance of any IoT production deployment.

There is much to consider as IoT begins to insert itself as a technology in organizations. These considerations cross every departmental and functional boundary in the company and ultimately will involve virtually every organization stakeholder. The glue for all of these diverse parties is IT. This makes the CIO well-suited for a major role in IoT deployment, and organizations will expect their CIOs to be ready.

Editorial standards