The Internet of Things (IoT) has become the new frontier of business, and concurrently, is the new frontier of threats. In this four-part series, I’m covering various angles of IoT Security. Whether you’re on the purchasing, sourcing, and finance side, handle IT security and risk management, or you are project-or-product managing an IoT deployment, security is a major piece of the puzzle. Start from the beginning of the series here, and subscribe to our blog to be notified when the next parts drop.In my first post about IoT security, I talked about how you can avoid the most common security mistakes in the IoT rush.
The roles within an organization that should be involved in the security of an IoT deployment are:
- Purchasing, Sourcing, and Finance
- IT Security and Risk Management
- Product and Project Management
Let’s cover the first of those.
Doing it Right: Purchasing, Sourcing, and Financing IoT
How do you evaluate and shop the open marketplace of IoT vendors to find one that will best serve your business and cut costs throughout your entire IoT product lifecycle?
First, let’s look at IoT from this individual’s or team’s perspective.
The task at hand: Deploy an IoT product or service as cost-effectively as possible. It has everything to do with the dollars and negotiations around them.
The rub: Because of a laser focus on saving money, teams often miss the mark on making sure they’re not only getting the best deal they can, but getting the best deal that truly meets the security needs of the IoT product or service.
The varied nature of IoT devices exposes an organization and its customers to entirely new and unpredictable security risks. This point should be thoroughly emphasized with purchasers and sourcers. First of all: What new bases need to be covered? And then: How do you seek out vendors who know how to effectively cover them while saving money?
IoT Vendors: Good at One Thing, or All the Things?
As you look at a domestic or global IoT deployment, know that a lot of IoT vendors are good at one thing but not all things. Your specific IoT needs should be shopped thoroughly on the open marketplace.
Determine whether your purchasing team is prepared and has the experience and IoT know-how to do that. If not, a trusted IoT managed service provider can help you find the best deals with vendors appropriate for your industry, your specific IoT product, and your business’ needs without sacrificing the security of your organization and, critically, your customers.
Before shopping around, work with your line of business and product development team (and your IoT deployment service) to identify the business model: Are you going to productize your IoT service as its own revenue stream, or include it as a cost built into the product? It’s an important distinction to make because once the product has been sold and the bill comes in every month, it may need to be split up against multiple cost centers, back-charged to individual clients, etc.
Most businesses don’t think about this in far enough advance and end up trying too late to solve (from a cost-perspective) for who pays for what, how to track each line item, and how to find out if it has been a valuable investment for the business.
If you’re working with an IoT managed services vendor, they should provide you with a single-pane view into all of that, and ensure security is a covered component.
Unfamiliarity with the IoT Marketplace
Purchasing and finance teams may not have a proven track record or even know where to start in the world of IoT. That’s not a knock, it’s simply the reality of wheeling and dealing in new territory.
If you don’t have connections with vendors in the IoT marketplace, you could pay a whole lot more and be a lot less secure doing business from a place of comfort over expertise. Say a purchaser has a lot of experience working with AT&T on other projects. AT&T has an IoT platform. That may or may not be the best option for them, but since that’s where the familiarity lies, there’s potential to sign on a dotted line that won’t really be the most cost-effective or secure solution for the deployment.
Where else should a purchasing and sourcing team look? Many smaller Mobile Virtual Network Operators (MVNOs) have buying power with the larger carriers. They can deliver you options that can be sold at a much lower price point to the end-customer (you).
The challenges I mentioned here can offer your purchasing, sourcing, and finance teams a starting point for their work on IoT projects, or can serve to help you determine whether an IoT managed service vendor will save you more trouble, concern for security, and cost in the end. Whichever road you take, don’t race off leaving the security aspects in the dust.
In the next post, I’ll get into how your IT security and risk management teams can do their part to ensure a smoothly secure IoT deployment. Subscribe to our blog to be notified when it goes live.
If you already have an IoT line of business or IoT is on your radar, schedule an appointment with me for a free one hour strategy session.