If you don’t talk to your business units about the Internet of Things, who will?
IT history shows why that’s not a glib question. Over the past decade, many enterprises suffered embarrassing security breaches and hefty noncompliance fines because their business units signed up for a cloud service without IT’s blessing or even knowledge.
Why? Often those business units believed IT would take too long to approve the project, so they implemented it on their own. In other cases, the project didn’t seem “IT enough” to bother asking. Now the same motivation is driving a lot of shadow IoT projects, but with bigger security and financial risks.
Take, for example, a hospital where the building management department deploys hundreds of sensors, controllers and other IoT endpoints across lighting and HVAC systems to reduce energy consumption. To keep the endpoints affordable, the vendor installs just enough memory and processing power for the technology to do its job. With nothing left over for security, and IT unaware they’re on the LAN, the endpoints become an attractive target for hackers, who mount an attack that results in a seven-figure fine for data protection violations.
I’m from IT, and I’m Here to Help
Lessons learned from shadow cloud can help IT teams avoid the same kinds of problems with IoT and other digital transformation projects. Some solutions are technological, such as firewalls and identity-based policy enforcement. But it’s equally important to focus on culture.
For example, use lunch-and-learns to educate business units about IoT — not only the security considerations, but how IT can help, such as by providing a shortlist of vetted solutions. To streamline that vetting, turn to CDW, which partners with dozens of vendors and knows which solutions are best equipped to meet the business unit’s project requirements and your security needs. This approach also helps overcome the perception that business units can implement faster on their own.
Offering gap analysis also helps overcome that perception. CDW can help here, too, by working with IT to create implementation roadmaps — not just the technologies to deploy but also the processes and best practices necessary to ensure compliance with privacy laws like HIPAA.
Another tip is to allow temporary deviations from IT policies if the business unit agrees to take responsibility for any breaches, cost overruns and other problems. The agreement should include a date for a follow-up review where IT can bless or nix the project. This approach often makes business units pause to consider whether they want to shoulder that responsibility or whether they’re more comfortable having IT take the lead.
These strategies also help elevate IT’s role in the organization. Instead of being perceived as just a back-office enabler or a nag that puts a drag on projects, business units will see IT as a strategic partner, one that needs to be brought in early on every digital transformation project. And there’s one more benefit: CIOs and IT managers now can spend fewer nights awake worrying about shadow IoT.
This blog post brought to you by: