Governing IoT Data is critical.

The world has seen several waves of “Internet of X” solutions: the Internet of Documents (cloud stores), the Internet of Commerce (B2B, B2C), the Internet of People (Social Media). The most recent wave and the focus of this Blog is the Internet of Things or IoT, and the imperative to apply governance controls to the massive and exponentially growing amounts of IoT data being created, stored and consumed.

Internet of Things (IoT)

IoT is simply the ability to exploit operational data generated by Internet-connected smart objects (“things”) for the purposes of gaining insight about their operation and producing “better outcomes” (example create new business models, eliminate unscheduled maintenance, etc.) Technology and solution providers like GE, Cisco, Microsoft, SAP, Bosch, etc. have been making serious claims about the IoT space. Gartner and McKinsey have made similar claims. McKinsey estimates that by 2020 the impact of IoT on the world economy will be ~$11 Trillion.

Information Governance

For over two decades, organizations have witnessed a frenetic march towards the digitization of their business and operational processes. This has also led to an explosion in the volume of information being created, stored and consumed. Organizations are now facing a convergence of business, legal and technological forces that will trigger a major decision point: how to deal with this new corporate asset… more specifically, how to look after it throughout its lifecycle, aka Information Governance.

Looking after IoT Data and Governing it

Adopters of IoT solutions are facing a wide range of technical and organizational challenges: how to cope with fast evolving technology and architecture and the challenges of integration. With the continued expansion and maturation of IoT solutions, the volume of IoT data generated by sensors will witness exponential growth, and organizations will have to address fundamental questions:

  • Who owns the IoT data?
  • What is the IoT data in the first place?
  • How secure is this data against unauthorized access? cybersecurity, privacy, data leaks
  • What are the rights and duties of IoT solutions adopters toward this data?
  • What is the lifecycle of this data? how to manage it?
  • How to deal with data residency issues?

These questions will be critical in places like Smart Cities, where multiple IoT systems belonging to different stakeholders exchange IoT data, which often include personal data.

It is therefore critical to address these questions, probably as early as possible in the implementation cycle. IoT data must be treated as Corporate Information Assets that must be looked after. Applying such governance controls must be done within the context of proactive and sustainable programs that (i) establish formal frameworks and corporate sponsored information governance policies and (ii) subsequently enforce these policies on the data.

Call to Action

Adopters of IoT solutions still have a low debt vis-à-vis the governance of their IoT data. This state of affairs will not last very long considering the explosive volume growth of IoT data (hockey stick upwards curve). Organizations MUST thus be proactive and begin to address the governance questions surrounding their IoT Information Assets.

Providers of IoT solutions must also heed the call of IoT data governance, and begin to weave the governance capabilities (policies, enforcement, audit trail, etc.) within the structure and capabilities of their products and services offerings.

About Bassam Zarkout

Bassam Zarkout

Bassam is the founder of IGnPower. He is a technology executive and a transformative thought leader with 24 years of experience in Information Governance and Content Management domains. Bassam is currently focused on the IoT space and the need to govern IoT data. He is a frequent public speaker on various Information Governance and IoT subjects.

Follow Bassam on Twitter (