For decades, IT organizations have focused on managing technologies, tools, applications, frameworks, data ecosystems, and other elements of a primarily digital tech stack. Historically, the physical tech stack has been far less dynamic, consisting primarily of employee access points and data center infrastructure.
As it moves onto the shop floor and into operations, technology is evolving from business enabler to value driver, becoming the linchpin of the enterprise. Today, the digital capabilities of security, automation, data-driven analytics and decision-making, and artificial intelligence (AI) and machine learning are needed to manage smart devices across the enterprise. Consider, for example, that by 2025, 30% of new industrial control systems will include analytics and AI-edge inference capabilities, up from less than 5% in 2021;1 or that connected passenger vehicles are expected to generate 10 exabytes of data per month by 2025.2
From milling machines in manufacturing plants, connected heart monitors in hospitals, and inspection drones for infrastructure, to robot cookers in restaurants, smart sensors in office buildings, and new “phygital” consumer products, a new generation of physical assets is being embedded with advanced digital technologies to enable business-critical functions. IT organizations are increasingly on the hook to manage, monitor, measure, and secure these assets. CIOs must wisely choose technologies based on application, device, and security requirements and consider how they will onboard, manage, and maintain devices and networking technologies that now require the highest levels of uptime and redundancy. They must also rethink device governance and oversight, and reconsider how the technology workforce is organized, defined, managed, and trained.
Raising the stakes for uptime, redundancy, and security
Many of the devices in the new physical tech stack provide customer-facing, business-critical applications and services. They often generate and use a high volume of data and video, which needs to be rapidly moved and analyzed to facilitate real-time, critical decision-making.
Unlike earlier generations of physical devices, an outage could be much more than an inconvenience—it could be business-threatening (a restaurant ordering system goes down, leading hungry customers to find lunch elsewhere) or even life-threatening (an implanted heart monitoring device goes offline, causing critical patient data to be disregarded).
Resiliency is critical; the highest levels of system uptime, reliability, and security likely will be required. As the impact of the physical tech stack on business operations continues to grow, organizations likely will need to consider how to manage and maintain a new generation of connected devices, wireless networks, and edge computing to ensure the highest standards of business continuity. Some of the most significant areas are listed below.
Device and data management
To optimize device and system performance, IT organizations may need to deploy and manage—often remotely—an ecosystem of connected devices, applications, and networks from multiple vendors. New platforms, tools, and approaches may be needed to monitor device health, detect and troubleshoot problems, and manage software and firmware updates. Teams likely will need to build multiple layers of redundancy into devices.
Automation is critical for eliminating repetitive, manual device management tasks, especially for large deployments. Automated device management tools can help organizations scale device registration, configuration, provisioning, maintenance, remote and over-the-air firmware and software updates, and monitoring.
To improve performance or develop new products and services, organizations likely will need to manage the massive amounts of data generated by these devices. IT will need to consider data capture frequency, processing time, accuracy, and formats, among other issues. Data storage will be critical, and in the case of remote environments, distributed storage and edge computing may be preferable.
To determine the most efficient and resilient solutions for connecting these devices to the network, IT departments need to evaluate attributes such as power consumption, signal strength and range, interference related to physical objects and structures or weather and environmental factors, electrical or radio frequency interference, cost, number of devices being connected, frequency-sharing, security, resiliency, and need for a constant internet connection, among others.
Many smart devices operate on the customer premises or other remote, real-world environments, and are enabled by advanced wireless connectivity, including 5G, Wi-Fi 6, Bluetooth Low Energy, mesh networks, and satellite. Such technologies provide high throughput, low latency, and high capacity, enabling higher data rates.
According to a Deloitte survey conducted in 2020, the pandemic accelerated enterprise investments in newer wireless networking technologies—especially 5G and Wi-Fi 6, regarded by survey participants as the two most critical wireless technologies for business initiatives.3 Both technologies have performance and operational improvements over their predecessors that promise to support devices, users, and traffic at scale, enable immersive experiences, and help organizations be more resilient. Both enable new applications based on the Internet of Things (IoT) and other emerging technologies that leverage low latency to collect and share mountains of real-time data at the edge.
Wireless networking technologies are complementary; several may coexist or be combined to support multiple use cases. In the same way that many organizations diversify energy technology and generation sources to guarantee continuous operation even in a devastating storm, they may need to similarly diversify the use of wireless networking technologies to ensure redundancy.
Despite the performance upgrades of 5G and Wi-Fi 6, the cloud cannot ensure acceptable response times and data transfer rates needed for autonomous vehicles, smart factories, augmented and virtual reality, and other applications that require network latencies of tens of milliseconds or even sub-milliseconds. When device-generated decentralized data needs to be processed in real time, a distributed compute solution such as edge computing for processing is more efficient than the public cloud or a data center.
With compute power closer to data sources, edge computing architectures provide the latency and bandwidth needed to manage, process, and extract value from a titanic volume of data in real time. But don’t call it a comeback—edge computing has been here for years. Seventy-two percent of IT leaders already use edge computing, according to a recent survey;4 and Gartner predicts that by 2025, more than 50% of enterprise-managed data will be created and processed outside the data center or cloud.5 Growth is imminent: One edge computing industry organization projects that between 2019 and 2028, cumulative expenditures on edge computing devices and equipment will be up to $800 billion, with the most notable increases occurring in manufacturing and health care.6
Given the business-critical nature of edge computing sites—which are often unstaffed—redundant power, cooling, and network connectivity are critical, as are physical security and remote monitoring and management.
New approaches to governance and oversight
Governance and oversight strategies and policies may need to evolve to meet the needs of a new generation of connected devices. Regulations and standards related to physical devices and network usage may be unfamiliar and challenging to IT organizations and remain in flux for many years. Consider that it took the better part of two decades before US courts replaced a patchwork of state tax laws with a definitive ruling on e-commerce sales tax.
Here are some key governance considerations related to devices, data, and security.
Operating certain physical assets may be regulated by federal, state, or local restrictions. For example, US organizations using outdoor drones must register them and gain airspace authorization from the US Federal Aviation Administration; certain types of drones must carry an onboard wireless identification system.7
Similarly, laws governing the use of autonomous vehicles vary from country to country and even from state to state. No federal rules exist in the United States, only a hodgepodge of state laws governing the use of commercial vehicles, operator licensing, in-vehicle operator requirements, speed limits, and liability insurance, among others.8
Liability could become increasingly complex. For instance, if a computer-actuated smart device makes a mistake and harms a human or damages property, who is responsible, the vendor or the operator? What are the consequences of an AI-driven decision that causes harm? Insurance for certain devices may be advised or required.
Another issue is ownership and maintenance of remotely managed devices, including responsibility for security, upkeep, and repair, and the impact of this on service levels. Asset decommission should be included in device life cycle management, with plans in place for replacing single or multiple assets, revoking certificates, archiving data, and deleting confidential information.
Device procurement may present new challenges, such as distinguishing between enterprise-grade and mass-market smart devices that do not meet rigorous enterprise specifications. As the ecosystem of traditional IT vendors expands to include operational technology and industrial IoT suppliers, the nature and culture of procurement will change.
CIOs and chief data officers may have to consider ownership of the data and metadata produced by network-connected devices. For example, who is legally allowed to copy, distribute, or create derivative works based on this data and metadata? Who controls it?
As with traditional connected devices and applications, ensuring data privacy remains a top priority. Collecting and securing end-user data according to the General Data Protection Regulation (GDPR), International Organization for Standardization, National Institute of Standards and Technology Cybersecurity Framework, Health Insurance Portability and Accountability Act, Federal Information Security Management Act, and other industry and geographical regulations and guidelines is table stakes. Organizations must also consider that sensor- and camera-based devices typically collect and share data continuously, sometimes without explicit end-user knowledge or permission. For example, a still or video image that can be used to identify a living person constitutes personal data under GDPR and should be collected and protected accordingly.9
Securing these physical assets can be challenging because they’re often developed with proprietary operating systems and communications protocols, weak built-in security, and limited device memory and computing power.10 A recent analysis of more than a million enterprise and health care IoT devices found that 98% of all device traffic is unencrypted and 57% of devices are vulnerable to medium- or high-severity attacks.11 Business-critical assets located outside of the enterprise firewall pose new security threats, especially when embedded with data, machine learning algorithms, and other intellectual property.
Like traditional networked equipment, these connected devices must be able to securely communicate with the cloud and other network devices and endpoints, encrypt data, and be network-authenticated. Most major cloud providers include security functions in their device management platforms, or IT can develop and install custom security protections to ensure that all devices are actively monitored and protected.
The device procurement process should include security and third-party data access considerations. Choose vendors wisely; on some IoT devices, security researchers discovered hidden backdoors that could be used to send information back to the manufacturer.12