Companies that connect products to the network – Internet of Things (IoT) devices like digital signage, audio visual equipment, video surveillance and so on – often end up butting heads with the IT department.
When connecting IoT devices to the network, the burden on IT revolves around several issues, each of which needs to be carefully considered, hopefully before the deployment of said IoT devices takes place.
All IoT devices require some kind of connectivity, which typically means they need one or more IP address. The usual way that networks are set up – especially in many small business environments – doesn’t take into account managing IP addresses the way they should. Devices often end up conflicting with some other device that happens to have the same IP address.
This is common in environments where someone installs a video surveillance system or wireless IP cameras. All the IP addresses assigned to all the devices that are not managed correctly create bandwidth issues. There is a lot of data running through a network that is not designed to have that amount of data on it.
In many cases, IoT implementations come through the Line-of-Business (LOB) manager, who doesn’t coordinate with IT prior to deployment – especially in smaller organizations that may not have a sophisticated internal IT department or use a service provider that isn’t there all the time. A manager will make the decision to bring in that third-party vendor to plug all the devices in without considering the capacity of the wiring in the walls.
If devices are designed to run at gigabit speed, it’s important to have the infrastructure and switching technology to support that, otherwise those devices won’t perform as well.
Once they are deployed and connect to the Internet, consider what that means for the Internet pipe. If a business has a T1 line or fairly limited bandwidth for Internet access, then a fraction of that Internet access is going to be taken up by bandwidth intensive services, so this will likely impact the organization’s Internet access, whether it’s browsing or accessing cloud-based services like email of hosted ERP. All these issues pop up when the bandwidth requirements of IoT deployments aren’t considered in the beginning.
You need to discuss what’s needed both inside the building as well as connectivity in terms of Internet access. When we have those conversations with our clients in advance of deployment, we can sometimes set up parallel Internet access for IoT devices.
Another emerging issue to worry about is security concerns around IoT deployments.
In a lot of cases, IoT devices are managed by a third-party, especially in manufacturing where there are a lot of sensors in a plant along the production line. All those sensors report into a central console or system that is remotely managed by the third-party that deployed it.
While this is an ongoing relationship, recall that the famous Target hack that happened a few years ago was suspected to have originated with the HVAC vendor that had remote access to the Target systems. This is an example of the security concerns around IoT: the folks who are typically deploying the IoT systems don’t have the background or training that those of us in IT do. We take into consideration the security vulnerabilities when deploying technology.
The problem with cybersecurity is it’s never a point in time issue; the threats continue to evolve and get more sophisticated. The hackers always have access to better tools, so it’s the responsibility of the IT department or the IT service provider to treat those devices on the network as if they were PCs or servers or anything else they maintain.
It’s our job to tell the client that the IoT devices on the network are going to be scanned for vulnerabilities. If anything comes up, we will have to address those things because we want to keep the network safe. We use tools and we scan everything for known vulnerabilities – servers, printers, firewalls, surveillance video cameras, switches – everything that is on the network.
If a client adds a surveillance system with an IP address, we’re going to scan that as well. If there are any vulnerabilities, we’ll bring those to the attention of our clients. If the surveillance system is being maintained under contract by the company that installed it, we’ll reach out to them and tell them we need to update it with a patch.
There’s a tendency for the IT department to try to avoid any involvement with projects that are not IT-related. We’ll say, “This is a digital signage system so why should we care about it?” This resistance is usually why LOB decision makers don’t involve IT – they know they are going to get push back. It’s important for IT and IT service providers to recognize that IoT devices are going to become more and more prevalent on our networks; we have to embrace them and work with the LOB folks to make deployment happen in a more controlled manner. We need to say to LOB managers that we know you are going to do this – let’s do it cooperatively and let’s make sure we take into account all the issues that revolve around deploying this technology.
In some cases, this may mean creating a parallel network that coexists with the IT network but doesn’t cross into it so you can create private IP addresses that don’t conflict with anything on your IT network. Creating a subnetwork is also an option – something we did with one of our clients that deployed a bunch of new smart copiers on their network. When the client ran out of IP addresses, we reengineered their network and created VLANs specifically for those devices and assigned them to a separate subnet.
My Job as a Service Provider
As an IT service provider, we try to keep in mind the business outcomes that the client wants and work to that business outcome. It shouldn’t be about turf wars. It should be about what the client needs and how we do that in the most cost effective way for them.
Sometimes it’s about having a very candid conversation with the client. What we can’t do is say “I don’t want that on my network,” because it’s not our network – it’s our client’s network. If the client has made a business decision to put technology that is not typical IT and more from the OT world, we need to embrace that and figure out how to make that happen. We need to keep the client informed about what the risks are if any, and what issues need to be resolved to get that technology installed.
If the client wants to put in an awesome audio/video system with a digital teleconferencing system and the AV provider says a dedicated ISDN system is needed, we as IT guys have to let the client know we have a perfectly good broadband solution that provides significantly more broadband than ISDN – so why not use that? That is a perfectly legitimate and healthy conversation to have to save the client some money and provide the AV vendor some alternatives.
Our core competency does not include deploying conference room AV systems beyond a certain amount of sophistication. If a client wants all the bells and whistles and a giant screen, we have partners that we bring in that we’ve worked with in the past and we trust.
The same goes for surveillance systems. We can deploy a system for a small office, but when we have a college client that wants to do a campus wide refresh of their camera system we bring in a security company. They scope the project and provide a proposal. Some technology components are involved such as power over Ethernet switches so we carve that out for ourselves. It’s a very collaborative process with the business outcome front and center. What the college wanted was more important than what the partners wanted.
With the IoT, it’s the client’s decision to make and it’s our job to advise.