2018-01-12 Itana Call Minutes
Ken Klingenstein – IoT Report
The working group was joint effort between Internet2, Itana, and T&I. The focus was on enterprise-level IoT, not on the consumer market.
Two primary artifacts delivered by the working group:
Importance of data stewardship.
Early in the session the importance of data stewardship was brought up. IoT vendors may provide SaaS solutions or otherwise use the internet. Data collected by the IoT devices may end up being owned, partially or otherwise, by these 3rd party vendors. Having an established governance framework for data stewardship is very beneficial when looking at the different IoT solutions and the type of data they collect.
The motivational document was originally intended for the C-suite and executive leadership to help make a business case for IoT, explain risks, opportunities, and to help influence decisions. The motivational document may be used as a tool for architects and others presenting the use case.
Lifecycle management checklist
The lifecycle management checklist provides a number of questions regarding IoT devices covering the lifecycle, from purchase to retirement.
Data stewardship again came up as an important takeaway. The location of stored data, the points of integration, analytics and reporting all require a degree of governance.
The IoT market today appears to be the “wild west” in regards to data stewardship, as Louis King put it on the call.
IoT devices may not be a part of the campus network, some use celluar or other types of network. There’s a question of governance here as well. If they aren’t on the campus network, what group manages them?
Additionally, IoT solutions may be formed from components from multiple vendors which complicates data stewardship and other governance functions.
The working group recommends having a data management plan in place before taking on IoT.
The working group did not have the time to look into these opportunities but they may be important for consideration during any implementation.
One key discussion on the call regarded authentication and authorization in IoT. These devices are “dumb”, and there are potential security issues with default and simple passwords. Additionally, the working group saw that standards for authentication and authorization are not fully developed around IoT. This should be taking into consideration. The IETF is working on a framework called ACE for authentication and authorization.
CORE and CoAP are two other standards efforts undertaken by the IETF to address the constrained environments IoT devices provide.
End of presentation
Is there anything that separates higher ed from the rest of the IoT market? – J.J. Du Chateau
Response – Environments such as medical schools and research are different environments. With research, for instance, someone may purchase IoT outside the normal procurement process, or it just may be inexpensive enough where the normal process does not escalate it into IT. An IoT environment developed in this way may exist outside governance frameworks.
Additionally, higher ed, in general, is highly decentralized, which incurs hurdles for governance. The population is also highly transient.
Itana org working group updates