UiPath: Insurance in the Age of Intelligent Automation
IoT - threats and opportunities to the organization
1. IoT – threats and opportunities brought to the organizations
Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com
1
We are living in the world of wearable technologies — fitness trackers, heart monitors,
insulin pumps, and other “smart” devices. It exists primarily in the cloud, and also includes
engine sensors, diagnostic controls and even ingestible, medical devices. IoT (Internet of Things)
would be the terms used to describe the online exchange of data gathered from uniquely
identifiable objects, animals and people, without human-to-human, or human-to-computer,
interaction.
Its revolution delivers both positive and negative values to business at the same time.
Business value and organizational competitiveness can be greatly derived from transformational
operating models as enterprises can be able to capitalize on these new capabilities to gain more
and better business value from IoT devices. The emergence of Internet of Things technologies is
projected to become a key enabler of business success. However, there is a great deal of hype
surrounding IoT and it is difficult to determine fact from future. Companies are deploying IoT
solutions that drive benefits in enhanced customer services, continuously increased revenues,
improved supply chain management as well as great use of assets. The emergence of new IoT
technologies is driving new business models with high return on investment as well.
The entire set of choices must reinforce one another and define a coherent and distinctive
overall strategic position for the company. Options for control points also expand through the
IoT. Monitoring, control, and optimization capabilities combine to allow smart, interconnected
products to achieve unattainable level of autonomy. Customers can become “locked in” due to
easy personalization and context gained through vast amount of information received over time,
and network effects scale as more products join a platform. Equally important, firms’ efforts to
develop their core capabilities change focus to emphasize growing partnerships, not always build
internal capabilities—so that understanding how others in the ecosystem make money becomes
important to long-term success.
This opportunity to drive rapid innovation and economic growth, and with it a return to
prosperity growth, comes none too soon. The past decade has been witnessed internal cost
reduction, cautious investment, greater corporate profitability, rising M&A, and muted innovation
across large parts of the economy.
With that additional value comes additional risk – at least, new avenues of risk.
Management and internal auditors would need to fully acknowledge that though IoT may bring
many rewards, it also gives birth to numerous risks. Inadequate understanding or unawareness of
2. IoT – threats and opportunities brought to the organizations
Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com
2
the risk environment or necessary controls can be leading to huge disaster for the whole
organization. Moreover, given the rapid development and advancement of IoT, associated risks
and controls are now changing along the way and evolving rapidly. Devices with "always
connected" status are easily enabling new types of attacks that have not been seen in the past;
they also represent a new set of targets for potential data exposure and crime. It is imperative that
assurance, security and governance professionals take notice of the IoT trends, because it would
eventually challenge internal control/ risk professionals to redefine the risk equation within many
enterprises.
Internal auditors would definitely need to stay abreast of IoT developments and
advancements to be able to assess the risks and controls in their organization. Internal auditors
should evaluate the operational and financial risks that IoT can expose their organizations to and
provide assurance that those risks are controlled appropriately. Internal audit is now functioning
as third line of defense tasked with scanning the horizon to ensure that emerging risks are known
and accounted for in strategic plans and control frameworks, must now consider both the industry
implications and the specific organizational challenges.
1. SECURITY: as the reach and complexity of business models, organizations could not be
able to secure everything in hand equally. The organizations can pay more attention to
risk-sensitive assets during their mission or daily work.
2. RESILIENCE: it may begin with a more solid picture of what the company needs to
defend against and specific business risks can often be encountered at their exercises of
risk management. Continuous and challenging in-house training may help strengthen
threat awareness throughout the organization.
3. MONITORING: controls should be in place to monitor if IoT systems are functioning as
intended. Internal auditors should assess whether adequate monitoring controls are in
place and whether such controls have been operating effectively all over time. In
addition, internal auditors should assess whether exceptions and failures that occur are
captured and tracked appropriately and resolutions to incidents are recorded timely.
Auditors also should assess whether management has a robust internal control process
that takes recurring incidents into account and analyzes their root causes. Each connected
device is one more opportunity for unauthorized network access. In addition, most bring
your own device (BYOD) policies are focusing on cellphones and don’t even consider
addressing wearable tech.
3. IoT – threats and opportunities brought to the organizations
Thieu Nguyen Bao Chau – baochau.thieunguyen@gmail.com
3
4. SCOPE OF IoT: many smart and simple connected devices are easily implemented
without IT team’s set up and intervention. Auditors should vigilantly realize where and
when IoT systems are deployed by different departments/ people within the organization
and prioritize IoT systems audits according to their criticality and sensitivity.
Companies which want to succeed in IoT marketplace need to create data policies and
accurately communicate them to customers. Data privacy concerns as well as its stringent laws in
the U.S. and EU are likely to shape and reshape corporate policies and procedures. Thus, in order
to achieve successful auditing, all infrastructure components need to generate audit records
documenting the success or failure of events such as system/device configurations, logins, plus
authentications of signed or encrypted requests. Infrastructure systems and components are
required to transmit all audit records and logs to a dedicated log management system, without
compromising overall system performance.
Real-time monitoring data on product condition and product control capability enables
firms to optimize services by performing preventative maintenance when failure is imminent and
accomplishing resolutions remotely. Therefore, it should also ensure the reduction on temporary
downtime of working product and the need to dispatch repair personnel. After assessing
malfunctioning interconnected devices, the machine is repaired remotely if possible, or the
company deploys technicians who have been given detailed diagnosis of the problem, a
recommended repair process so as to enhance quickly product/ service features.
The era of smart, interconnected products can change current business models
forever, given that companies embrace the opportunities more aggressively. Business and
government together will need to equip their staff across all units/ departments with risk
awareness, and request ongoing review procedures to set heightened standards and more
integrated processes so as to protect business values and achieve their own objectives.