Antwerp Belgium

How to get control over the Shadow IoT peril?

How to get control over the Shadow IoT peril?

In my previous article I explained about the risk of shadow IoT, (If you haven’t read it and you have no clue what I’m talking about, you might want to read the previous article).

In this second part, we will give some information on how to tackle the risks of Shadow so you can manage your IoT solutions.

The key message is that you need to establish control on the acceptance processes.

Consequentially, your company peers need to be made aware about the challenges and should find their way to you. In this case the “You” is usually the IT or innovation Manager.

You will need to lay out a roadmap to evaluate and accept new IoT solutions and set some of the acceptance criteria.

Depending on your organization structure and its complexity there are different roads to establish this

Keep it structured, no matter what your vision or challenge is

You can go for simplicity, use a third party solution and integrate nothing, keep all data separate from your network but does that absolve you if something goes wrong? No, f.e. GDPR still applies and can still hit your organization hard. Business impact can still be substantial.

On the other side of the spectrum, you can develop, manage and integrate solutions 100 % under the wings of your organization. Tailored to your needs and risks. This is perfect to get insights but you will not be able to cover all the needs of your company.

Whatever comes on your path, you will need a structured process to evaluate new and existing IoT solutions.

So start with vision and roadmap

You will still need expertise on several levels, (this you can buy or develop) but it is crucial to get it on track as soon as possible. (the tap is running)

As mentioned in previous posts; I work a lot with Software AG because they have one of the best and most complete visions and toolsets for building a true IoT strategy with leading products as Cumulocity, Webmethods, Aris.

There are alternatives enough but I reference their products as it will give you a better insight in your own needs.

Where do you start with your IoT strategy and roadmap?

First you will have to acknowledge that IoT is sneaking in and put it on the agenda.

For this, you might want to evaluate the systems that are already gathering information. Use this to set baseline and general understanding.

It can be the classics like; access control, fleet management, building monitoring but also the ones from third parties like connected vending machines, or sensors placed by a facility manager.

Then envision new solutions, (just pick a few use cases that fit your company or that other departments are looking at).

You can use these to create your vision and roadmap. (I always find it easier to write processes based on real examples).

You might want to work together with IoT specialist rather than working on an island. Try to get truly agnostic advise. (read IoT mentor article)

Your Shadow IoT strategy should involve 3 sections

  • A vision and roadmap regarding integration of IoT Solutions
  • A new horizontal toolset for simplicity and management
  • An internal process to accept IoT

1) Vision and roadmap regarding integration of existing and new IoT Solutions

It’s often not an option to start from scratch as previous investments need to bring a return. But in Data the logic 1+1 =3 (or more) still goes.

Once you acknowledged that IoT will be part of your business & operational architecture, you can set the horizon.

You will need to really set some short and long term goals. think here in key words like data driven optimization, knowledge digitalization, predictive maintenance, new business models. business transformation.

Involve different departments in this exercise, IoT is not limited to Innovation or IT. You will need their help to enforce your IoT strategy.

You probably will need some new tools to design, build, run, enforce your policies and strategy, This brings us to section 2.

2) New horizontal toolset for simplicity and management

You also don’t want your current IT tools to define your vision. you want your vision to define the tools and roadmap.

Unlocking data:

Unlocking silo data is often worth gold and is often already part of an existing strategy. Using a bus system like webmethods allows you to normalize and integrate existing data into other systems, a data lake or directly into external analytics tools.

Simplicity and IoT?

Simple and IoT are usually terms that don’t go together well but there are ways to keep all the option open. I work mostly with Cumulocity because it is one building block that covers the industry needs for security, scalability, protocols, user and device management.

Choose your horizontal IoT Layer/ platform

There are a lot of platforms out there and depending on your needs there are probably a number of candidates. Just think long term. An IoT platform is the heart of your IoT strategy, so evaluate carefully towards the needs of your company.

You really don’t want to reinvent IoT, no matter how skilled your team is.

I choose to work with platforms that keep my architecture simple, manageable, secure, open and scalable and so should you.

On my generic wish list:

  • Central management solutions and integration for own and 3’rd party solutions
  • Secure data management
  • User management & role based access
  • Open API
  • Full integration protocols

High level,

Introducing a new, horizontal IoT layer into your IT architecture can set the standards to which an IoT solution should comply. Separating IoT from your network can keep it manageable, centralized, and bring 1 set of integration tools instead of dozens.

Keeping control is key to keep Shadow IoT out and without the right tools and architecture you’ll be in a constant “catching up” mode.

To get you going you can take a look at following link:

This type of architecture is used to create a horizontal approach to support your multiple IoT deployments.

3) Internal process to accept IoT

With vision and toolsets being evaluated, you still need a 3’rd leg.

This is the evaluation and validation process of new IoT solutions.

As said the goal is to keep shadow IoT out so all new solutions have to pass your desk. Just not only your desk..

A structured, validated process usually includes several business units of your company.


You cannot evaluate a solution solely by yourself and you will need to distribute and manage part of the evaluation process:

as an example, depending on the solution, you will need input from:

  • Legal,
  • Data Officer, GDPR
  • Operations
  • HR, system training
  • IT department – integration
  • Business,
  • Logistics
  • etc

Setting up an organigram of the stakeholders, involving them early in the process, will speed up the acceptance and deployment.

The reason why people looked at Shadow IT was to circumvent the slow rigid, decision process of the IT department. With IoT more complex than IT, the need for a structured process is even more important.

Linked to the organigram there is the evaluation process itself. How does the request come in? what are the parameters for evaluation, business, operational, functional? Who checks against the reference architecture?

You can make this organigram + Process flow in a number of tools but having a central accessible distributed diagram like ARIS elements is much more effective to integrate it in the organizational architecture.

If you want to check out why you might want a central tool.. watch following link.


  • Find out what you already have and where you want to end up
  • Select the right tools to support the long term vision.
  • Set up the processes that reduce risk and speed up deployment of IoT.

IoT is too complex to leave it to chance.

There are risks at all levels and rushing in often backfires so take you time but don’t put it off. Surround yourself with the right level of expertise.

Specific for the shadow IoT strategy, it is all about taking control.

Contact me, Bagaar or Xylos if you want more info on this subject.

Kris Van der Hoeven