In short: it's the management of all the IoT solutions in an organization.

Extended: the IoT Portfolio Manager is responsible for:

• Connects the dots between IT and OT,
• Ensures regulatory compliance wrt IoT,
• Implements best practices,
• Creates transparency,
• Puts a framework in place that ensures data interoperability.
• Manages the ecosystem of internal and external stakeholders.
• Puts in the foundation for connected innovation,
• Defines a tiered platform architecture
• Ensures communication & reporting towards and between all stakeholders. 

Summary:

You don't give your departments carte blanche to use any tool they find on the internet, or buy any company car they want, or let marketing use any fond they want.

You put rules and processes in place to optimise and secure your organization at all levels.

To safeguard your reputation, to ensure continuity.

So why not do the same for IoT? 

On the bright side:

Operational

Centralizing and standardizing operational processes is the difference between sending one guy to replace 3 batteries or to send 3 guys each replacing one battery.

Platform

Having one or two platforms to pay for, versus having to pay for 20 different ones?

Product management standardisation

Standardizing devices and or protocols to benefit form the economy of scale.

Training and support

Supporting one environment with a clearly defined SLA or dozens?

Data interoperability

Ensuring data from a machine F.e, energy consumption, can be used for OOE calculation, Sustainability, process optimization, predictive maintenance. Production planning.

On the dark side 

Compliance

Date breaches, GDPR non compliance, NIS2, EU data act can cost millions.

Reputational damage 

What would it cost If a network device steals data and sends it to a foreign nation?

Or it injects a virus that suddenly halts production?

Guard rails on device usage and environment. 

Non conform devices can cause accidents, interference with medical equipement or can be banned from the network losing the investment.

IIoT portfolio management makes a lot of sense once you have a number of solutions deployed.

you probably have already passed the point where it makes sense today. 

Intuitively, would you feel at ease knowing that BU's implement IIoT solutions without any kind of check (besides the budget)? 

Practically, we know that most organizations are not even sure whether "IT" will even be involved during the screening and selection of new IoT solutions.

Knowing that, today, every second product has connectivity, you might realise more and more that not all is under control.

E.g. the locally connected CNC machine that has a SIM card in it for remote monitoring by the vendor.

This can cause a network and data breach without ever being on the radar. 

So how can IIoT PFM make your environment more secure? 

• IIoT porfolio management ensures that devices, gateways, networks have clear selection criteria with regards to security and management.
• It also ensures that device management is standardized and manageable, that patching & firmware upgrades are implemented consistently.
• It regulates access control, separates environments for highly sensitive data and more.

In general, IIoT PFM lays the foundation of everything that "is" and "is not" allowed in your environment.

It sets rules and policies from innovation up to procurement, including the full life cycle management.  

We need to be aware that IIoT is only 20 % "IT" and all the rest is something else. While IT security checks are done in some cases, they are NOT sufficiently specific to cover all the IIoT risks. 

The portfolio management ensures that solutions are built with

• GDPR,
• NIS2,
• EU Data Act,
• etc. 

in mind.

It does this by implementing a framework that ensures that all connected solutions are intercepted (from innovation to procurement) and screened against the specifications of these regulations before they can become part of your environment. 

Legacy solutions are evaluated and put on a compliance roadmap.

It also takes organizational objectives in consideration like sustainability, worker safety.

When going to the next level,

It can check solutions against grant programs for innovation and it can ensure compliance with tax optimization opportunities.   

IIoT portfolio management is not about specific tools? it is about the implementation of a number of principles that are unique for the quickly changing environment of the internet of things.  

These principles 

• Security by design, 
• Flexibility by design, 
• Standardization by design. 

are mostly translated in a 2 or 3 tier platform design that then can, f.e., be linked to an UNS.

The end goal is to work towards a data driven organization which implies that data interoperability and contextualization are de facto, part of this target architecture. 

This might differ from organization to organization but we consider the role to be a bridge between OT and IT because it has features that are closely related to both. 

• The device management, edge implementation, link to operational processes is more on the OT side.
• Data, analytics, security compliance, data interoperability etc. is more linked to the CDO and thus IT. 

As IIoT resides in between those two, with a horizontal impact and dozens of stakeholders, we advise to put it as link in between those.

Reporting both to the CIO as COO or CTO depending on your organizational structure. 

This intermediate position allows to limit the 'change management' needed to setup, integration, maintain and secure IIoT solutions. 

In general, the purpose of portfolio management, is to improve quality over the entire "fleet" of IIoT solutions. 

• Innovation: by implementation of checks and templatization. 
• Data: by standardizing of the data model, the meta data. 
• Analytics: by contextualization of data.
• Maintenance: by applying SLA archetypes and standardizing support. 
• Lifecycle management: by implementing logistic frameworks and use of uniform tools for onboarding and break and fix.  

While the overall quality of all solutions will improve. Standardization also means that some compromises will need to be made and there might be some tension between what is desirable and what is manageable. 

in short: the whole organization. 

in random order, a few examples: 

• CDO and CSO - alignment with the overall data strategy,  compliance and security.
• Innovation: by having clear directive and IIoT specific processes + the tools to back them up. 
• Procurement: having clear directives from what is allowed and what is not. 
• BU's with quicker go-to market and multi ROI opportunities. 
• COO and CTO - OT/IT convergence: reducing the tension between the two separate domains and risk management. 
• Employees, use of standard tools. 

etc.. 

The implementation of an IIoT portfolio management should be a no- brainer but we realize that it depends on:

• The size of the organization
• The focus it has on compliance.
• The risk awareness of the different stakeholders
• The collaboration culture of the organization.
• and more

With Lyxion we believe that, in the future, an IIoT portfolio management will be as indispensable as a CIO or a CISO. 

For this we have put together a team of consultants and partners that install the frameworks, the best practices, the rules and regulations in a few months rather than years.