Choose Site


Tech & Sourcing @ Morgan Lewis


According to a recent global study, integrating Internet of Things (IoT) technologies into core business processes is surging, and 76% of organizations surveyed say IoT will be “critical” to future success. According to the study, IoT adopters are integrating the technology into a broad spectrum of technologies and business processes, many of which intersect with commonly outsourced business functions, such as IT support, facilities management, and enterprise resource planning (ERP).

The study participants said that IoT projects can

  • optimize the use of assets and vehicles,
  • reduce facilities’ operating costs,
  • improve the safety and security of people and sites,
  • automate supply chain processes,
  • build new connected product and service categories, and
  • improve the efficiency, safety, and sustainability of public space.

In addition to having significant overlap with commonly outsourced technologies and business processes, the most successful IoT users identified in the study (those reporting “significant” return on investment from IoT initiatives) were more likely to involve external providers in their initiatives and engage such providers to measure and validate results. The following are some key issues that organizations should consider when dealing with external providers for IoT projects:

  • Ensure that external providers support end-to-end security solutions. A number of organizations identified security as a significant barrier to initiating or expanding the scope of IoT projects, citing the unknowns and complexities of IoT connections as the top two concerns. Ninety percent of respondents believed a third party (an IoT service aggregator, systems integrator, or other provider) should ultimately be responsible for end-to-end security of IoT projects.
  • Address the effect of reduced costs from IoT adoption. Organizations should ensure that agreements with external providers address the effect of reduced costs from adoption of IoT solutions through a gain-sharing mechanism or other price adjustment to avoid a windfall, especially where pricing is part of an existing outsourcing agreement premised on a pre-IoT service delivery model.
  • Address the ownership and limitations on use of IoT data. Organizations should ensure that definitions of customer-owned data in agreements with external providers cover the information collected by IoT applications, such as location and usage data. In addition, as we discussed in a recent post, because certain data generated by IoT applications may be considered “personal information” under data privacy laws such as the Children’s Online Privacy Protection Act, agreements should also address the risks of exposure and misuse of data generated by IoT applications.