欧元

zh_CN 简体中文
zh_CN 简体中文 en_GB English (UK) ru_RU Русский ar العربية ja 日本語 ko_KR 한국어 hu_HU Magyar tr_TR Türkçe es_ES Español cs_CZ Čeština sv_SE Svenska pt_PT Português el Ελληνικά fi Suomi nl_NL Nederlands ro_RO Română it_IT Italiano fr_FR Français pl_PL Polski uk Українська de_DE Deutsch sk_SK Slovenčina
博客

思科调查——近 75% 的 IoT 项目失败——原因及解决之道

Alexandra Blake
由 
Alexandra Blake
13 minutes read
博客
2 月 2026年12月13日

Cisco Survey: Nearly 75% of IoT Projects Fail — Why & How to Fix

如果您的组织希望避免成为近 75% 失败的物联网项目中的一员,请运行一个初始试点项目,以收集基线数据,定义一个单一的关键绩效指标 (KPI),并指派一个跨职能负责人来权衡利弊。将范围限制在一个站点,保持最小的技术堆栈,并要求明确的业务指标(投资回报月份、每次事件的成本或每日产量),以便您可以使用事实(而非意见)做出决策。.

three 专注行动,加速成功: 1) 明确定义具体结果以及通过/失败的阈值;; 2) 针对实际硬件验证棕地集成和数据流;; 3) 锁定运营模式和培训计划。问一个能统一利益相关者的问题:哪个数字移动 X% 会改变投资?设计试点来收集这个数字,不要收集无关信息。.

收集具体信息:事件速率、延迟 (毫秒)、错误率 (%)、单设备成本,以及实现价值所需的时间(月)。一个简短的反馈循环变得不可或缺,因为您在试点项目中学习到的一切都会影响到扩展是否有意义。避免为每个极端情况构建一个巨大的技术平台——在棕地条件下保持核心概念的简单和可靠通常胜过精心设计的绿地构建。注意优先考虑干净的数据而不是花哨的界面;干净的输入数据可以缩短故障排除时间,并减少大量的下游返工。.

设置三个门槛评审,分别在30/60/90天进行,并事先商定通过/不通过的标准,且要求一位负责人签字。 如果您遵循这些步骤,就可以减少浪费的支出,缩短生产时间,并为您的团队提供具体证据来扩大规模或停止。.

诊断故障和实施修复的实用路线图

诊断故障和实施修复的实用路线图

运行三步诊断:评估现有资产和网络,识别故障服务和机器级错误,并采取有针对性的措施,在 30-90 天内实现切实的收益。.

评估组织协调和数据流:绘制 IT 和 OT 领域的利益相关者、服务水平协议 (SLA)、变更窗口和交接图,衡量当前的停机时间和平均修复时间 (MTTR) – 设定目标,在 60 天内将 MTTR 缩短 40%,并在第一季度将重复事件减少 50%。.

快速识别技术根本原因:捕获数据包、运行设备健康检查(CPU、内存、存储、固件版本)并审计身份验证和证书到期情况。优先处理事件发生率最高的三个领域:边缘网关、云集成和本地控制室,然后使用 Cisco 兼容性矩阵和固件建议来标记不兼容的设备。.

分阶段进行修复:针对漏洞超出已部署机器 5% 的批次,修补固件;重新配置 VLAN 和 QoS 以恢复所需吞吐量;部署本地缓存以减少高达 60% 的延迟。在非高峰时段应用变更窗口,并记录每个操作的回滚步骤。.

实施监控和验证:衡量KPI(正常运行时间、丢包率、每个资产的吞吐量、支持工单量),构建具有1分钟和15分钟视图的仪表板,并在前12周每周进行分诊冲刺;如果项目仍然停滞,则在48小时内升级到跨职能团队并重新分配资源。.

创建组织控制:发布用于更改生产配置的剧本,强制执行测试到生产的签核,并运营一个变更审批委员会,该委员会在修复期间每周召开两次会议;这些措施通常可在三个月内将失败的变更事件减少约70%。.

量化业务收益:跟踪每次事件的成本、每台已修补机器的节省以及面向客户的服务改进;目标是在 120 天内将支持工单数量减少 15–25%,服务收入提高 10%,并每月向赞助人报告这些收益,以确保获得进一步的投资。.

锁定可重复性和安全扩展:保护现有投资,将修复记录为操作手册,创建自动化模板,并让利益相关者了解剩余风险。使用这些模板在 IT 和 OT 领域交付可重复的结果,并在新项目停滞前对其进行评估。.

验证需求:消除范围歧义的10点清单

验证需求:消除范围歧义的10点清单

1. 以可衡量的方式定义可交付成果:在单个合同条款中明确验收测试、目标吞吐量、延迟阈值以及 SLA 处罚,以便团队可以实现相同的目标。.

2. 盘点所有资产:在此创建已安装和联网设备的权威列表,记录棕地与绿地、固件版本和序列号;大多数故障可追溯到缺失或错误分类的资产。.

3. 分配决策权限:列出由谁来做出哪些决策——领导层、工厂经理、IT、OT——并记录批准 SLA,以便这些利益相关者不能拖延交付。.

4. 明确数据所有权与处理:指明所有者姓名、保留期限、加密标准以及数据存储位置;考虑 iotwf 隐私模式并绘制网络内的数据流。.

5. 锁定接口合约:包括明确的API模式、消息大小、数据速率、超时以及测试向量;要求为目标环境中尚未实现的任何系统提供模拟端点。.

6. 通过节奏控制变更:为范围变更建立敏捷冲刺关卡,要求在代码或设备更新前提交变更请求、影响评估和签字确认的决策,并跟踪审批情况以降低风险。.

7. 创建量化风险登记册:列举风险,分配概率、潜在停机时间和缓解成本;按预期年度损失排序,以确定关注重点和预算。.

8. 定义部署约束:记录维护窗口期、工厂的物理访问规则、电源和连接容差;注意纳入回滚计划和已安装设备的依赖关系图。.

9. 在功能列表下方设置 KPI 和验收标准:明确通过/失败指标、测试数据集、测量工具和部署后验证周期,以便团队了解何时移交给运营部门。.

10. 需要专家验证和签字:邀请内部和外部专家审查需求,包括安全和运营审查人员,记录他们的反馈和最终签字;Cisco的调查显示,经过专家审查的项目更有可能成功实施,但是不要将签字视为形式——记录未解决的问题,并为每个考虑因素分配负责人。.

安全设备注册:选择引导方法和 PKI 工作流程

要求制造商预先配置具有 TPM 支持的密钥或所有权凭证 (BRSKI),用于生产机群,以消除现场批量重新生成密钥并缩短平均启动时间至 24 小时以内。.

  1. 制造商预配置(规模):

    • 需要什么:唯一的设备身份、不可变的序列号、制造商CSR或证书,以及导入到PKI中的供应链元数据。.
    • 主要建议:使用 ECC P-256 或 P-384(避免 RSA) < 2048);将私钥存储在 TPM 或安全元件中。.
    • 生命周期和轮换:为受限设备颁发 365 天的设备证书,为面向互联网的设备颁发 90 天的设备证书;在生命周期的 60-70% 处自动续订。.
    • 运行控制:维护已建立的离线根证书和在线签发中间证书;供应商和制造商必须签署供应清单和所有权凭证。.
    • 其优势:减少现场团队的手动工作,并降低现场密钥生成带来的攻击面。.

  2. 所有权转移+引导启动(中大型部署):

    • 协议选项:使用 TLS 的 EST 的 BRSKI、用于受限网关的带有 TLS-ALPN-01 的 ACME,或在 EST 不可用时使用 RA 验证的 SCEP。.
    • 流程步骤:设备出示凭证 → RA 验证所有权 → 设备请求证书 (CSR) → 签发 CA 签名 → 设备安装证书并向资产清单报告成功。.
    • 安全控制:需要认证(TPM/安全元件),执行随机数挑战,将每个步骤记录到可供运营部门、供应合作伙伴和相关部门访问的防篡改账本中。.
    • 指标:目标是超过 95% 的自动注册成功率;跟踪每个制造商的失败次数以及每个设备的修复时间。.

  3. 现场配置(小型部署、丢失制造商或敏感客户):

    • 方法:安全二维码/带外令牌、NFC配置或采用相互认证和临时证书的短程BLE。.
    • 最佳实践:将设备绑定到安装人员帐户,记录安装时间和安装人员 ID,然后在定义的服务级别协议 (24–72 小时) 内强制执行在线 PKI 注册。.
    • 何时使用:当制造商无法预先配置或资产频繁更改所有者时。.

PKI 操作工作流清单:

  • 根 CA 离线,两个签发中间证书(一个用于工厂,一个用于车队),RA 和 OCSP 响应器已跨区域部署。.
  • 自动执行 CSR 验证、证书颁发和 CRL/OCSP 发布;维护 SLA,确保 OCSP 响应在吊销事件发生后 60 秒内更新。.
  • 将证书事件与您的 CMDB 进行日志记录和关联,以便部门和合作伙伴可以在仪表板中跟踪设备状态和性能。.

凭据安全硬性规定:

  • Never export private keys from hardware-backed modules; rotate keys before end-of-life, not after.
  • Use short-lived certificates where possible and supplement with OCSP stapling for constrained clients to increase validation speed and decrease network load.
  • Establish an incident playbook: revoke, reprovision, and reassign ownership within defined time windows to limit exposure from a detected attack.

Organizational alignment and metrics:

  • Assign responsibility across departments and partners; include manufacturers, supply chain teams, operations, and security in onboarding design reviews.
  • Measure three KPIs: time-to-first-successful-connect, percent automated enrollments, and mean time to remediate compromised credentials.
  • Use those KPIs to drive initiative funding; present quantifiable gains (for example, a target reduction of onboarding failures from project pilots by 50% within six months).

Implementation notes and pitfalls:

  • Many companies underestimate inventory metadata; ingest serials, firmware version, and supplier batch into the PKI as part of the certificate request.
  • Software update servers must validate device identity against PKI records before pushing firmware; this increases update integrity and performance of large rollouts.
  • There will be edge cases: lost vouchers, untrusted manufacturers, or devices with no secure element. Define fallback workflows and mark those devices as higher risk for monitoring.

Final practical checklist (use immediately):

  • Map manufacturers and companys supply chains into your enrollment policy.
  • Choose one primary protocol (EST or ACME) and one fallback (SCEP or manual OOB), train installers and partners, then automate reporting.
  • Track certificate expiries and revocations centrally; set alerts that trigger when a device misses renewal windows so teams can act fast and protect the asset and clients from attack.

Ensure reliable connectivity: protocol choices, SLAs and fallback strategies

Use MQTT+TLS for telemetry, OPC UA for industrial control and CoAP for constrained endpoints: benchmarks show MQTT can reduce message overhead by about 30–60% versus HTTP for frequent small payloads, which lowers bandwidth cost and improves battery life. Require QoS settings (0/1/2), session persistence and Last Will messages, and enforce TLS 1.2+ with ECDSA P-256 certificates rotated at least every 90 days (источник: Cisco found nearly 75% of IoT projects fail when connectivity is weak).

Define SLAs by business impact: specify uptime targets (99.95% for business-critical, 99.9% for operational, 99% for monitoring), mean time to repair (MTTR <4 hours for critical controls), latency budgets (<100 ms for closed-loop control, <1s for telemetry) and packet-loss caps (<0.1% for control, <1% for telemetry). Tie SLA tiers to a business line and include credits or penalties to align incentives between cloud, carrier and device teams.

Implement multi-path fallbacks and local autonomy to keep services running when primary links go down: require dual-SIM or redundant WAN (cellular + wired), automatic switchover with failover times <30 seconds, and edge logic that continues control loops for a configurable buffer window (store-and-forward for X hours to prevent data loss). Define clear transition rules that solve split-brain and avoid message duplication.

Schedule failover exercises and capacity tests multiple times per year, and assess real-world behavior under peak and outage conditions. Allocate planning, training and monitoring resources: run operator drills, publish runbooks, and log metrics to a central observability stack so teams can quantify the amount of lost data during tests and pinpoint causes causing outages.

Procure with measurable acceptance criteria: require manufacturers to provide interoperability test logs, firmware update SLAs, and failure-mode analysis. Ask vendors for concrete solutions for certificate management, power-loss recovery (how device powers up and resumes sessions) and OTA bandwidth use. Limit procurement enthusiasm with a short proof-of-concept that validates performance for at least 30 days under realistic loads and compares results against expected percent throughput and latency targets. Keep technology-focused teams accountable and use these artifacts to prevent scope creep and to transition projects from pilot to line deployment.

Streamline data flow: edge filtering, ingestion patterns and monitoring metrics

Drop at least 70–90% of raw telemetry at the edge and forward only aggregated deltas, anomaly flags and state-change events; plan filters that preserve meaningful signals and reduce cloud costs immediately.

Define concrete edge rules: sample high-frequency sensors to 0.1Hz unless value delta > 5% or event_count exceeds 10/min, emit 60s summaries, and keep a rolling raw buffer of 6 hours for diagnostics. Identify noisy devices by device_id and apply different rules per device class. Test filters yourself by replaying 24 hours of traffic and measure the amount of data saved; make adjustments after replay results and record decisions made for audit.

Choose ingestion patterns based on latency needs: use MQTT/WebSocket push with QoS=1 for alerts and low-latency commands, and batch HTTP/PUT for diagnostics. Configure batch size <= 500 events or <= 1 MB, max burst absorption 10k events/s with queue depth 100k, retries 3 with exponential backoff starting at 500 ms. Document implementations per device group so teams across the company and organization apply the same foundation and prevent duplicate work.

Instrument these metrics and set concrete thresholds: ingestion_rate (events/s), dropped_pct, backlog_count, processing_p95 and p99 latency, and compression_ratio. Alert when dropped_pct > 0.5% sustained for 5 minutes, backlog_count > 1,000,000 events, or processing_p99 > 2 s. Use dashboards that show daily and 15-minute windows so you can spot unexpected spikes and evaluate trends across different days and time ranges while evaluating root causes and managing capacity.

Operationalize controls that accelerate troubleshooting and preserve business value: implement automated throttles that kick in when backlog grows, run weekly synthetic-load tests that increase traffic 20% for 3 days, and include runbooks that list measures to identify faulty gateways or misconfigured filters. After incidents, perform RCA, update filters and SLAs, and ensure the machinery performance metrics used by SREs and product teams are part of your compliance plan – you must keep that data visible to prevent repeat failures and to accelerate recovery.

Governance, skills and vendors: role matrix, RFP questions and success KPIs

Define a role matrix that maps every networked IoT asset to one Accountable owner, one Technical lead and one Operations responder, and require measurable KPIs, SLA targets and a documented escalation path for each asset.

Create the matrix using RACI columns and record ownership percentages per category: IT accountable for ~55% of assets, Line departments accountable for ~30%, Vendor-managed for ~15%; log every issue and classify by severity to prevent ownership gaps during the initial rollout.

Make these RFP questions mandatory: 1) Provide three case studies where the vendor deployed >1,000 networked endpoints, maintained uptime ≥99.5% and demonstrated data accuracy ≥98%; 2) Supply a detailed transition plan including days to handover, training hours per department, and explicit steps that transfer operating powers to internal teams; 3) Share at least two incidents with RCA, MTTR metrics, and remediation timelines; 4) State data ownership, export format and a 90-day export window post-contract; 5) Describe integration method with IAM and OT and provide sample APIs; 6) Offer pricing per asset and penalties for SLA misses beyond a 3-month threshold.

Form a governance board with representation across leadership, IT, OT and business areas; meet bi-weekly during the 90-day pilot, then monthly. Grant the board powers to approve configuration changes, budget moves and vendor replacements; record deployment states in a central register updated daily to surface unexpected risks.

Require vendor-delivered train-the-trainer programs: minimum 40 hours per critical department, shadowing on the first 10 operational incidents, and certification for three internal SMEs who become indispensable for long-term operations. Measure skill transfer: internal teams must resolve ≥70% of incidents without vendor help within six months; if teams remain unable to operate, projects were seen failing and becoming vendor-dependent, causing delays and lost value.

Define success KPIs and targets: uptime 99.9% for tier‑1 assets; MTTR ≤2 hours for critical, ≤8 hours for major; data accuracy ≥99%; onboarding time (initial commissioning to production) ≤30 days per asset; cost per asset trending down 15% within 12 months; percentage of incidents resolved by internal teams ≥80% after handover. Report these KPIs weekly to operations and monthly to leadership with trend charts showing gains across departments.

Include procurement clauses that prevent vendor lock-in: portability of assets and data so nothing stays locked forever; 90-day export support; escrow for source and device configs; and financial incentives pushing vendors towards operational handover and measurable business value. In cases where vendors fail to meet handover milestones, enforce phased exit plans and require third-party audits to validate remaining risks.