Electricity use. Overhead costs. Maintenance downtime. There are things every business wants less of, and which can be solved by various energy efficiency solutions. But there are also important things businesses want more of: quality output, operational visibility, space utilization, customer insights. How do we reduce inefficiencies while improving your business productivity? We call it building an intelligent environment, and it all starts with a light.
Businesses in numerous industries are taking the first steps to build intelligent environments by investing in LED lighting and sensor-enabled networks. By upgrading to LED technology, businesses can slash lighting energy costs by 50% or more. But that’s only the beginning. When paired with sensors and software, LEDs become a gateway to the industrial internet of things, which holds enormous potential to collect, analyze and take action on data-driven insights in commercial facilities and buildings. With more than 7 billion fixtures in the U.S. alone, lighting is everywhere. And when it’s smart, it can reveal even the unseen.
We’ve seen that companies ranging from a Fortune 500 bank, to a multibillion-dollar Silicon Valley tech company, to one of the largest sporting apparel companies in the world, are adopting new digital infrastructure to transform their offices, buildings and facilities into intelligent environments, and all their journeys began with LED.
Converting to LED is an important and smart first step for one very big reason. LED lighting and controls generate immediate cost savings through a reduction in energy consumption. Those savings can be used to invest in sensor-enabled networks and a digital platform so that fixtures and sensors that collect data can use IoT applications to make facilities and buildings intelligent.
What do LED lighting and sensor-enabled networks deliver today?
Connected lighting is changing the way businesses across industries and around the world operate. I’ll share a few recent examples from our business.
One, a multibillion-dollar Silicon Valley tech company installed dual daylighting control zones to improve employee comfort and energy savings. Occupancy sensors save energy by turning lights on or off based on space usage, and dynamic plug load control saves energy when electronic devices are not required. Automated demand/response capabilities comply with utility demand/response events to save money by programming lower energy use when peak pricing is in effect.
To-date, 40 of the company’s buildings and parking lots have been installed with controls-enabled LED fixtures, saving the company 70% on annual energy costs, while more comfortable employees are improving output and driving the business forward.
Another example, a Fortune 500 bank, discovered 75% of thermostats in its retail locations were improperly configured, resulting in significantly higher heating and cooling expenses. In addition, the bank wanted to reduce safety issues for customers if an ATM light went out at night. The bank installed indoor and outdoor lighting automation with failure detection, and enterprise-level alarms and alerts. HVAC control and monitoring was also installed to make sure thermostats remain at the right temperature, are working properly and settings are correct.
The same sensors predict system failure, allowing better scheduling of repairs and avoiding costly emergency service fees. Information from these sensors can also improve operations, reduce downtime and minimize workplace disruptions. The system makes it easy to control each site’s temperature to improve comfort and enhance customer experience at each branch. With more than 400 retail branches, this business is realizing energy and operational savings of nearly $1 million each year, along with improved safety at ATM machines.
Finally, a leading athletic apparel manufacturer was building a state-of-the-art facility that needed to provide a technology platform for future IoT applications, offset operational costs through energy savings and ensure consistent lighting across the 1.9-million-square-foot distribution center.
A sensor-enabled network was installed along with new LED fixtures to provide occupancy sensing, scheduling and task tuning. The company has seen a 30% energy reduction with the combination of controls and LED lighting, with an additional 20% savings from task tuning. Lighting quality and employee comfort are positively impacting productivity, and the customer is now installing a sensor-enabled network at another distribution center.
I share all this to show connected (IoT) lighting is here already and delivering a strong ROI, and customers of all sizes, geographies and industries can benefit today and in the future by investing in this technology.
What can intelligent environments deliver in the future?
This is just step one in the path to intelligence. Since our sensor-enabled network uses a ZigBee mesh network, it offers the flexibility to easily add a variety of fixtures and sensors over time. With that flexibility, it offers businesses the ability to collect and analyze data in new ways and from new sources in the future. With the infrastructure in place, they can leverage a host of applications in the ecosystem. For example, in offices, Teem or iOffice can optimize space planning and enhance usage of common areas; in retail, Serraview helps managers understand space utilization in real time and track customer patterns over the long term; in distribution centers Keonn manages and tracks inventory through RFID readers and software technology. And these are but a few examples of the enormous possibilities already out there.
Connected lighting is making the future brighter for businesses everywhere, as the first step toward an intelligent environment.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The NFC Forum recently held its annual NFC Forum Innovation Awards ceremony at the Green Valley Ranch during its member meeting. Almost 100 of the world’s leading near field technology (NFC) technologists gathered to recognize, cheer and fete the three overall winners and the six semifinalists with the most innovative NFC-enabled product, services and applications of 2016. The winners and finalists were selected from almost 100 entries from five continents and represent some of the “best of the best” for NFC innovation. Entries were judged on their innovation, commercial potential and usability, as well as on the quality of design and implementation.
I was impressed not only by the technical and marketing prowess on stage, but also by the fact that over half the winners and finalists used NFC in an IoT solution. This speaks to both the ubiquitousness of IoT and the growing use of NFC as an enabling technology to help make a new IoT product or service work. Below are short write-ups of the two winners and four finalists featuring an IoT solution enabled by NFC.
NFC Forum Innovation award-winning IoT solutions
Speech Code: NFC talking labels
Category: Most innovative NFC product, service or implementation
Austria-based Speech Code GmbH is the developer of NFC talking labels, the latest generation of data codes for modern smartphones. From signage and retail products to food and beverage packaging, Speech Codes make it easy for people with disabilities, retail shoppers or tourists to use.
Khushi Baby: Wearable health
Category: Best mobile app winner
Winner of the NFC Innovation Awards in the “Best Mobile App” category, Khushi Baby Inc.’s NFC wearable health mobile application uses NFC mobile technology to enable health workers in India to interface with infant medical data through an NFC tag-enabled digital necklace. The patient record data is synced to the cloud and displayed on our analytics dashboard, where insights can be acted upon by health officials. More than just another approach to digitize the record keeping process, the Khushi Baby system presents a novel community engagement platform; it is not just a necklace or a tool used to provide a health service, but also a powerful social symbol and a potential driver of behavioral change.
NFC Forum Innovation finalist IoT solutions
Finalists receiving a certificate to honor their achievement include:
Blulog: Keeping foods fresh
Category: Most innovative NFC product, service or implementation
Based in Poland, startup Blulog uses NFC-enabled data loggers and NFC-connected boxes for customizing and monitoring temperatures in the food-based cold chain — packaging, storage and shipping. Using an NFC-enabled phone, a user can scan the Blulog label positioned on a fridge or food packaging to receive information about current and historical temperature in this specific location.
Apps4Android: Talking label maker
Category: Best mobile app
Apps4Android, Inc., an IDEAL Group company (United States), created an NFC-based talking label maker and reader application to assist people with disabilities. Talking NFC tags or labels provide audible guidance for people who cannot visually identify or read the labels on different objects including clothing and food containers, as well as items such as medications and dosage information. The tags are simply affixed to an object, which can thereafter be identified by the owner’s own voice using an NFC-enabled Android smartphone.
Nestech: Talking label maker
Category: Best mobile app
Nestech Corp., based in Taiwan, specializes in developing systems for keyless door locks, access control, IP cameras and any other IoT objects. The company’s NFC-based smart key application allows home owners and small hotel managers to manage their properties remotely.
Kuvée: Talking label maker
Category: Best NFC startup
Kuvée’s wine-dispensing system uses NFC technology to read the tag on the wine cartridge and convey that information to the dispensing holder’s touchscreen where users can browse and purchase the other wines available and have them shipped to your home.
Other NFC Innovation Award winners included Dimple Inc.’s NFC tag-based programmable buttons that personalize and streamline a user’s daily tasks; East Japan Railway Company’s NFC-based mobile payment system; Suica and Talkin’ Things LLC’s NFC-based global smart packaging system.
The NFC Forum would like to give special thanks to the NFC Innovation Awards sponsor, NXP Semiconductors; media partner Contactless Intelligence; and the award judges: ABI Senior Analyst Phil Sealy; APSCA Chairman Greg Pote; Frog Vice President and Head of Venture Design Ethan Imboden; GSMA Terminals Director Paul Gosden; IEEE Council on RFID Professor Dr. Katina Michael; IHS Principal Analyst Don Tait; SapientNitro Vice President Prashant Mehta; Strategy Analytics Director of Wireless Media Strategies Nitesh Patel; and the Smart Card Alliance Executive Director Randy Vanderhoof.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
According to the McKinsey Global Institute, it will be the industrial internet of things where the impact of IoT will be felt the most. The market for IIoT in factories alone is expected to be worth up to $3.7 trillion per year by 2025. The ultimate aim of IIoT, or smart manufacturing, is to create robust ecosystems where thousands of individual remote smart devices work together securely.
One of the top challenges of IIoT is keeping valuable business data secure. Cyberattacks against IIoT systems and critical network infrastructure have severe consequences, putting world governments on high alert.
The U.S. Department of Homeland Security recently published guidelines to “provide a strategic focus on security and enhance the trust framework that underpins the IoT ecosystem.” The document is the first attempt to provide clear cybersecurity guidance to organizations implementing IIoT.
The Department of Homeland Security asks organizations to consider the risks following a possible breach or device failure, compared to the costs of limiting internet connectivity. For instance, continuous network access may be convenient, but is it strictly necessary in the context of what the device does? A nuclear reactor having a continuous connection to the internet carries too great a risk because it also opens the door to a network intrusion.
IIoT organizations are advised to adopt a defense-in-depth approach to help them stay ahead of privacy and security risks.
First, understand exactly what the device does. Without a full appreciation of the function and scope of each individual device, organizations run the risk of activating direct connections to the Internet when they are not strictly needed.
Next, make a conscious decision about every IIoT connection. Connect to a local network to allow the content of critical information to be analyzed before it is sent. Industrial control systems are complex and it is essential to protect them using defense-in-depth principles.
Lastly, build in remote management capabilities. Manufacturers, critical network infrastructures and service providers must be able to disable network connections or specific ports remotely when needed.
Protecting IIoT systems
IIoT promises to bring invaluable benefits to industrial enterprises in terms of process efficiencies, automation, scalability and cost savings. However, despite their vital contribution, IIoT systems are often not managed properly and security remains a major risk. Cybercriminals actually regard IIoT systems as the most vulnerable point in an organization’s network.
Full protection of remote connections on IIoT systems is best achieved with virtual private network (VPN) software. VPNs form a secure connection at the remote IIoT gateway, integrating seamlessly with existing infrastructure and encrypting all data traffic passing to and from individual devices.
NCP engineering recommends IIoT organizations give careful consideration to on-demand/always-on access along with command line or API control. Additionally, authentications in the form of software/hardware network certification and central management for remotely configuring devices should be enforced.
In summary, enterprises must take adequate precautions to manage and protect data related to IIoT or machine-to-machine security. By securing every necessary remote connection with VPN management, it will be possible for enterprises to stay ahead of future cybersecurity threats.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Here’s an intriguing security scenario for you. Imagine you use your right hand to unlock your iPhone or tablet and you wear your fitness tracker or smartwatch on your right wrist. Now imagine that someone who really wants to get access to information on your mobile devices is somehow able to use the motion-sensing data in your wrist device to see what PIN you use to unlock your mobile devices. This scenario can actually happen, according to this research paper “Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN.” Specifically:
In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries.
So basically, not only can sensor data detect when you’re being a couch potato, it can leak your secrets. Thanks a lot, Fitbit!
Don’t tear the wearable from your wrist just yet. Instead, let’s assess the likelihood of such an attack based on its scale, difficulty and consequences of the attack.
For the sensor data to be used to deduce the PIN, it has to either be extracted from the wearable or intercepted as it is transmitted off the device for legitimate reasons. For the second, generally, raw sensor data is not sent off the device, but rather analyzed locally, with only calculated qualities, e.g., steps, transmitted. The first implies compromising the wearable itself through something like malware, and then sending the sensor data to the hacker. Malware could be distributed to a large numbers of users, allowing sensor data to be collected, and hackers could correlate specific sensor data with a particular user. This seems non-trivial, but necessary if the data is to be used to unlock phones or tablets.
A more likely scenario would be a targeted attack where a particular user is chosen. For this, both the following need to be true:
- The wearable can be compromised (so sensor data can be collected).
- The hacker has access to the phone or tablet (so sensor data can be applied).
But if the attacker has physical access to the phone, there are easier ways to extract the PIN, like shoulder surfing or looking at the smudge pattern from oily fingerprints, which is much easier than also installing malware on a different wearable.
Moreover, while unlocking the phone with the stolen PIN will give the hacker access to sensitive information on that phone, it’s unlikely to enable access to sensitive applications accessed from that phone. This is because any sensitive application (not Facebook) likely mandates a short session time, so that when it’s launched, there will be an authentication prompt — one that the hacker armed only with the PIN will fail.
The unlocked phone could, however, enable the phone as a second factor for an application session from some other device. But the burden of the first password authentication for the hacker remains the same. The challenge for the hacker actually gets worse:
- Knowledge of the user’s password
- Ability to compromise the wearable
- Physical access to the mobile device used for 2FA
Additionally, authentication systems are increasingly more sensitive to the context of a device being used to access applications than the mere possession of an unlocked phone, or even the password. For example, just having the device may be insufficient if it’s being used from an anomalous location, or the operations being performed are inconsistent with the valid user’s history.
And of course, the hack requires that the mechanism for unlocking the phone also involves some physical movement from the valid user, e.g., the hand moving as the PIN is entered. The growing capabilities of phones and tablets for biometric authentication mechanisms — either for local unlock or, via the FIDO Alliance specifications, for server authentication — would completely mitigate the attack. Applying my finger to the TouchID sensor on my iPhone provides no useful movement data that could be used to retroactively determine the template.
Even if not particularly viable, the hack is interesting because it highlights the risk of data from a user’s activities and actions, collected by an IoT thing for a valid application (e.g., steps), being used for nefarious purposes. Imagine a patient’s EKG, collected by an implanted sensor for analysis of a heart condition, being used as a biometric to impersonate that user in an authentication. Ultimately, we mitigate this risk by ensuring that 1) such attacks cannot be achieved at large scale (like a database of passwords enables), and 2) that compromise of one such factor is insufficient to impersonate the valid user.
In conclusion, this attack should not give you much cause for concern. That said, if your fitness tracker was an unwelcome gift from a spouse sending not so subtle hints like, “Wow, Jane’s husband sure looks great” and “Those jeans used to be looser on you,” it might provide you a plausible justification for letting it sit uncharged in your bedside table where it belongs.
As the largest health IT educational program and exhibition, the HIMSS annual conference is a one-stop shop to learn and experience the latest developments and trends in healthcare information technology. HIMSS17 brought together many of the best and the brightest in the industry to offer solutions to the most pressing issues in healthcare.
IoT is having a profound impact in every industry — and healthcare is no exception. Whether used to check patients’ vitals remotely or to monitor temperature of critical drugs delivered to distant regions, IoT technologies have become more pervasive in healthcare. This is for good reason. IoT has the potential to deliver better patient care, improve operational efficiency and drive down healthcare costs. At the same time, IoT poses the challenge of new requirements for cybersecurity and patient data privacy.
Growing security challenges
At HIMSS17, Dominic Cussatt addressed growing security challenges in his presentation, “Securing Medical Devices and the Internet of Things.” He talked about the importance of securing his organization’s medical devices and security posture as his team integrates IoT and becomes more dependent on network-connected technologies. Cussatt, who previously served as cybersecurity policy lead and deputy CISO at the U.S. Department of Defense, now leads information security for the Department of Veterans Affairs (VA). This includes overseeing a $4 billion IT budget to ensure secure and reliable operation of VA information systems and protection of our veterans’ private data. The VA focuses on managing security risks more strategically, integrating with the business and working toward a culture of shared ownership across the enterprise.
As organizations embark on this journey to connect IoT devices to their corporate network, they need to adopt a security-first mindset. Organizations will need to take a risk-based approach and tie that to their business, apply context and intelligence to make data relevant and actionable and lastly intuitively connect users with the data.
Return to IT basics
When exploring this year’s exhibit floor with specialty areas including the HIMSS Cybersecurity Command Center and the Connected Health Experience, we saw a significant focus on securing new technologies and services in IoT. Technologies like biometric IDs, heart rate monitors and cameras are commonplace in healthcare, and organizations showcased how they help secure these systems from cyberattacks and defend patient data associated with these systems. We also saw that as provider organizations brace for IoT’s growing security demands, they are going back to the IT basics of ensuring that their enterprise IT systems are available, maintain 100% uptime and easily scale as provider organizations grow. Having this foundational visibility, reliability and scalability enables healthcare organizations to continuously adapt to new security threats and spot security issues as quickly as possible.
Future of machine data
Organizations are now harnessing machine data to improve their security posture, ensure their critical systems are available and running, and operate applications as expected. The insights gained from machine data analysis also serve to support a number of niche use cases across an organization, especially when enriched with data from additional sources. For example, Molina Healthcare is leveraging its machine data to optimize claims processing and call center operations at clinics across communities. IoT devices’ machine data will be critical to monitor the effectiveness of devices and systems, secure them against threats and ultimately ensure patient privacy.
The future success of healthcare organizations will in large part depend on their ability to securely harness this machine data, which will result in an even better focus on care delivery to transform the patient experience.
This article was co-written by Shirley Golen of Splunk.
IoT product developers, designers and engineers will tell you that adhering to highest standards in user experience design when implementing these technologies makes all the difference in creating products that will make the daily lives of businesspeople and consumers better. The prevalence of the topic is due in large part to the following trends:
- Sensors are the key to connecting “dumb” (or heretofore unconnected things) to the internet. Sensor technology has become much cheaper recently — down more than 50% in the last 10 years.
- IoT relies heavily on widely available bandwidth — which has come down in price by 40X in the past 10 years.
- The price of microprocessors is down by 50X over the same 10 years.
- There’s wireless infrastructure everywhere — even though it may not always seem that way…
- Displays are smart and interactive.
- Big data algorithms are maturing and data storage costs are decreasing.
It’s the perfect storm. And without best user experience design (UX) practices, businesses and consumers alike will drown in too much unwanted, incorrect or irrelevant information. In an IoT ecosystem each thing and each person are both talking and sending/receiving data — at times, all are doing both simultaneously. At the sensor level, things are talking to things: machines are talking to each other. Things are also talking to applications. And both things AND services applications are talking to PEOPLE, the third and most important end user of information delivered via IoT. The communications paradigm is shifting. Who is the user now? Every single person. And, one could reasonably argue, every single thing. All have a stake in the other users’ experiences, giving rise to a new term we can refer to as the user/stakeholder or U/S.
In this radically altered landscape, technology requires brand new ways of working. Fluid and secure flow of data between sensors, devices, applications and people is essential to success. A key aspect of this is unprecedented collaboration between software developers (at both the application and embedded levels) and UX designers; this is now the hallmark of a successful IoT deployment. Successful collaborations here will result in the simplest possible designs. Increased machine learning will produce surprise correlations from sensors. Customized dashboards, or dashboard apps that can be customized by the consumer, will be more important than ever. Data service exchanges and the experiences they provide to all U/Ses will rule the day.
Big issues to be addressed
Here are a few of the problems to be surmounted in the current world of IoT systems development:
- Cybersecurity and privacy issues within both the IoT infrastructure and the connected “things” themselves is of premium importance — and in some cases may drive UX/UI. Efforts to harmonize competing standards may also dictate some aspects of the design.
- The information delivered by IoT will be tailored to U/Ses with widely divergent needs and problems to be solved: Think about how extensively the sensor input needed by a smartphone differs from the complex information needed by a manufacturer of heavy equipment. Or a nurse responding to changing vital signs of a patient. Or a large government security team monitoring several airports at once. Great UX makes for smart, tailored solutions.
- Speed to market. IoT has a lot of moving parts. Creating elegant solutions optimized for specific needs of each user/stakeholder is key to swift implementation.
- Data inundation — networks, machinery and especially human users are at risk of overload.
- Many organizations and networks are still siloed across disciplines, protocols and cultures. Designers must develop and socialize new collaboration languages and code to bridge communications blockades that limit pertinent, free-flowing information within the ecosystem.
Meeting the challenges, seeing the benefits
Successfully addressing all or even just some of the UX issues at hand has a big upside for the user/stakeholders and the companies whose IoT products feature this enhanced experience.
- Reduced friction in useful data gathering for every U/S creates faster, more effective solutions that can be deployed more easily and provide increasingly targeted information of value to users.
- The paramount priorities and preferences of the consumer can be honored through customization of data delivery and avoidance of data inundation.
- Efficient systems and processes for delivering them provide for much greater economies of scale.
- Resulting boon to IoT ecosystems encourages burgeoning number of opportunities for new businesses to evolve from old ones.
The internet of things has already become part of your everyday life, even though you may not realize it. Does your TV have Netflix streaming to it? Does your car stream from your phone? Does your home’s security camera send updates to your mobile devices? These are examples of the IoT — the digital connections between our day-to-day lives and mundane tasks, all in an effort to make things faster, easier and more power efficient.
It is estimated that IoT will significantly impact three areas of people’s lives: the connected car, the connected home and the connected self. Each of these represents new ways of data gathering and data usage, which combined with new automation and control options, creates a world of possibilities.
The connected car: The smart vehicle will be able to sync up with phones and stream media while having active data connections for GPS, live traffic updates and efficiency analytics.
The connected home: Connected homes will utilize appliances and utilities that stay connected with the user while offering remote control via apps and real-time adjustments based on environment and data.
The connected self: Phone, tablet and watch, all connected together to track your health and wellness, personal information, daily schedule and social life.
What does this have to do with blockchain? The internet of things will revolutionize many things, but it also opens the door to many security risks — and that’s where blockchain can come make a difference.
What is blockchain?
In its simplest form, blockchain is a digital chain of records, with links (blocks) in the chain as a permanent record that 1) relies on the previous link to complete its record and 2) is publicly vetted through a network of machines. Blockchain incorporates one-way encryption so that even though it’s publicly accessible and vetted, data remains secure and proprietary. This achieves a number of critical security features that make it a leader in the digital cryptography space. First, the chained requirement between blocks means that previous records cannot be altered without detection, creating permanence. Second, as a system that uses a public network for vetting and auditing, data exists in a transparent state, ensuring that any attempts at hacking will be noticed at some point.
Transparency and permanence are critical for a systemic shift to the internet of things because every device and every transaction introduced into the ecosystem creates a new security risk. Before the market can truly embrace IoT, it must have protocols and processes in place to verify that the countless transactions moving back and forth are protected. These elements must also exist in a way that minimizes resources and is optimized for ease of use, allowing for mass scaling of users and devices. Blockchain supports these needs, and current initiatives are pushing the platform into levels of efficiency that allow for enterprise usage. In an IoT world, the scale is critical — it may be easy to protect a handful of records but less so when it’s hundreds of thousands of medical records at a hospital or city department.
Blockchain in action
Consider these two real-world ways of utilizing blockchain in an everyday industry:
Car insurance: IoT can change the entire insurance process. A driver’s data gathered by a smart car — average driving speeds, distances and other data — can connect with an insurance server, delivering secure information that is only activated upon specific events (smart contracts that execute when, say, an accident occurs). This data can then be shared with all necessary parties while maintaining user privacy. In this instance, data is delivered from a single source (the car) and propagated to users rather than manual entry into each party’s own database. Blockchain’s permanence and transparency allow for the smart car’s database to be the reference point that connects data efficiently.
Identification documents: The authenticity of identification is critical for processing official records, but falsified records remain a concern. With blockchain, a new type of identity can be created, one that adds a dLoc sticker containing a tiny chip, guilloches, UV print, micro text or latent image that marries its unique ID only recognizable by the issuing agency. This data is secured within a public blockchain, which can then be used to verify authenticity when interfacing with IoT devices at government offices, hospitals, DMVs and other areas where official records are required.
These two examples represent just a fraction of all the ways blockchain can integrate seamlessly into an IoT world. Blockchain is maturing at the same time connective technology is becoming mainstream in appliances and industrial devices. Over the next decade, IoT can change the way we live, but only if a security platform like blockchain protects your privacy and data in an accessible and scalable fashion.
For more information on IoT and blockchain, Blockchain for Dummies, authored by Tiana Laurence, is available for pre-sale on Amazon (available May 2017).
The first wave of mobile apps mainly centered on the retail and consumer markets. In its second wave over the past five years we witnessed enterprise mobility steadily rise. ISMG’s 2016 business transformation study found 99% of the enterprise workforce uses mobile devices — mainly smartphones and tablets — to perform their jobs. The demand for mobile apps is trending up. Gartner estimates the demand will outpace the capacity to develop enterprise mobile apps five to one by the end of 2017.
And now we are in an era when mobile apps are rapidly penetrating into rather slow-to-change industry verticals like manufacturing, oil and gas, home automation and financial services.
Mobile apps in a connected ecosystem
This penetration, dubbed as the third wave of mobile apps, is fueled by the rising ubiquity of internet-connected devices and sensors.
In this fast emerging era of smart cities, smart homes and connected cars, mobile devices like smartphones, tablets and wearables function as the main interface to interact with IoT devices.
Mobile app functions are no longer standalone, but integral to many sensitive, mission-critical functionalities, from personal health and fitness to industrial equipment sensing and predictive maintenance. Even in banking and finance mobile apps are being adopted to offer improved geolocation services across platforms.
Today, whether targeted for retail, enterprise or industrial customer bases, mobile apps have to perform efficiently cross-platform, integrate with third-party APIs, and interact with connected devices and sensors in real-time in order to deliver value to the end user.
To perform all of the above reliably, mobile app security is critical. While user experience and time to market are still important, it is about time mobile app development takes security more seriously.
Securing a connected mobile ecosystem
Ponemon Institute’s 2017 survey on mobile and IoT app security found while 79% of respondents consider a mobile app a threat to existing security posture, only 32% of respondents believe their organizations are urgently trying to secure mobile apps.
It has become increasingly common for hackers to use sensitive information exchanged through mobile apps to launch other forms of attacks.
ISMG’s 2016 Mobile Security study further shows data breaches are most commonly caused by:
- Mobile apps containing malware
- Apps that contain security vulnerabilities
- Unsecured Wi-Fi connections
To prevent data breaches due to malware and inherent vulnerabilities, mobile app security practices must integrate with the entire development lifecycle, from design through testing and deployment.
Even though the effectiveness of penetration testing is proven for mobile apps, Ponemon Institute’s 2017 study found testing of mobile apps being ad hoc if done at all. The study also found mobile app risks exist because end-user convenience is considered more important than security (by 68% of respondents).
As mobile apps assume a central role in today’s connected world, development must prioritize to mitigate the security risks already listed in Open Web Application Security Project guidelines, including:
- Broken cryptography
- Unintended data leakage
- Weak server-side controls
- Client-side injection
- Poor authorization and authentication
The figure below shows these risks in order of predominance.
Mitigating mobile app security risks
In a highly competitive mobile app market, rush to release is often cited as another reason to compromise adequate security testing during the software development cycle. This needs to change.
There are multiple proven ways to mitigate risks during development, such as:
- Penetration testing
- Educating developers on safe coding
- Static and dynamic application security testing
- Security testing throughout the software development lifecycle
In case of enterprise deployments, instead of focusing on just one aspect of mobile security to make that bulletproof, organizations need to take into account the entire spectrum of threat profile and try to mitigate risks.
To secure an end-to-end enterprise environment, mobile app security also depends on overall mobile communication architectures, including carrier connectivity and IT infrastructure.
At the user level some common risk mitigation steps are:
- Avoid default passwords and opt for more complex passwords
- Avoid using the same password across mobile apps
- Use auto-lock features so the app locks fairly quickly when not in use
- Allow app downloads only from reputable app stores
- Regularly update installed apps (as often these updates contain security patches)
- Delete apps which are not in use
Establishing mobile app governance
At an enterprise level, standards and governance measures can provide comprehensive guidance and prevent a fragmented approach to mobile efforts.
Standards practices can be designed in such a way that instead of stifling innovation or slowing down a mobile initiative, they help to capture and evaluate any mobile requests securely — and deliver applications consistently.
Such governance can also help manage app support, maintain expectations, define measures, foster reusability and encourage knowledge sharing across the organization. It can also ensure business units can deploy mobile devices and apps in a consistent, secure and measurable way.
Governance steps like reference architectures, reusable components, access to corporate resources and security standards can all be used to help breed consistency, no matter who is developing and deploying the mobile apps.
As sensor-based smart building systems, like intelligent LED lighting networks, have gained popularity, much has been made of the huge energy and maintenance cost savings they can provide to the organizations that install them. In addition to the uniquely valuable overhead vantage point offered by connected lighting, an often overlooked benefit of all sensor-based systems is their ability to streamline and automate. From automatically adjusting temperatures within a warehouse or workspace to turning lights on or off depending on occupancy, smart building systems can now manage many of the time consuming day-to-day tasks that have traditionally fallen into the hands of facilities personnel.
Streamline a facility manager’s job and the benefits extend far beyond their daily to-do list, allowing them to take a step back and focus on more strategic initiatives for the organization and inject new levels of value into the organization across several key areas. Here are just a few ways that building intelligence can help your team work smarter.
One of the most useful ways intelligent systems help streamline day-to-day tasks is through occupancy tracking. By gathering and delivering insights into the ways people are (or aren’t) moving within a space, organizations are able to hand over the reins to intelligent systems and automate a variety of tasks, ranging from simple things like adjusting lighting and temperature levels within a specific area when someone enters or exits, to more complex tasks like security monitoring that sends out alerts when someone enters a restricted location.
Further, tracking occupancy provides insights into traffic and usage patterns throughout the warehouse or factory floor. Smart building systems can gather this information with such granularity that facility personnel can monitor specific pieces of equipment, noting when they are and are not being used by employees throughout the day. Insight into these patterns allows organizations to adjust staffing or scheduled usage. Take, for example, an intelligent LED system above a major piece of equipment in a manufacturing facility. The system can provide insight into occupancy patterns around that machine, and data may reveal that a number of people are not only around the system, but stagnantly waiting to use it during the first shift, while that same machine is nearly untouched during the second shift. This data gives facility personnel insight into potential overstaffing of a certain job function or a suboptimal workflow that are causing people to get hung up. From there, management can make an informed decision to change scheduling patterns or workflow so that people are not wasting time while they wait for the machine to be free.
Equipment performance and maintenance tracking
For many working within a factory or industrial environment, a portion of their day is devoted to checking and manually assessing how equipment is operating, thus ensuring that production lines are running smoothly and equipment is not malfunctioning. Intelligent systems are able to take over this often time-consuming task, automatically collecting and aggregating data and flagging abnormalities.
This information not only creates a more efficient floor, but also delivers for facilities and operations managers the time and data they need to make key decisions about the way the facility is running, providing alerts as to when equipment malfunction is most likely to take place, and scheduling preventative maintenance for off-hours. Consider the machine mentioned in the above example, working constantly for hours at a time with a long queue of employees. The manager may conclude a second, very expensive machine is needed to handle the workload, or that costly repairs could help it get back into peak-performance mode. However, with the data provided through building intelligence systems, facility personnel can recognize that the problem is simply associated with usage, and thus make the necessary changes, saving the organization thousands of dollars — or more — and reducing the amount of production time lost due to inefficiencies and equipment malfunction or breakdown.
Keeping track of the myriad assets that pass through a facility in a day can also be a time consuming endeavor for facility personnel. From making sure product is moving through the space the way it is supposed to, to ensuring pieces of necessary equipment — things as large as forklifts and as small as ladders — are not lost, hours can be spent just making sure everything is in the proper place at the proper time, and making corrections when it is not.
To round out the example of the once-overused piece of equipment — if a product is making its way through production and goes through that piece of equipment but then is misplaced by an employee or falls off of a forklift on its way to the loading dock, the time that was saved by ensuring that equipment was running smoothly no longer matters. Hours may be spent searching for this one item that has simply been misplaced. However, with intelligent systems, organizations have the ability to attach sensors that act as beacons to these pieces of product, giving them the ability to know exactly where an item is at any minute, ensuring that processes run smoothly from end to end and benefitting the business as a whole.
Though many people consider intelligent systems as a way to save a company money, from reducing energy costs to streamlining processes, the benefits go much further than that. For facility personnel especially, these systems can automate a variety of tasks that often eat up entire chunks of the manager’s time, and offer both the insight and the opportunity necessary to contribute to the business in more strategic ways.
If you want to see an urban emergency manager sweat, just mention one name: Katrina.
Among the most destructive and deadly hurricanes in American history, the 2005 storm is likely the definition of “disaster” for anyone who watched it unfold in news coverage and over social media — as much for the human cost as for the drawn-out and flawed response.
It is inevitable that cities will face disasters, natural and man-made, but they don’t all have to be Katrinas. By using smart technology solutions to build upon best emergency management practices that were developed during the past century and more, cities will be able to prepare more effectively and respond more efficiently.
Having access to data from IoT networks is an unprecedented boon for emergency preparedness. Just knowing the travel habits of commuters from tracking mobile ticket activations across different modes of transit allows cities to predict where the greatest concentrations of people will be at any given hour, which can be accounted for in evacuation plans. And networked devices will make it possible to more effectively disseminate alerts, information and directives to the population — and to scale responses, so as to focus areas of greatest risk and thereby reduce the chance of panic in those where the risk is lower.
The promise of smart technology in response to disasters, though, is perhaps the greater opportunity. By mitigating the impact in the wake of a hurricane, an earthquake or other event, cities will be able to hasten the return to normalcy for citizens and businesses, reducing the emotional and economic impact of disasters.
There are already efforts to harness smart technology for this purpose. Indeed, when the tremors from 2011 offshore earthquake reached Japan, they were detected by sensors that automatically brought the country’s Shinkansen bullet trains to a halt. No trains were derailed in the subsequent 9.3-meter-tall tsunami.
The Urban Risk Lab at MIT — which is specifically tasked with finding ways to help cities deal with disasters — came up with the PrepHub, a melding of physical infrastructure and smart technology. It’s a multifunction station with a pedal-powered generator that provides charging for devices and acts as a communications center to help citizens after a disaster. Another response was developed after Hurricane Sandy devastated parts of the East Coast. Because many local businesses were unable to get communications or data services in the following days, the New York City Economic Development Corporation held a contest to design solutions. One finalist was Red Hook WIFI, a resilient wireless network designed to provide internet access on the community level in the event of large-scale power outages.
Developing technology holds even more promise. Google’s patent filing for managing lane assignment for autonomous vehicles is a good example. Once there is a critical mass of autonomous vehicles — both privately owned and public transit — far more can be fit onto a road during an evacuation without creating bottlenecks and gridlock, getting more people to safety more quickly. It’s even possible they could be moved out of the way in a coordinated fashion to allow emergency response vehicles to get by with minimal or no delay.
What needs to happen now — well before the next blizzard of the century or catastrophic wildfire — is for smart city stakeholders to bring emergency planners into their circles, if they haven’t already. Having the internet of things integral to your city planning is not enough, by itself, to be prepared. You will need guidance from people well-versed in crisis management from experience in real-world situations.
Cities have proved their resiliency in the face of disasters time and again. However, it is inarguably smarter to take steps today to mitigate future catastrophes. The name Katrina will never lose its sting — nor should it, given the cost it levied — but cities should take every opportunity to leverage smart technology in ways that will make citizens safer in the face of future disasters.