When it comes to the Internet of Medical Things (IoMT), healthcare providers have powerful tools at their disposal for capturing and contextualizing vast troves of data useful for improving care outcomes and driving profitability. Securing your IoMT network is critical to not only the benefits of your connected devices and network infrastructure, but also prevent catastrophic digital attacks.
Globally, there are around 420 million connected medical devices in deployment, with a further 70 million or so devices expected to be installed by the end of 2019, according to BI Intelligence. With IoMT devices so prevalent, cybersecurity is fast becoming a critical success factor for forward-looking healthcare delivery organizations.
What is IoMT?
Before we dive into the strategic and technical details, let’s define our terms. The term IoMT generally refers to two groups of devices. The first group is connected medical devices like patient monitors, lab devices and in vitro diagnostic products.
The second group is made up of devices that support clinical administration and operational workflows, which includes assets such as nurse calling devices, label printers, sensors and controllers.
While it might be tempting to approach these technologies with a set it and forget it approach, the way in which you configure, maintain and interact with your IoMT devices can have a large impact on the security of your network. A review of more than 30 hospitals found that 61% of devices are at risk, offering would-be intruders no shortage of actionable attack vectors through which they can compromise your entire organization, according to CyberMDX .
Thankfully, some of the most common risk factors associated with IoMT devices can be addressed with a combination of software solutions and strict governance. These risks and their remediations include:
- Devices with default passwords: Set unique, strong credentials for all devices and services.
- Unpatched software: Set a routine patching schedule and monitor for urgent patching needs.
- Rogue software: Audit devices for rogue software and conduct uninstalls as appropriate; restrict permissions to prevent future rogue installs.
- Unauthorized network access: Configure the Network Access Control system with better defined and more vigilant security policies.
- Device misuse: Restrict internet browsing to pre-approved whitelisted destinations, allowing new destinations upon request.
- Malicious activity: Ongoing surveillance of your IoMT network to proactively identify and patch potential vulnerabilities, reducing the likelihood that attackers can compromise the system.
- Lack of containment: It’s important to not only prepare to repel attacks before they land, but to have controls in place that allow you to contain and expel them should they pass through your defenses. To this end, you should construct and enforce a network segmentation regime not only at the perimeter, but internally around endpoint groups that share similar clinical applications and network workflows.
The good news is that these risks can be largely marginalized with a little due diligence and strategic planning. The bad news is that, if left unaddressed, every device at risk represents a potential point of failure.
Real-world consequences of these vulnerabilities are significant
Data breaches are no small issue for any business, but healthcare organizations have even more to lose. Whereas other industries only have to worry about customer data, healthcare organizations must contend with the possibility that a breach can put patient safety at risk. A successful breach essentially opens the door for attackers to interfere with — or even shut down — the delivery of care.
In the healthcare industry, the cost of a data breach is roughly double the global average of data breaches in other industries. Some of the most high-profile healthcare breaches have seen millions of patient records stolen in a single instance, and all it takes is one vulnerable device to provide a malicious actor with access.
Establish a live inventory for asset management
The steep costs associated with a cyberattack should be enough to convince any conscientious healthcare provider of the need for a comprehensive and proactive cybersecurity strategy. Crafting such a strategy requires first understanding where the typical gaps occur and then moving to fill them.
Perhaps the most foundational aspect of your IoMT security strategy is automating inventory management of the connected assets in your deployment. Some sort of directory should be produced to reflect all the devices in need of protection and where they lay within your network topography. Once you have eyes on the whole of your digital domain, you can begin to intelligently plan for its sustained protection. In other words, you can’t secure what you don’t see.
The importance of automation
With a continually expanding network of connected devices, automation is key. Healthcare networks are becoming rapidly more complex, forcing some IT teams to fall into a keep the lights on pattern rather than a more proactive, big picture approach. Automation can boost processes across the board, saving time and resources while also increasing coverage.
Any automatic mapping solution should include high granularity device classifications, which not only account for a wide range of devices in detail, but also place those devices within the context of the organization and the wider healthcare ecosystem. For example, your automated mapping solution should recognize the difference between a device that captures personal health information and one that doesn’t. Your solution must then be able to prioritize the more sensitive devices from a security standpoint.
While automatically identifying and classifying medical devices according to the most predictive operational and cyber factors is critical to IoMT success; it’s also far easier said than done. With so many different variables interacting in a fast changing regulatory, protocol and human behavior ecosystem, rule-based, programmable logic alone is ill-suited to the task. In an effort to avoid a Sisyphean predicament, smart solutions often enlist machine learning technology to assist in the process.
Cybersecurity strategy and tool integration
Comprehensive IoMT management means that your cybersecurity strategy and tooling must integrate with your broader IT strategy and tooling, which must also integrate with your broader business strategy and tooling.
As far as security is concerned, it’s important that solutions complement existing capabilities, including adjacent systems, without compromising operational integrity in any way. This includes integration with the organization’s computerized maintenance management system, which helps better manage inventory and keep devices up to date, as well as your electronic health record system, practice management software and any other significant HIT tools used by your organization.
Seamless integration is a must to ensure that data is shared as effectively as possible, and that day-to-day workflows are not disrupted by the introduction of a new, incompatible technology.
Operational analytics grant insight
To maintain security and move toward operational excellence, you need a mechanism for contextualizing the expanding troves of data captured from each connected device in your IoMT network. An ongoing risk analysis framework needs to keep pace with the real world as threats evolve and new vulnerabilities are discovered.
Machine learning can and should be used to automatically flag potential vulnerabilities or anomalies, and notify the appropriate managers, so they can respond quickly. You should not only receive actionable insights on the individual device level, but in the aggregate as well, presenting a departmental and organizational overview of your risk profile.
Effective operational analytics gives your organization the ability to prioritize potential threats and work to fill security gaps before they’re exploited. An ongoing automated risk analysis mechanism means your team will continuously reprioritize and refocus its efforts as needed.
Proactively defending your IoMT network
In a dynamic healthcare environment where more data is generated, stored, tracked and analyzed than ever before, cyberdefense becomes more critical with each new introduced technology. However, as networks grow, they become more cumbersome, which reduces IT teams’ abilities to think proactively and stay a step ahead of attackers.
Combining automation with a system of best practices, policies and procedures is an essential step toward giving healthcare IT administrators the tools to implement forward-looking security measures every time a network expands and new IoMT devices are added.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
IoT, also commonly referred to as connected devices and smart devices, has brought previously unthinkable benefits to our lives and many of the products we use on a daily basis. But it also delivers significant risks — particularly when it comes to cybersecurity and the device operating as originally intended.
Regardless of whether an organization manufactures consumer electronics — such as hair curlers and clothing dryers — or products for a business-to-business market, they should start with the big picture when it comes to IoT implementation: just because you can, should you?
Instead of just trying to keep up with the latest and greatest in technology and product development, manufacturers should not lose focus on the key purpose of their product or system. They should only consider making a smart device if it provides clear benefits to their core customer base. For instance, is there truly a benefit in hair straighteners being connected to the internet? Is the consumer’s life going to be richer if their refrigerator egg tray can tell them there is only one egg left? For the latter, there is a strong argument to be made for convenience and being able to shop more effectively and efficiently. The key is to know when the benefits outweigh the potential risks.
If a company decides to make a product a connected device, it needs to create it with the duty of care to customers that ensures the connected products are secure and remain fit for its intended purpose.
All IoT devices and systems are open to external threats, including those that do not directly have a safety or security function. Devices you may never have regarded as likely targets for cybercriminals, such as TVs, can be hit by potentially paralyzing hacks and computer viruses. In many cases these connected devices can open access to home owners’ networks and data contained therein.
To underscore this, in a 2018 report titled “Secure by Design,” the U.K. government emphasized that “cyber criminals could exploit vulnerabilities in IoT devices and associated services to access, damage and destroy data and hardware or cause physical, or other types of harm. Where these vulnerabilities can be exploited at scale, impact could be felt by multiple victims across geographic boundaries.”
An example of a connected device that has the potential to enhance the user’s experience and provide the type of convenience that seems to epitomize the IoT are smart locks. Smart locks are often connected to smart speakers and apps on smart-phones; while they add a tremendous amount of convenience and control, they also are at risk of cyberattack. What if they were hacked? As technology gets smarter, so do criminals. This is a simple example based on a residential application; the implications are amplified exponentially when applied to a commercial setting.
There are also risks associated with something as seemingly benign as a smart refrigerator; imagine if someone decided to adjust the temperature of your refrigerator, all the refrigerators in the neighborhood or at a grocery store or at a distribution center?
Minimal human intervention, maximum catastrophic impact
Research group Gartner estimates that there are already 8.4 billion Internet-connected devices in use worldwide, generating revenue of $2 trillion, and that by 2020 there could be 20 billion such devices worldwide. A study of 400 small businesses in the U.S. that use connected devices found 48 percent had already experienced at least one IoT breach. Additionally, the research showed that among companies with annual revenue of less than $5 million, the costs of IoT hacks equaled 13.4%of revenue. For larger organizations, these unwelcome costs ran to tens of millions of dollars.
For devices and systems that communicate with each other and learn and act with minimum human intervention, the impact of breaches can be crippling, resulting in maximum catastrophic impact.
IoT adoption continues to explode and could be even more transformative if not for widespread concerns about the security of enabled products and systems. One way for companies to assess whether their products should be connected would be to start with sales and marketing business units and not the technical teams. Sales and marketing teams have the best pulse on the customer, market and industry and can help clearly identify what value your IoT products bring to customers through this technology. Then turn it over to the technical team to consider how best to implement it, rather than the other way around.
It takes more than a secure password and encryption to make a secure IoT system. A range of basic issues must be addressed. IoT devices need to be tested against an internationally-recognized set of protocols and the product’s intended use should also be verified. It does no good for a lock, for example, to be connected to the internet if it doesn’t work for its intended purpose. Verifying both the fit for purpose and the security of device connectivity will help build trust in the device and you as its manufacturer.
Among concerns your business may face as a manufacturer or retailer of IoT devices is a rising lack of consumer trust in the whole system. More and more, consumers report worries about both security and the performance of IoT-enabled devices and systems, a trend that could lead to stalling sales and a downturn in mass adoption. To recognize this threat, it’s vital that security be implemented in the connected device’s design stage, rather than considered as an afterthought.
Avoid serious negative repercussions
Serious negative repercussions — such as legal action and fines, declining sales and profits or a damaged business reputation — may result from a failure by manufacturers to address IoT security challenges. At times, IoT manufacturers may be tempted to put form over function in their rush to bring a connected product to market. Without a thoughtful product development roadmap in place, a newly IoT enabled device may inadvertently leave your product no longer suited for its intended purpose and vulnerable to hacking, creating security and service concerns, and opening the door to organizational risk.
It’s clear IoT has the potential to undermine companies and their reputation, but when carefully considered, it can also be part of the solution, acting as a huge enabler in the key business resilience areas of information, operations and supply chain. Once you determine that IoT does add value and that it’s secure for your customers, seeking assurance can help businesses mitigate risks and safely accelerate time to market in highly competitive industries.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Pharmaceutical companies are facing uncertainty on a variety of fronts. To remain competitive, they must go beyond developing tamper-proof packaging and invest in tools and infrastructure to manage complex logistics while meeting high requirements for speed and reliability. While the costs of drug development is soaring, so is the risk of fraud, theft and other costly supply chain disruptions. Due to the distributed global economy, more individuals than ever are handling cargo, which increases the potential for nefarious activity.
Supply chain visibility is key to a safer pharmaceutical pipeline, but implementation is challenging. Amidst thinning margins, distributors must balance the increased pace of new drug development with evolving consumer delivery expectations and rigorous regulations. In this article, I’ll explain the pillars of a functional supply chain for those operating at the multi-regional level to a global scale.
Pharmaceutical shipments are fragile, environmentally sensitive and at high risk of theft. Rather than deploying a solution across operations, invest in the business units with the highest risk potential. For example, the most critical juncture in the supply chain is the handoff process when humans are involved. To mitigate theft, mishandling, and other errors, you can deploy smart tags and Bluetooth sensors.
These lightweight and low-cost trackers can be engineered to log a variety of environmental conditions. These include humidity, light exposure, pressure, NIST traceable temperature, motion, impact and vibration. Installed at the item or pallet level, these devices can alert operators when shipments may be damaged, stolen or need to be rerouted. There are also disposable trackers for shipments over air and sea when device retrieval is not required or possible. Trackers like these are difficult to compromise and can be synced with your data management software of choice.
While you might be unsure about integrating smart tags and sensors onto your legacy infrastructure as-is, there are a variety of providers who offer end-to-end subscription-based SaaS solutions. A SaaS solution relieves the complexity of integrating your devices with existing fleet and supply chain logistics systems and instead provides a seamless all-in-one place where your data and device management can live and operate.
Engage your fleet
Driver training is central to supply chain integrity. Drivers are at the front lines of keeping products safe by avoiding unnecessary stops and high-crime areas on their route and minimizing idle time. By investing in a centralized command center and fleet management applications you can provide real-time coaching and maintain shipment integrity across your fleet.
Continuous driver training is essential to maintaining pharmaceuticals within the correct temperature range. You can also prevent fraud and tampering at the pallet level, and receive alerts when operators are behaving suspiciously. Fleet management applications can be further integrated with advanced sensors and probes to gain a comprehensive view of shipment integrity. Shipping information, compliance history, and traceability can be leveraged to expedite claims and investigations, as well as to optimize future routes and inform training for your entire fleet.
Integrating fleet management and supply chain logistics technology decreases risk and lowers your maintenance cost via real-time insights into vehicle health. Rather than relying on drivers to self-manage details — such as confidentiality and prompt incident response — you ensure that drivers are compliant with your standards at all times.
Train your team
Amidst the rise of theft, fraud and shipment tampering, maintaining a single source of truth from the point of pack to patient is critical. However, you also need to invest in an accessible platform for easy day-to-day decision-making in the office as well as on the field.
Pharmaceuticals have a limited window of use, so it’s critical to ensure that they are disposed of and not redistributed on the black market. With a secure command platform, you can reroute damaged goods or dispose of them in an environmentally-friendly manner. You can also execute time-critical decisions to meet sudden fluctuations in demand, such as natural disasters and epidemics. With agile logistics enabled by telematics, you can easily repackage to deliver critical medications to those who need them most.
Provide adequate ramp-up periods for individuals with different skill sets so that they not only recognize the business value of IoT telematics, but can deploy these solutions with minimal oversight. Keep operators honest with regular check-ins and training. Also, replace the traditional handbook with an up-to-date web portal or mobile application to route queries and frequently asked questions. By investing in resources for your employees early on, you minimize the risk of major mistakes or miscommunication in implementing complex IoT solutions.
From a security standpoint, make sure that you set clear ground rules and expectations for BYOD and devices that operate outside of your internal networks. With IoT telematics devices and applications, you can ensure instructions outlined in your contracts are carried out. Advanced location tracking and sensor tech can immediately notify you when there is a security breach, failure to follow driver rules and instructions, or accidents and natural disasters.
Employees will have greater peace of mind with adequate avenues to mitigate daily decision-making as well as oversight to avoid breaches of data or other compromising information. While breakthroughs in sensor tech, location tracking and analytics may be able to help you contain costs, it is up to your team to realize that return.
Interest is mounting among major drug supply chain stakeholders for real-time, interoperable supply chain management solutions to identify and trace certain prescription drugs as they are distributed within the country. In addition to minimizing human error in handling, IoT telematics and supply chain logistics technology ultimately improves the line of sight for shipments in transport, allowing you to make better purchasing decisions and develop proactive plans to react to data breaches, equipment malfunction and other crises. With smart investments in IoT telematics devices, applications and infrastructure, you can easily secure shipments while delighting your customers with reliable delivery and superior service.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
When Wi-Fi was first released, it was difficult to imagine that it would become such an important wireless communication tool currently connecting billions of devices and counting. Wireless technology has freed electronic devices from Ethernet cables, but finding a solution to eliminate power cords and the need for battery power still remains.
A growing number of devices connected to IoT, including those with low-power consumption, continue to rely on disposable batteries. The demand for batteries is prevalent in local retail stores where not long ago an 8-pack of AA batteries was considered a bulk package. Now, it is not uncommon to see 72-pack AA and AAA batteries sitting on the shelves and in our homes. In fact, billions of batteries are used every year for key fobs, door locks, sensors, remotes, computer mice, keyboards, beacons, wearables and more.
Redefining battery life
After decades of creating ubiquitous embedded wireless connectivity, it’s time to take a fresh look at redefining battery life for wirelessly connected devices. The market requires a new vision that not only extends the lifetime, but in some cases completely eliminates our reliance on batteries.
The obvious choice to extend battery life of a device is to lower its power consumption. Through Bluetooth 5.0, along with a combination of circuit-level and system-level innovations, it is now possible to reduce the power consumption to a low enough level for energy harvesting to be a genuinely viable power source. This enables the possibility for battery life that lasts forever or battery-free devices.
When does a pipe dream become reality?
In the early days of Wi-Fi development, its range and data rates were considered to be too inferior to ever replace the Ethernet cable. Two decades later, Wi-Fi is the preferred internet connection for smart buildings and businesses. A new generation has grown up never needing an Ethernet cable; many of them don’t even know what one is. For them, Wi-Fi and Internet are synonymous. There is a similar journey ahead with forever battery or battery-free IoT devices. Bluetooth 5.0 is one of the wireless technologies that is sufficient for low data range applications that most IoT solutions fall under. As engineers continue to push the envelope of low-power design and energy harvesting, more devices and applications will benefit from significantly longer battery life and battery-free operation. Forever battery and battery-free technology enables new use cases and applications that are yet to be invented. Maybe in the near future, a new generation will grow up in a world where they will never need to change batteries.
The ultimate cost
While energy harvesting capabilities evolve for connected devices, it’s only a matter of time before forever batteries are commonplace in industrial IoT, smart commercial buildings and beyond. Meanwhile, remember that the cost of wirelessly connected devices rarely end at the initial purchase. Building managers are burdened with purchasing and replacing batteries, as well as spending hours to ensure devices are sufficiently powered. The next time a battery must be replaced, the question that will be asked is this: Do these battery-operated devices require an upgrade to a newer low power model optimized with energy harvesting?
There are compelling incentives for an organization to innovate and transform, including revenue growth, new markets, operational efficiencies, cost savings and gaining the ability to derive value from IoT data, just to name a few. While most organizations know they need to transform digitally to reap those benefits, it can be difficult to know where to start.
Digital transformation starts with a strategic plan. Once that plan is in place and you’ve selected the right development tools and platform, you’ll be ready to deliver on your digital transformation goals rapidly. The key is to think continuously and iteratively vs. thinking about a defined end to your digital transformation. You’ll never run out of ways to improve your business using technology.
Start with a strategic business and technical plan that can guide your digital experience efforts. Unlike other strategy planning processes, this should be a nimble plan that is tied specifically to the most important business goals. Five key components set organizations up for success.
- Business and Technology Alignment. Align company and team objectives and measurements.
- Customer Experience Brainstorm. Identify customer experience initiatives.
- Employee Engagement Brainstorm. Identify employee engagement initiatives.
- Channel Optimization Brainstorm. Identify partner optimization initiatives.
- Digital Initiative and Investment Summary. Produce a prioritized list of initiatives by impact and feasibility.
Align business and technology
If you have goals that cascade through your organization, you have a great starting point for step one. The idea here is to leverage any existing corporate-level strategic plans regardless of what methodology was used to drive the planning process. What’s important is that the goals reflect the organization’s primary mission. At the very top it should address major go-to-market topics like revenue, operating margins, customer growth, corporate expansion and so on. For this exercise, less is more, so simply identify the three key company objectives along with measurable results. If it can’t be measured, it can’t be a goal.
This process should be done for each major business function, including sales and marketing, products and services, finance and operations and customer service.
Brainstorming the customer experience
Since digital transformation starts with the customer, we’ll first brainstorm what we can do to improve the customer experience. Start by choosing a slogan as a guiding principle or some inspirational approach to get people in the right mindset. Next, assess customer preferences for both digital and physical interactions by doing a high-level persona evaluation. Consider their geographic location and the potential of harvesting IoT sensor data to more deeply engage them. It’s important to identity future customer considerations as well and to understand just who comprises your audience. Different generations have different preferences. Finally, consider digital opportunities at each stage of the customer journey from pre-sale, to the actual purchase process, to post-sale.
Brainstorming the employee experience
Employee engagement and customer engagement are symbiotic, with research revealing that organizations with happy, productive employees have much higher customer satisfaction ratings and profitability, plus the ability to attract and keep quality talent.
We will use an approach for employee engagement that will produce the same output as the customer experience process. I like to use an attract and retain every day approach to set the stage. Think in terms of the entire employee lifecycle, which includes branding and recruiting. Think also of innovative tools to make employees lives easier and more efficient, such as mobile field service apps that leverage sensor data to further enable productivity.
Brainstorming partner optimization
Depending on the structure of your organization, it may be important to consider your channel or partner ecosystem. Take a holistic partner ecosystem approach and consider aspects such as:
- Partner recruitment and training
- Company and partner system integration
- Partner selling and transaction support
Don’t neglect your supply chain and your sales and marketing channel. In both cases, it’s imperative to think about the entire partner lifecycle.
Digital initiative investment strategy
Before we prioritize and build a high-level timeline, it’s time to think about digital from a different perspective. This will complement the assessment that you did for customer, employee and partner.
In this exercise, you’ll consider how digital or the combination of digital and physical can be used to impact each company objective. You should include each discipline that was identified as part of the upfront corporate goal alignment step.
Next, prioritize your digital initiatives by assessing three elements: value, acceptance and risk. Plot them on a diagram like the one below where impact represents value, and success feasibility addresses both acceptance and risk into a single factor. One way to do this is to place each digital project in the appropriate quadrant, looking for initiatives that have the highest impact as well as the highest probability of success.
To be successful, participants in this exercise need to come from across the enterprise. In addition to AppDev and IT, they should include groups like sales and marketing, products and services, finance and operations and customer service. By the end of the process, you should have a clear plan for success for your organization’s digital transformation.
When one of his 18-month-old triplets was diagnosed with Type-1 diabetes, Michael Maniscalco, CEO of Better Living Technologies, knew his family needed help. If his little boy’s blood sugar level got too low, he risked severe health complications, including death. To guard against this, the child was given a continuous glucose monitor patch that checked his levels and sent them to a smart phone, which then relayed the data to the cloud for assessment. If a reading dropped dangerously low, the family would be notified via the phone. But how could parents of toddler triplets monitor their phones 24/7?
They couldn’t. Within a month, both Michael and his partner were beyond sleep-deprived, and experiencing near constant stress. It wasn’t sustainable. Michael — who holds a computer science degree and had some experience with smart home devices — was convinced there had to be a better way, and set to work finding it. Ultimately, he connected his son’s glucose data in the cloud to any device in the home that could receive data: smart phones, yes, but also laptops, virtual assistants, smart watches, smart appliances and smart light bulbs. Now, no matter where they were or what they were doing, both parents could be confident they’d be alerted if something was wrong. And some semblance of sleep returned. By connecting cloud analytics to IoT devices, Michael had not only created a kind of personal health network for his son, but also a proof of concept for anyone needing remote 24/7 health monitoring.
As I listened to Michael’s story, it became clear to me that many of the IoT features people might use for personal healthcare are similar to those we’re creating today in smart, IoT-enabled factories. Especially in the realm of predictive analytics, using real-time statistics, data-mining, modeling, AI and machine learning to sift through data, find patterns, assess risk and then make predictions about the future. In industrial IoT, predictive analytics is the basis of tools, including predictive maintenance, real-time asset monitoring, quality sensing, supply synchronization and much more. Predictive analytics allows enterprises to be more forward-looking and proactive, anticipating human behaviors, infrastructure issues and outcomes based on data, not hunches or assumptions. Predictive analytics can even provide decision options.
Now, as we apply predictive analytics to health-related data, we begin to see the promise of predictive health. The glucose monitor Michael’s son uses takes a reading every 5 seconds and sends that information to the cloud. That’s 17,280 readings every day, 6,307,200 data points per year. Where a human doctor might be overwhelmed with this volume of data — or, more likely, just look at specific points in time — analytic tools can easily detect patterns within the full dataset. And that’s just for a single individual. In the future, anonymized data from every glucose monitor in the U.S. could yield truly massive datasets from which we extract patterns to design better treatments, and maybe even start predicting blood sugar problems before they arise. The same principle applies across all of health and wellness. Imagine what the data streams from fitness trackers and smart phones — like exercise, heart rate or sleep monitors — could contribute to long-term heart health.
The concept scales. Predictive analytics in healthcare has the potential to surface tremendous insights hiding in hospital data and in the massive data generated by wearable connected devices, like connected blood pressure monitors. Then there’s data soon to be collected by the hundreds of connected medical devices either new to market or on the way. As all these data begin to flow through analytics engines, the effects on chronic disease management and patient care will be extraordinary.
And it’s already happening. Medical centers are starting to use computer-aided detection systems — or computer-aided diagnosis systems — to help doctors interpret medical images like X-rays, MRIs and ultrasounds. Computer-aided detection systems combine artificial intelligence and computer vision with radiological and pathology image processing, and can be used to support preventive mammogram check-ups, colonoscopies and lung cancer imaging. The goal is to use technology to identify and detect the very earliest signs of abnormality in patients before the human professionals can, thus increasing chances of successful treatment. Predictive analysis techniques have already produced AI that is more accurate than radiologists and dermatologists in many areas of visual diagnosis, and this gap is expected to grow.
To be clear, I’m not suggesting that predictive analytics will replace the doctor and patient model of healthcare we’ve known for millennia. Rather, I’m talking about having machines do what they do best, so that healthcare professionals can do what they do best. IoT and predictive analytics can augment the doctor patient conversation and diagnoses with knowledge based on data — lots of data.
IoT in the healthcare market has more than doubled in the past five years, and shows no sign of slowing down. As more and more health data flows to the cloud for analysis, we’re rapidly approaching a time when healthcare professionals will routinely make computer-assisted diagnoses and treatment plans, and maybe even use predictive analytics to focus more attention on prevention. Unbeknownst to him, Michael Maniscalco’s son is already experiencing what the rest of his generation may one day take for granted: predictive health. It’s on the way.
IoT businesses that successfully build digital revenue streams have a few distinctive traits in common. The core of their success is placing the customer at the center of everything. Device manufacturers that lead the way in IoT utilize software and services-driven business models that offer continuous value through opportunities provided by device connectivity and monetization. They use monetization models with data-driven insights to help them make the right business decisions quickly.
A decade ago, successful digital monetization meant focusing on licensing, compliance and protecting your IP. Today, the proper focus is on earning the satisfaction of your customers to ensure recurring revenue. Taking a 360-degree view of their businesses provides manufacturers and OEMs with the perspective they need to improve process efficiencies, manage entitlements, ensure the health of their business and, most importantly, understand customers’ needs. This holistic view delivers the insights necessary to recognize pain points in two critical areas.
First, an all-encompassing view provides the manufacturer with insights that can eliminate the product silos and disjointed data solutions that lead to inefficiencies, duplicate efforts and missed opportunities. This knowledge is required in order for a manufacturer in any sector — such as buildings, energy, healthcare, industrial, retail or transport — to effectively navigate digital transformation. It provides insight that can support business growth, expansion into new markets — such as leading a hardware company into sales of usage-based or subscription service models — and create fresh offerings, like data AI or data analytics that provide additional value for customers.
Second, this all-encompassing approach supports the customer relationship. It identifies where a more seamless and transparent process would make it simpler for customers to buy and buy again. A service model’s success depends on an ongoing and actively-managed customer relationship driven by customer satisfaction.
Considerations for digital transformation
If you’re a device manufacturer or OEM seeking to distinguish your IoT business as a leading enterprise, consider adopting the following comprehensive approach to transformation:
- Prepare for change. Change isn’t easy. Reorienting a business to deliver and support digital products can be a Herculean task for an organization if leaders don’t champion change and do some transitional groundwork first. For a successful switch to digital, prepare by paying special attention to what the change will mean to your sales department, product development teams and financial systems and processes. One powerful technique is to begin the transition with a single product line or single business region, making it possible to learn and improve the transitional process rather than throwing the entire business into the deep end at once.
- Know your market. In the shift to digital-based products, knowing your market is essential. This knowledge leads to informed offerings that provide clear value to your customers, enabling your organization to establish and expand profitable lines of business. When it comes to building monetization models around digital offerings, it is essential to align pricing with each customer’s perception of the value. In the same vein, the entire organization should align every business effort with the intention of ultimately delivering greater value to the customer.
- See your products through your customers’ eyes. In order to offer products your customers value and to improve upon that value, it’s crucial to understand the precise ways your customers use your products. Gathering usage data about the products and features that customers use most frequently will provide insight about how to align price to value. Once you know what product aspects your customers like, don’t like, love or hate, you can design new pricing and product packages that accentuate the positive and convert digital customers.
- Offer data-driven insights. While the traditional hardware side of the IoT business is quickly becoming commoditized with margins shrinking accordingly, actionable insights backed by IoT data increase in value. Device manufacturers may benefit by creating new insight-based offerings, which provide sought-after value by equipping customers with the capabilities to make wiser decisions. Remember to consider operational requirements, as well. Keeping devices up to date, for example, will also facilitate delivery of valuable data.
- Back your digital business model with a monetization platform. A successful digital business requires not just the right digital business model, but the data to correctly implement and operate that model. A monetization platform greatly facilitates the management of relevant data from across your organization, while automating pertinent processes such as software delivery and updates, licensing and fulfilment, usage analytics and entitlement management. Ultimately, these increase the revenue brought in by digital offerings, also accelerating revenue recognition.
By building and supporting customer-centric offerings and capitalizing on a thorough knowledge of the value your business delivers, you can lead your IoT organization in making the transition to a digital recurring revenue model a successful one.
Forward-thinking, global organizations operating in the most challenging era of our time are increasingly using connected robotic process automation (RPA), to help them stay ahead of the competition.
Connected RPA is enabling organizations to liberate the combined creativity of their operations people — those who really understand their business — working in tandem with automated, digital workers. Together, they access and exploit leading edge cloud, AI, cognitive and other capabilities to invent, innovate and swiftly develop new and disruptive offerings.
With any transformational, fast-evolving, relatively new technology like connected RPA comes hype and confusion. I will highlight what factors are currently fueling this technology’s adoption in the real-world and what results are actually being achieved.
Key results from connected-RPA
Organizations are increasingly using connected RPA to address the following challenges:
- Greater operational agility and flexibility by accelerating processing times and throughput, all while increasing capacity to manage spikes of high transaction volumes.
- Efficiency savings and increased productivity by returning hours back to the business, which will then be repurposed on higher value initiatives.
- Improved quality by cutting manual intervention of detailed, repetitive processes and delivering error free results.
- Improved customer service by removing pain points, streamlining interactions and increasing response times.
- Happy, motivated staff by enabling them to work on more intellectually challenging, fulfilling and value-generating work.
- Process improvement through visibility of process data analytics can be used to generate business insights to create further operational enhancements.
Organizations that operate in industries with strict regulatory or compliance requirements or possess significant manual-driven processes are also using connected RPA to improve risk reduction.
5 connected RPA use cases
Organizations are not just using connected RPA as a catalyst for organizations to enhance business operations, but also to reinvent themselves. This makes the organizations more competitive within their markets. Here are examples of connected RPA in action:
- A connected-RPA operating model spans an organization’s automation journey, from identification of an opportunity to implementation and managing the digital workforce. This model combines the governance and expertise of a center of excellence with the production, consistency and quality efficiencies of a factory model. It’s designed to provide a single point of contact for internal clients, with scalable, predictable quality outcomes at speed. The organization’s wider geographies are supported with a hybrid centralized and federated delivery model designed to address local nuances. The connected RPA deployment scales up with hundreds of digital workers, delivering over a million hours of extra productivity that are returned across multiple lines of business.
- An end-to-end payables process is automated from invoice ingestion to payment. This delivers full-time equivalent savings and generates thousands of additional hours per year. The payable outstanding process time and supplier query response time are cut. By automating the ingestion and creation of customer work visit orders, a combination of connected RPA and AI saves hundreds of hours of service desk agents’ time.
- A company wants to increase overall efficiency while improving customer response times and reducing errors. A smart automation program is employed with strategy and governance underpinned by a center of excellence. The automation program’s focus is on finance and operations, where the company automates many processes ranging from low complexity to very high within months. Processes that are highly technical are deliberately selected to showcase connected RPA’s capabilities to the wider business, with high full-time equivalent savings initially experienced. Other processes, such as correcting errors in order entry, see a major decrease in processing time compared to a human worker.
- Connected RPA is used to automate processes that include supporting the production of an organization’s clinical study reports, which reduces human intervention and saves thousands of hours annually. Automations have been developed globally across various areas of the business. Connected RPA is applied to key processes that include Sarbanes-Oxley Act compliance, product labelling updates and reconciling shipment documentation. This results in tens of thousands of employee hours being transitioned to digital labor with automations executed with a near 100% success rate. Employee productivity is significantly improved too.
- Connected RPA is applied across a company’s customer service, finance, human resources, information technology services and other operations. These automations save hundreds of thousands of business hours on an annualized basis. Using connected RPA with advanced machine learning tools creates an innovative fraud detection and prevention application. This results in optimal detection of potential fraud cases for subsequent handling by human investigators. The combined solution is expected to result in multi-million dollar savings each year in lost revenue due to the substantial cost — value that couldn’t have been captured solely by humans.
The good news is that any fears of workplace automation causing job losses are misplaced. The reality is that organizations embracing connected RPA are retaining and upskilling staff, and they’re happier now because they’re being allowed to refocus on more value added tasks. Moving forward, organizations that employ connected RPA with AI and cognitive technologies are seeing this as providing a true foundation for collaborative technology innovation. They can finally deliver digital transformation across their businesses.
Before we dive into it, a building management system (BMS) — or smart building technology — is an intelligent microprocessor-based controller network installed to monitor and control a building’s technical systems and services, such as air conditioning, heating, video surveillance and elevators. These services are essential for managing industrial operations. BMS and centralized building management systems enhance the management of industrial infrastructures and a building’s mechanical and electrical equipment.
The BMS system also controls energy consumption, boiler controls, lighting controls, the fire alarm system and plumbing water monitoring among other functions, with cost containment as the main focus.
The rise of smart building technology
The use of BMS is growing at approximately 15% to 34% annually, according to ASIS International. By 2022, the BMS industry is expected to be worth around $104 billion.
BMSes are being implemented for an increasingly wide range of applications. While initial BMS systems were for heating, cooling and primarily used to reduce costs, today a huge range of smart devices are being used to increase worker productivity, reduce operational costs and secure businesses. While the headlines only catch the high-profile new smart buildings, the truth is that new BMS technologies are making their way into just about every type of structure. BMS systems are used to monitor and secure hospitals, datacenters, airports and hotels.
Security risks of smart building technology
Although BMS systems were never designed to be connected to the internet, it’s unrealistic to think they would remain as closed systems. In fact, the increasing number of interconnected smart devices opens them up to so many access points that it’s impossible to keep them isolated. Therefore, alongside the tremendous operational benefits of smart building technology, all these new devices and their interconnectivity introduce new cybersecurity risks.
With hundreds or thousands of devices in a building, the potential attack surfaces from unsecured devices are enormous, and the implications of the attacks can be more dramatic. There have been a few high-profile cyberattacks on businesses via a BMS. One instance was the BMS cyberattack against Target. Cyberattackers gained access to Target’s point-of-sale (POS) system software to obtain the credit and debit card data associated with over 110 million accounts.
The hackers did not directly attack the POS system. Instead, they began stealing login credentials used by Target’s heating, ventilation and air conditioning vendor when they connected to the Target web applications. It was through this attack vector that the hackers gained access to Target’s Active Directory and, ultimately, the Target POS system where they could collect credit card numbers and other sensitive data.
Other recent examples of how BMS systems can be attacked
BMS systems are considered operational technology (OT), and they differ from standard IT systems primarily because of the variety of devices, protocols and functionalities of the networks. BMS systems include embedded technologies that generate data, perform physical functions, and communicate using industry-specific OT protocols such as BACNet and LonWork. Given the BMS-specific protocols and the variety and multitudes of devices involved, the challenges of smart building security need to be addressed directly with security solutions designed specifically for those challenges. Below are a few examples of malicious attacks on BMS systems:
- Ransomware attacks can take control of critical systems, such as in the case of an hotel in Austria, where hotel residents were locked out of bedrooms.
- Denial of service attacks can overload smart building systems and disrupt critical systems, such as heating during cold winter days.
- Smart devices can be hacked to get access to the main IT systems of the entire company.
The unique challenges of smart building technology
The main distinction between BMS networks and other OT networks, such as those found in factories, is that smart buildings do not have a well-defined physical perimeter. Environments with BMS networks are characterized by a large number of visitors inside the physical perimeter. In an office building, hotel, apartment complex or even a hospital, hundreds or even thousands of guests might visit daily.
The definition of the access permissions constantly changes, increasing the possibility for breaches. It becomes overwhelmingly difficult to identify anomalous behavior. OT systems are generally spread all across a facility with many networking and access points, enabling various interfaces with the BMS network.
Another difficulty is comparing BMS networks to industrial control systems (ICS), and believing that smart building security can be controlled like ICS security. Quite the contrary: BMS networks are much more interconnected than ICS networks. Additionally, IoT devices are an important component of smart buildings and are less likely to be found in ICS systems.
Increasing control and visibility in BMS networks
To meet the security challenges of BMS networks, it is essential to have security systems that can discover every single device on a network, detect any rogue devices and detect activities that can endanger the operational stability of these critical devices.
By monitoring OT network traffic, behavior, and analyzing proprietary BMS protocols, such as LonWorks and BACNet, the idyllic solution quickly identifies and monitors every single device in any network. The solution also provides 100% monitoring of all traffic from all devices.
Security teams for BMS networks need to integrate a proven BMS security solution into each subsystem, such as access control and elevators on each floor of a building. Once they’re connected to the BMS network, the platform provides the visibility and monitoring capabilities required to gain control over their large-scale complex environments.
The core benefits of an ideal, scalable BMS network security solution should include:
- Discovery and inventory management of all the devices throughout the building or campus.
- A full, deep packet inspection support for proprietary protocols such as LonWorks and BACNet.
- A non-intrusive monitoring system with zero influence on the performance of the smart devices in the network.
- An adaptive, dynamic baseline that will learn about normative behavior and automatically detect any anomalies.
- As BMS architecture develops, the ability to adapt immediately to new configurations and devices should be automated.
- Should contain secure critical systems such as HVAC, elevators, surveillance and access control.
- Easy to use and operate for both OT staff and IT staff.
- Ability to seamlessly integrate BMS OT security into existing security controls.
In the last three years approximately one in five organizations has been subject to an IoT-based cyber-attack, according to Gartner Research. The IoT attack surface continues to grow quickly as more IoT endpoints are connected online. Perhaps IoT adoption has not affected your organization’s security just yet, but in this context I would like to call attention to your Wi-Fi network’s security before it becomes a problem.
Previously, I have discussed the security risks that come with IoT adoption and why it is easy to hack into these devices, as well as best practices in IoT security. Today, let’s look at Wi-Fi authentication methods and best practices to use for your IoT devices.
Unfortunately, enterprise IoT and Wi-Fi security are not always carefully planned and monitored. As with BYOD, organizations are oftentimes dealing with IoT without even knowing it. Still, as IoT endpoints are being added to many organizational Wi-Fi networks, IT administrators are already using visibility and authentication tools to protect against IoT security threats. The end-goal should be to incorporate enterprise-grade Wi-Fi security to avoid network breaches.
Wi-Fi network segmentation
Older IoT devices do not support advanced authentication mechanisms. Therefore, the best approach is to make sure that they connect to a separate segment of the Wi-Fi network that is dedicated exclusively to IoT, where at all possible. This means making sure that this segment is not used by any end users, including employees, guests and contractors.
In general, setting up segmented sections and guest networks enables IT teams to separate network traffic by user, and assign credential-based access privileges, thereby increasing security levels and keeping guests and IoT devices off of the main business network. Creating separate Wi-Fi networks for IoT endpoints has the added benefit of keeping network performance at its best, and doesn’t bog down the business Wi-Fi bandwidth and capabilities.
Use the right Wi-Fi authentication protocols
Open authentication and Wired Equivalent Privacy (WEP) should never be used in the enterprise — large or small — as the first is not encrypted and WEP is easily hacked. WPA-PSK should be used only as a last resort where WPA-Enterprise — also known as 802.1X — is not available on a device. Due to radio frequencies, oftentimes IT teams must setup a dedicated service set identifier for IoT, which is not a security requirement necessarily but rather an operational need.
Some organizations onboard IoT endpoints with WPA2-PSK — pre-shared key technology that is an authentication and encryption method based on a shared password among all devices. These organizations grant Wi-Fi access by using WPA2-PSK, which is advancing to WPA3-PSK, for IoT devices such as printers, security cameras, smart refrigerators, smart TVs, HVAC sensors and more. This is not my recommended approach to use, but sometimes there is no other way. In this case, be sure to keep these Wi-Fi networks separated or segmented from end users, and make sure that the access password is known only to the most trustworthy employee, or to your IT contractor.
By far the most advanced authentication methods to use are based on 802.1X/WPA2-Enterprise. Authentication to Wi-Fi is done by using different identities instead of a single password; this is based on digital certificates or on credentials — user and password — that are preferably unique for each device.
If the device is lost, stolen or launches a distributed denial-of-service attack, the WiFi network security system can kick the device off the network, restrict its access to specific segments or quarantine it.
Controlled access for IoT devices on your Wi-Fi network
Your IT team cannot protect the wireless network unless they have awareness of IoT endpoints or, preferably, they have a system in place that keeps track of which devices are connecting to the network at any given time. With the right Wi-Fi security monitoring system in place, you can — and should — set up automatic access controls based on WPA2-Enterprise. Once an IoT device is identified and tagged, your Wi-Fi security mechanism can assign it to a particular virtual LAN, set limits and other protections.
Include scalability when it comes to your IoT and Wi-Fi network security
Prepare your wireless network security as you would prepare your company for growth. With the growing number of locations, user and employees, you are adding more devices that must be accounted for and authenticated when planning your IoT network. To adapt to the rising number of locations, apps and devices, Wi-Fi security scalability can easily be provided by using SaaS solutions. This way, as wireless networks and IoT technologies evolve in the upcoming years, your security will be able to scale and suit the needs of the time.
Using WPA2-Enterprise will turn your business Wi-Fi into a safer IoT network
As IoT usage has increased, having a secure Wi-Fi network to onboard and connect your IoT devices has become more crucial. The best authentication method to secure the network is WPA-Enterprise, and the easiest way to implement this method is via a SaaS platform. IoT Wi-Fi security SaaS implementations can be done quickly with enterprise-grade security for all organization sizes, including large and small. Thanks to the new access and control systems now available, businesses can incorporate new IoT devices and sensors into their networks with more confidence and ease than ever before.