There are compelling incentives for an organization to innovate and transform, including revenue growth, new markets, operational efficiencies, cost savings and gaining the ability to derive value from IoT data, just to name a few. While most organizations know they need to transform digitally to reap those benefits, it can be difficult to know where to start.
Digital transformation starts with a strategic plan. Once that plan is in place and you’ve selected the right development tools and platform, you’ll be ready to deliver on your digital transformation goals rapidly. The key is to think continuously and iteratively vs. thinking about a defined end to your digital transformation. You’ll never run out of ways to improve your business using technology.
Start with a strategic business and technical plan that can guide your digital experience efforts. Unlike other strategy planning processes, this should be a nimble plan that is tied specifically to the most important business goals. Five key components set organizations up for success.
- Business and Technology Alignment. Align company and team objectives and measurements.
- Customer Experience Brainstorm. Identify customer experience initiatives.
- Employee Engagement Brainstorm. Identify employee engagement initiatives.
- Channel Optimization Brainstorm. Identify partner optimization initiatives.
- Digital Initiative and Investment Summary. Produce a prioritized list of initiatives by impact and feasibility.
Align business and technology
If you have goals that cascade through your organization, you have a great starting point for step one. The idea here is to leverage any existing corporate-level strategic plans regardless of what methodology was used to drive the planning process. What’s important is that the goals reflect the organization’s primary mission. At the very top it should address major go-to-market topics like revenue, operating margins, customer growth, corporate expansion and so on. For this exercise, less is more, so simply identify the three key company objectives along with measurable results. If it can’t be measured, it can’t be a goal.
This process should be done for each major business function, including sales and marketing, products and services, finance and operations and customer service.
Brainstorming the customer experience
Since digital transformation starts with the customer, we’ll first brainstorm what we can do to improve the customer experience. Start by choosing a slogan as a guiding principle or some inspirational approach to get people in the right mindset. Next, assess customer preferences for both digital and physical interactions by doing a high-level persona evaluation. Consider their geographic location and the potential of harvesting IoT sensor data to more deeply engage them. It’s important to identity future customer considerations as well and to understand just who comprises your audience. Different generations have different preferences. Finally, consider digital opportunities at each stage of the customer journey from pre-sale, to the actual purchase process, to post-sale.
Brainstorming the employee experience
Employee engagement and customer engagement are symbiotic, with research revealing that organizations with happy, productive employees have much higher customer satisfaction ratings and profitability, plus the ability to attract and keep quality talent.
We will use an approach for employee engagement that will produce the same output as the customer experience process. I like to use an attract and retain every day approach to set the stage. Think in terms of the entire employee lifecycle, which includes branding and recruiting. Think also of innovative tools to make employees lives easier and more efficient, such as mobile field service apps that leverage sensor data to further enable productivity.
Brainstorming partner optimization
Depending on the structure of your organization, it may be important to consider your channel or partner ecosystem. Take a holistic partner ecosystem approach and consider aspects such as:
- Partner recruitment and training
- Company and partner system integration
- Partner selling and transaction support
Don’t neglect your supply chain and your sales and marketing channel. In both cases, it’s imperative to think about the entire partner lifecycle.
Digital initiative investment strategy
Before we prioritize and build a high-level timeline, it’s time to think about digital from a different perspective. This will complement the assessment that you did for customer, employee and partner.
In this exercise, you’ll consider how digital or the combination of digital and physical can be used to impact each company objective. You should include each discipline that was identified as part of the upfront corporate goal alignment step.
Next, prioritize your digital initiatives by assessing three elements: value, acceptance and risk. Plot them on a diagram like the one below where impact represents value, and success feasibility addresses both acceptance and risk into a single factor. One way to do this is to place each digital project in the appropriate quadrant, looking for initiatives that have the highest impact as well as the highest probability of success.
To be successful, participants in this exercise need to come from across the enterprise. In addition to AppDev and IT, they should include groups like sales and marketing, products and services, finance and operations and customer service. By the end of the process, you should have a clear plan for success for your organization’s digital transformation.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
When one of his 18-month-old triplets was diagnosed with Type-1 diabetes, Michael Maniscalco, CEO of Better Living Technologies, knew his family needed help. If his little boy’s blood sugar level got too low, he risked severe health complications, including death. To guard against this, the child was given a continuous glucose monitor patch that checked his levels and sent them to a smart phone, which then relayed the data to the cloud for assessment. If a reading dropped dangerously low, the family would be notified via the phone. But how could parents of toddler triplets monitor their phones 24/7?
They couldn’t. Within a month, both Michael and his partner were beyond sleep-deprived, and experiencing near constant stress. It wasn’t sustainable. Michael — who holds a computer science degree and had some experience with smart home devices — was convinced there had to be a better way, and set to work finding it. Ultimately, he connected his son’s glucose data in the cloud to any device in the home that could receive data: smart phones, yes, but also laptops, virtual assistants, smart watches, smart appliances and smart light bulbs. Now, no matter where they were or what they were doing, both parents could be confident they’d be alerted if something was wrong. And some semblance of sleep returned. By connecting cloud analytics to IoT devices, Michael had not only created a kind of personal health network for his son, but also a proof of concept for anyone needing remote 24/7 health monitoring.
As I listened to Michael’s story, it became clear to me that many of the IoT features people might use for personal healthcare are similar to those we’re creating today in smart, IoT-enabled factories. Especially in the realm of predictive analytics, using real-time statistics, data-mining, modeling, AI and machine learning to sift through data, find patterns, assess risk and then make predictions about the future. In industrial IoT, predictive analytics is the basis of tools, including predictive maintenance, real-time asset monitoring, quality sensing, supply synchronization and much more. Predictive analytics allows enterprises to be more forward-looking and proactive, anticipating human behaviors, infrastructure issues and outcomes based on data, not hunches or assumptions. Predictive analytics can even provide decision options.
Now, as we apply predictive analytics to health-related data, we begin to see the promise of predictive health. The glucose monitor Michael’s son uses takes a reading every 5 seconds and sends that information to the cloud. That’s 17,280 readings every day, 6,307,200 data points per year. Where a human doctor might be overwhelmed with this volume of data — or, more likely, just look at specific points in time — analytic tools can easily detect patterns within the full dataset. And that’s just for a single individual. In the future, anonymized data from every glucose monitor in the U.S. could yield truly massive datasets from which we extract patterns to design better treatments, and maybe even start predicting blood sugar problems before they arise. The same principle applies across all of health and wellness. Imagine what the data streams from fitness trackers and smart phones — like exercise, heart rate or sleep monitors — could contribute to long-term heart health.
The concept scales. Predictive analytics in healthcare has the potential to surface tremendous insights hiding in hospital data and in the massive data generated by wearable connected devices, like connected blood pressure monitors. Then there’s data soon to be collected by the hundreds of connected medical devices either new to market or on the way. As all these data begin to flow through analytics engines, the effects on chronic disease management and patient care will be extraordinary.
And it’s already happening. Medical centers are starting to use computer-aided detection systems — or computer-aided diagnosis systems — to help doctors interpret medical images like X-rays, MRIs and ultrasounds. Computer-aided detection systems combine artificial intelligence and computer vision with radiological and pathology image processing, and can be used to support preventive mammogram check-ups, colonoscopies and lung cancer imaging. The goal is to use technology to identify and detect the very earliest signs of abnormality in patients before the human professionals can, thus increasing chances of successful treatment. Predictive analysis techniques have already produced AI that is more accurate than radiologists and dermatologists in many areas of visual diagnosis, and this gap is expected to grow.
To be clear, I’m not suggesting that predictive analytics will replace the doctor and patient model of healthcare we’ve known for millennia. Rather, I’m talking about having machines do what they do best, so that healthcare professionals can do what they do best. IoT and predictive analytics can augment the doctor patient conversation and diagnoses with knowledge based on data — lots of data.
IoT in the healthcare market has more than doubled in the past five years, and shows no sign of slowing down. As more and more health data flows to the cloud for analysis, we’re rapidly approaching a time when healthcare professionals will routinely make computer-assisted diagnoses and treatment plans, and maybe even use predictive analytics to focus more attention on prevention. Unbeknownst to him, Michael Maniscalco’s son is already experiencing what the rest of his generation may one day take for granted: predictive health. It’s on the way.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
IoT businesses that successfully build digital revenue streams have a few distinctive traits in common. The core of their success is placing the customer at the center of everything. Device manufacturers that lead the way in IoT utilize software and services-driven business models that offer continuous value through opportunities provided by device connectivity and monetization. They use monetization models with data-driven insights to help them make the right business decisions quickly.
A decade ago, successful digital monetization meant focusing on licensing, compliance and protecting your IP. Today, the proper focus is on earning the satisfaction of your customers to ensure recurring revenue. Taking a 360-degree view of their businesses provides manufacturers and OEMs with the perspective they need to improve process efficiencies, manage entitlements, ensure the health of their business and, most importantly, understand customers’ needs. This holistic view delivers the insights necessary to recognize pain points in two critical areas.
First, an all-encompassing view provides the manufacturer with insights that can eliminate the product silos and disjointed data solutions that lead to inefficiencies, duplicate efforts and missed opportunities. This knowledge is required in order for a manufacturer in any sector — such as buildings, energy, healthcare, industrial, retail or transport — to effectively navigate digital transformation. It provides insight that can support business growth, expansion into new markets — such as leading a hardware company into sales of usage-based or subscription service models — and create fresh offerings, like data AI or data analytics that provide additional value for customers.
Second, this all-encompassing approach supports the customer relationship. It identifies where a more seamless and transparent process would make it simpler for customers to buy and buy again. A service model’s success depends on an ongoing and actively-managed customer relationship driven by customer satisfaction.
Considerations for digital transformation
If you’re a device manufacturer or OEM seeking to distinguish your IoT business as a leading enterprise, consider adopting the following comprehensive approach to transformation:
- Prepare for change. Change isn’t easy. Reorienting a business to deliver and support digital products can be a Herculean task for an organization if leaders don’t champion change and do some transitional groundwork first. For a successful switch to digital, prepare by paying special attention to what the change will mean to your sales department, product development teams and financial systems and processes. One powerful technique is to begin the transition with a single product line or single business region, making it possible to learn and improve the transitional process rather than throwing the entire business into the deep end at once.
- Know your market. In the shift to digital-based products, knowing your market is essential. This knowledge leads to informed offerings that provide clear value to your customers, enabling your organization to establish and expand profitable lines of business. When it comes to building monetization models around digital offerings, it is essential to align pricing with each customer’s perception of the value. In the same vein, the entire organization should align every business effort with the intention of ultimately delivering greater value to the customer.
- See your products through your customers’ eyes. In order to offer products your customers value and to improve upon that value, it’s crucial to understand the precise ways your customers use your products. Gathering usage data about the products and features that customers use most frequently will provide insight about how to align price to value. Once you know what product aspects your customers like, don’t like, love or hate, you can design new pricing and product packages that accentuate the positive and convert digital customers.
- Offer data-driven insights. While the traditional hardware side of the IoT business is quickly becoming commoditized with margins shrinking accordingly, actionable insights backed by IoT data increase in value. Device manufacturers may benefit by creating new insight-based offerings, which provide sought-after value by equipping customers with the capabilities to make wiser decisions. Remember to consider operational requirements, as well. Keeping devices up to date, for example, will also facilitate delivery of valuable data.
- Back your digital business model with a monetization platform. A successful digital business requires not just the right digital business model, but the data to correctly implement and operate that model. A monetization platform greatly facilitates the management of relevant data from across your organization, while automating pertinent processes such as software delivery and updates, licensing and fulfilment, usage analytics and entitlement management. Ultimately, these increase the revenue brought in by digital offerings, also accelerating revenue recognition.
By building and supporting customer-centric offerings and capitalizing on a thorough knowledge of the value your business delivers, you can lead your IoT organization in making the transition to a digital recurring revenue model a successful one.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Forward-thinking, global organizations operating in the most challenging era of our time are increasingly using connected robotic process automation (RPA), to help them stay ahead of the competition.
Connected RPA is enabling organizations to liberate the combined creativity of their operations people — those who really understand their business — working in tandem with automated, digital workers. Together, they access and exploit leading edge cloud, AI, cognitive and other capabilities to invent, innovate and swiftly develop new and disruptive offerings.
With any transformational, fast-evolving, relatively new technology like connected RPA comes hype and confusion. I will highlight what factors are currently fueling this technology’s adoption in the real-world and what results are actually being achieved.
Key results from connected-RPA
Organizations are increasingly using connected RPA to address the following challenges:
- Greater operational agility and flexibility by accelerating processing times and throughput, all while increasing capacity to manage spikes of high transaction volumes.
- Efficiency savings and increased productivity by returning hours back to the business, which will then be repurposed on higher value initiatives.
- Improved quality by cutting manual intervention of detailed, repetitive processes and delivering error free results.
- Improved customer service by removing pain points, streamlining interactions and increasing response times.
- Happy, motivated staff by enabling them to work on more intellectually challenging, fulfilling and value-generating work.
- Process improvement through visibility of process data analytics can be used to generate business insights to create further operational enhancements.
Organizations that operate in industries with strict regulatory or compliance requirements or possess significant manual-driven processes are also using connected RPA to improve risk reduction.
5 connected RPA use cases
Organizations are not just using connected RPA as a catalyst for organizations to enhance business operations, but also to reinvent themselves. This makes the organizations more competitive within their markets. Here are examples of connected RPA in action:
- A connected-RPA operating model spans an organization’s automation journey, from identification of an opportunity to implementation and managing the digital workforce. This model combines the governance and expertise of a center of excellence with the production, consistency and quality efficiencies of a factory model. It’s designed to provide a single point of contact for internal clients, with scalable, predictable quality outcomes at speed. The organization’s wider geographies are supported with a hybrid centralized and federated delivery model designed to address local nuances. The connected RPA deployment scales up with hundreds of digital workers, delivering over a million hours of extra productivity that are returned across multiple lines of business.
- An end-to-end payables process is automated from invoice ingestion to payment. This delivers full-time equivalent savings and generates thousands of additional hours per year. The payable outstanding process time and supplier query response time are cut. By automating the ingestion and creation of customer work visit orders, a combination of connected RPA and AI saves hundreds of hours of service desk agents’ time.
- A company wants to increase overall efficiency while improving customer response times and reducing errors. A smart automation program is employed with strategy and governance underpinned by a center of excellence. The automation program’s focus is on finance and operations, where the company automates many processes ranging from low complexity to very high within months. Processes that are highly technical are deliberately selected to showcase connected RPA’s capabilities to the wider business, with high full-time equivalent savings initially experienced. Other processes, such as correcting errors in order entry, see a major decrease in processing time compared to a human worker.
- Connected RPA is used to automate processes that include supporting the production of an organization’s clinical study reports, which reduces human intervention and saves thousands of hours annually. Automations have been developed globally across various areas of the business. Connected RPA is applied to key processes that include Sarbanes-Oxley Act compliance, product labelling updates and reconciling shipment documentation. This results in tens of thousands of employee hours being transitioned to digital labor with automations executed with a near 100% success rate. Employee productivity is significantly improved too.
- Connected RPA is applied across a company’s customer service, finance, human resources, information technology services and other operations. These automations save hundreds of thousands of business hours on an annualized basis. Using connected RPA with advanced machine learning tools creates an innovative fraud detection and prevention application. This results in optimal detection of potential fraud cases for subsequent handling by human investigators. The combined solution is expected to result in multi-million dollar savings each year in lost revenue due to the substantial cost — value that couldn’t have been captured solely by humans.
The good news is that any fears of workplace automation causing job losses are misplaced. The reality is that organizations embracing connected RPA are retaining and upskilling staff, and they’re happier now because they’re being allowed to refocus on more value added tasks. Moving forward, organizations that employ connected RPA with AI and cognitive technologies are seeing this as providing a true foundation for collaborative technology innovation. They can finally deliver digital transformation across their businesses.
Before we dive into it, a building management system (BMS) — or smart building technology — is an intelligent microprocessor-based controller network installed to monitor and control a building’s technical systems and services, such as air conditioning, heating, video surveillance and elevators. These services are essential for managing industrial operations. BMS and centralized building management systems enhance the management of industrial infrastructures and a building’s mechanical and electrical equipment.
The BMS system also controls energy consumption, boiler controls, lighting controls, the fire alarm system and plumbing water monitoring among other functions, with cost containment as the main focus.
The rise of smart building technology
The use of BMS is growing at approximately 15% to 34% annually, according to ASIS International. By 2022, the BMS industry is expected to be worth around $104 billion.
BMSes are being implemented for an increasingly wide range of applications. While initial BMS systems were for heating, cooling and primarily used to reduce costs, today a huge range of smart devices are being used to increase worker productivity, reduce operational costs and secure businesses. While the headlines only catch the high-profile new smart buildings, the truth is that new BMS technologies are making their way into just about every type of structure. BMS systems are used to monitor and secure hospitals, datacenters, airports and hotels.
Security risks of smart building technology
Although BMS systems were never designed to be connected to the internet, it’s unrealistic to think they would remain as closed systems. In fact, the increasing number of interconnected smart devices opens them up to so many access points that it’s impossible to keep them isolated. Therefore, alongside the tremendous operational benefits of smart building technology, all these new devices and their interconnectivity introduce new cybersecurity risks.
With hundreds or thousands of devices in a building, the potential attack surfaces from unsecured devices are enormous, and the implications of the attacks can be more dramatic. There have been a few high-profile cyberattacks on businesses via a BMS. One instance was the BMS cyberattack against Target. Cyberattackers gained access to Target’s point-of-sale (POS) system software to obtain the credit and debit card data associated with over 110 million accounts.
The hackers did not directly attack the POS system. Instead, they began stealing login credentials used by Target’s heating, ventilation and air conditioning vendor when they connected to the Target web applications. It was through this attack vector that the hackers gained access to Target’s Active Directory and, ultimately, the Target POS system where they could collect credit card numbers and other sensitive data.
Other recent examples of how BMS systems can be attacked
BMS systems are considered operational technology (OT), and they differ from standard IT systems primarily because of the variety of devices, protocols and functionalities of the networks. BMS systems include embedded technologies that generate data, perform physical functions, and communicate using industry-specific OT protocols such as BACNet and LonWork. Given the BMS-specific protocols and the variety and multitudes of devices involved, the challenges of smart building security need to be addressed directly with security solutions designed specifically for those challenges. Below are a few examples of malicious attacks on BMS systems:
- Ransomware attacks can take control of critical systems, such as in the case of an hotel in Austria, where hotel residents were locked out of bedrooms.
- Denial of service attacks can overload smart building systems and disrupt critical systems, such as heating during cold winter days.
- Smart devices can be hacked to get access to the main IT systems of the entire company.
The unique challenges of smart building technology
The main distinction between BMS networks and other OT networks, such as those found in factories, is that smart buildings do not have a well-defined physical perimeter. Environments with BMS networks are characterized by a large number of visitors inside the physical perimeter. In an office building, hotel, apartment complex or even a hospital, hundreds or even thousands of guests might visit daily.
The definition of the access permissions constantly changes, increasing the possibility for breaches. It becomes overwhelmingly difficult to identify anomalous behavior. OT systems are generally spread all across a facility with many networking and access points, enabling various interfaces with the BMS network.
Another difficulty is comparing BMS networks to industrial control systems (ICS), and believing that smart building security can be controlled like ICS security. Quite the contrary: BMS networks are much more interconnected than ICS networks. Additionally, IoT devices are an important component of smart buildings and are less likely to be found in ICS systems.
Increasing control and visibility in BMS networks
To meet the security challenges of BMS networks, it is essential to have security systems that can discover every single device on a network, detect any rogue devices and detect activities that can endanger the operational stability of these critical devices.
By monitoring OT network traffic, behavior, and analyzing proprietary BMS protocols, such as LonWorks and BACNet, the idyllic solution quickly identifies and monitors every single device in any network. The solution also provides 100% monitoring of all traffic from all devices.
Security teams for BMS networks need to integrate a proven BMS security solution into each subsystem, such as access control and elevators on each floor of a building. Once they’re connected to the BMS network, the platform provides the visibility and monitoring capabilities required to gain control over their large-scale complex environments.
The core benefits of an ideal, scalable BMS network security solution should include:
- Discovery and inventory management of all the devices throughout the building or campus.
- A full, deep packet inspection support for proprietary protocols such as LonWorks and BACNet.
- A non-intrusive monitoring system with zero influence on the performance of the smart devices in the network.
- An adaptive, dynamic baseline that will learn about normative behavior and automatically detect any anomalies.
- As BMS architecture develops, the ability to adapt immediately to new configurations and devices should be automated.
- Should contain secure critical systems such as HVAC, elevators, surveillance and access control.
- Easy to use and operate for both OT staff and IT staff.
- Ability to seamlessly integrate BMS OT security into existing security controls.
In the last three years approximately one in five organizations has been subject to an IoT-based cyber-attack, according to Gartner Research. The IoT attack surface continues to grow quickly as more IoT endpoints are connected online. Perhaps IoT adoption has not affected your organization’s security just yet, but in this context I would like to call attention to your Wi-Fi network’s security before it becomes a problem.
Previously, I have discussed the security risks that come with IoT adoption and why it is easy to hack into these devices, as well as best practices in IoT security. Today, let’s look at Wi-Fi authentication methods and best practices to use for your IoT devices.
Unfortunately, enterprise IoT and Wi-Fi security are not always carefully planned and monitored. As with BYOD, organizations are oftentimes dealing with IoT without even knowing it. Still, as IoT endpoints are being added to many organizational Wi-Fi networks, IT administrators are already using visibility and authentication tools to protect against IoT security threats. The end-goal should be to incorporate enterprise-grade Wi-Fi security to avoid network breaches.
Wi-Fi network segmentation
Older IoT devices do not support advanced authentication mechanisms. Therefore, the best approach is to make sure that they connect to a separate segment of the Wi-Fi network that is dedicated exclusively to IoT, where at all possible. This means making sure that this segment is not used by any end users, including employees, guests and contractors.
In general, setting up segmented sections and guest networks enables IT teams to separate network traffic by user, and assign credential-based access privileges, thereby increasing security levels and keeping guests and IoT devices off of the main business network. Creating separate Wi-Fi networks for IoT endpoints has the added benefit of keeping network performance at its best, and doesn’t bog down the business Wi-Fi bandwidth and capabilities.
Use the right Wi-Fi authentication protocols
Open authentication and Wired Equivalent Privacy (WEP) should never be used in the enterprise — large or small — as the first is not encrypted and WEP is easily hacked. WPA-PSK should be used only as a last resort where WPA-Enterprise — also known as 802.1X — is not available on a device. Due to radio frequencies, oftentimes IT teams must setup a dedicated service set identifier for IoT, which is not a security requirement necessarily but rather an operational need.
Some organizations onboard IoT endpoints with WPA2-PSK — pre-shared key technology that is an authentication and encryption method based on a shared password among all devices. These organizations grant Wi-Fi access by using WPA2-PSK, which is advancing to WPA3-PSK, for IoT devices such as printers, security cameras, smart refrigerators, smart TVs, HVAC sensors and more. This is not my recommended approach to use, but sometimes there is no other way. In this case, be sure to keep these Wi-Fi networks separated or segmented from end users, and make sure that the access password is known only to the most trustworthy employee, or to your IT contractor.
By far the most advanced authentication methods to use are based on 802.1X/WPA2-Enterprise. Authentication to Wi-Fi is done by using different identities instead of a single password; this is based on digital certificates or on credentials — user and password — that are preferably unique for each device.
If the device is lost, stolen or launches a distributed denial-of-service attack, the WiFi network security system can kick the device off the network, restrict its access to specific segments or quarantine it.
Controlled access for IoT devices on your Wi-Fi network
Your IT team cannot protect the wireless network unless they have awareness of IoT endpoints or, preferably, they have a system in place that keeps track of which devices are connecting to the network at any given time. With the right Wi-Fi security monitoring system in place, you can — and should — set up automatic access controls based on WPA2-Enterprise. Once an IoT device is identified and tagged, your Wi-Fi security mechanism can assign it to a particular virtual LAN, set limits and other protections.
Include scalability when it comes to your IoT and Wi-Fi network security
Prepare your wireless network security as you would prepare your company for growth. With the growing number of locations, user and employees, you are adding more devices that must be accounted for and authenticated when planning your IoT network. To adapt to the rising number of locations, apps and devices, Wi-Fi security scalability can easily be provided by using SaaS solutions. This way, as wireless networks and IoT technologies evolve in the upcoming years, your security will be able to scale and suit the needs of the time.
Using WPA2-Enterprise will turn your business Wi-Fi into a safer IoT network
As IoT usage has increased, having a secure Wi-Fi network to onboard and connect your IoT devices has become more crucial. The best authentication method to secure the network is WPA-Enterprise, and the easiest way to implement this method is via a SaaS platform. IoT Wi-Fi security SaaS implementations can be done quickly with enterprise-grade security for all organization sizes, including large and small. Thanks to the new access and control systems now available, businesses can incorporate new IoT devices and sensors into their networks with more confidence and ease than ever before.
Anyone who has been paying attention to the tech world over the last few years knows that IoT is popular and growing rapidly, including its industrial twin IIoT. This growth is fueled by the oncoming implementation of another technology trend: 5G networking. Billions of IoT devices will come online in the coming years, and securing those devices against unauthorized access is a serious concern.
We’ve all heard the story about the Las Vegas casino hacked via an IoT-connected aquarium and millions of connected vehicles being recalled due to hacking problems. Further, network security experts have implemented honeypot tests that have determined that devices connected to the Internet have approximately five minutes of safety before being probed by bots to determine their level of security, which — in most cases — is nonexistent. This is because users often neglect to change user IDs and passwords from their default settings.
Cyberattacks threaten IoT
Cyberattacks are on the rise, and component firmware is an increasingly popular attack vector for cyberattacks. In 2018, security vulnerabilities rendered over 3 billion chips in systems of all types unprotected via the exploitation of firmware weaknesses. Unsecured firmware can lead to data and IP theft, product cloning and overbuilding, and device tampering or hijacking.
This type of security is no mere annoyance. Unsecured firmware can expose network OEMs to the financial and brand reputation risks associated with device hijacking — used in distributed denial-of-service attacks — and device tampering or destruction. Failure to address these risks can negatively impact a company’s reputation and financial performance.
Disturbingly, security threats are no longer confined to systems in active use. Attackers target components anywhere in the product lifecycle, from initial component manufacturing and shipment to a contract manufacturer to system integration and on through its entire operating life. Because of this, OEMs need a robust security solution that protects hardware from these threats across every stage of a system’s lifecycle.
Root of trust devices help address security risks
How can OEMs address this problem? An increasingly attractive option is the establishment of one or more hardware Root of Trust devices, which can be used as a platform to provide the ability to secure all device firmware in a system. Such a platform can support a range of security protocols such as data encryption, data authentication, firmware authentication, system authentication and code/configuration encryption.
A root of trust device is the first link in a chain of trust that protects the entire system. Once designers have identified the first trusted device, which is usually a programmable logic device, field-programmable gate array (FPGA) or multipoint control unit (MCU), it can confirm it’s operating in a trusted state from the moment it boots, and then serve as the root of trust as it checks and boots other system hardware. root of trust devices must contain the hardware necessary to verify their own configuration and should be the first digital devices to boot at power up, and the last to shut down at power off.
A look at different security architectures
Some system designers might ask themselves this: What kind of security architecture is required when both the number and sophistication of threats is constantly rising? First and foremost, any solution must be robust enough to protect against new and existing threats to firmware. To help designers measure the capability of their solution, the National Institute of Standards and Technology (NIST) recently defined a new uniform security mechanism. The NIST SP 800 193 Platform Firmware Resilience guidelines were designed to comprehensively ensure a root of trust is established to all system firmware.
Developers of the new specification were driven by three guiding principles:
- Protection: Protect non-volatile firmware memory through access control.
- Detection: Cryptographically detects and prevents booting from malicious code.
- Recovery: In the case of corruption, the system recovers to the latest trusted good firmware.
Ideally, an engine that provides hardware security should consume little power, offer a high degree of design flexibility, be scalable and occupy a small physical footprint. A MCU offers excellent computational resources, but typically doesn’t offer the comprehensive capabilities needed to help boot other system processors or components. Furthermore, once an MCU is running, it’s hard for it to monitor its own boot memory.
FPGAs offers a significant advantage relative to MCUs. FPGAs are often used to enable power and system management functions, which often makes them the first on and last off hardware component in the entire system. This also makes FPGAs an ideal platform to establish a root of trust. Designers can exploit the parallel nature of FPGAs to check multiple memories in parallel, which can lead to significant boot time improvements. And unlike MCUs, FPGAs can protect non-volatile storage by providing real-time monitoring. Lastly, they provide the logic and interfaces necessary to enable firmware recovery in case of system corruption.
Connected devices are expected to soar to 20.4 billion units by 2020, and many come with a default password as standard. Despite the inevitably of these default passwords, users should understand that they pose a considerable threat vector. California is the first state to introduce legislation to make it harder for bots to take over connected devices. However, it doesn’t go far enough. This is because the law doesn’t mandate the need to have a strong password. The only requirement is that the password must be unique.
Both business and consumer IoT devices have traditionally come with default credentials that tend to be very easy to guess. Some manufacturers even post details on their websites to help users easily set up the devices. It might be hard to believe, but some devices ship without a password, which is like laying out a red carpet for hackers.
The new law, Senate Bill No. 326, goes into effect on January 1, 2020, and it is the first IoT cybersecurity regulation in the U.S. It will ensure that manufacturers of IoT devices equip their products with security features out of the box. The new law will also see the end of default passwords and, thankfully, password-free devices.
However, it is still not enough as there is no mandate around the strength of the password selected. For example, when users change their passwords, they are not forced to choose a strong one, or one that is uncompromised, which still makes the device an easy target for hackers. There is also no requirement to ensure the device comes with the latest security software pre-installed, which also increases the risk. Given the competitive market, IoT hardware manufacturers’ focus is currently on getting the newest device into the market as quickly as possible, and security is often a hastily bolted-on afterthought.
The California legislation is an essential first step as it removes the default password option. However, it fails to take into account the need for a strong password. With the extensive use of IoT devices both at home and at work, this regulation must be enhanced and rolled out across the US. As IoT continues to grow exponentially, the sheer scale provides a vast attack surface for nefarious actors to take advantage of. Future cybersecurity regulation must take a 360 view of the problem, or IoT devices will remain a growing threat vector ripe for exploitation.
The automotive industry has one of the most advanced relationships with emerging tech, more so than most other sectors, such as healthcare and telecoms. The fact is, cars have been connected for at least 19 years, dating as far back as the onset of GM’s OnStar service. Connected vehicles provide features, such as updating drivers about traffic alerts, syncing with passengers’ phones or deploying semi-autonomous offerings, such as cruise control and blind spot monitoring.
Automakers today have an unprecedented opportunity to save money and build new revenue streams by pulling vast troves of data from connected vehicles. The volume and frequency of such data creates infrastructure challenges at each step, from sourcing the data from the vehicle telematics module to sending the data across the cellular network, to receiving and processing the data in an automaker’s data center or cloud footprint. By using Message Queuing Telemetry Transport (MQTT), a lightweight IoT messaging protocol, automakers can meet these challenges and ensure scale and reliability for this and future generations of connected vehicles.
Here are a few of the benefits and ROIs of MQTT messaging in cars:
Making the real world a proving ground
MQTT offers new communication streams for manufacturers to monitor system performance data for vehicles that are already on the road. These insights provide an unprecedented view of vehicle reliability at a scale and depth that can’t be achieved in a pre-production testing platform. Because of the lightweight nature of MQTT, automakers need not compromise or limit the vast amount of data, such as powertrain, drivetrain and advanced driver-assistance systems, available within the various systems of a vehicle. These sources can generate up to 25 gigabytes of data an hour.
When additional data is available, more analysis can be done and knowledge can then be applied to new vehicles as well as vehicles on the road today via Over The Air (OTA) updates. For example, an automaker can take real-world data from powertrain performance measurements, analyze the actual versus expected results, and then update the vehicles’ electronic engine control system via OTA. The benefits of such updates include increased battery life or fuel economy, improvement to horsepower and torque, suspension improvements, software updates to improve on-board driver assist systems, such as obstacle detection or blind-spot monitoring and more.
Mitigating OTA and cellular congestion
MQTT not only offers a secure way for manufacturers to push out live updates to cars on the road, it also helps to reduce cell tower congestion. An MQTT platform in conjunction with an OTA update campaign can monitor cellular network conditions, releasing an update to a certain number of vehicles based on current congestion patterns. A good analogy are freeway on-ramp managed lights. By allowing only a number of vehicles that the system can handle, the system can prevent overloading while ensuring a good, consistent experience for those using it.
For instance, an OTA system can take inputs from vehicles on the road, each of which would share current network conditions and performance. The vehicle is likely in a state of constant consumption of data for maps, navigation, OTA updates and more. Providing a benchmark of observed performance of those network assets will give good insight into the health of the cell network at that time.
An OTA system can take input directly from cellular carriers for insight on current network congestion and conditions. The OTA system can then, via MQTT, signal certain vehicles in certain locations to start their update download. By using MQTT to orchestrate OTA downloads across cellular, greater scale and higher update rates can be achieved using less infrastructure in a more efficient manner.
Maintaining data security
All connected devices, such as smart phones, smart homes and smart cities, are prone to cyber attacks, and connected cars are no exception. Given the amount of data connected cars hold, they are nearly akin to a credit card or social security number. With this in mind, it’s critical that manufacturers have a security-first mindset when it comes to developing and updating connected cars.
A good MQTT implementation will have a dimensional security model with controls installed both horizontally and vertically within each device in the workflow. Horizontal controls include vehicle, cell network and gateway, while vertical controls include data link, network, transport, application and identity. These controls provide the rich features needed in a connected vehicle implementation, which minimizes potential new attack surfaces.
Future of connected vehicles
The future of connected vehicles can draw analogies from the smartphone industry a decade ago. At that time, the building blocks of smartphones were just coming into the world. Fast, small processors capable of heavy computing tasks, touchscreens that provided a clear, easy-to-use interface, cellular networks that could deliver 3G data capable of mobile Internet, and platforms and OSes that enabled versatile software and applications.
At the time, a majority of people thought of the smartphone as a simple way to combine an iPod with a cell phone, and the potential of the device was not realized by anyone except a small few. Similarly, as the building blocks for connected vehicles begin to manifest, such as 5G, edge computing, capable hardware and software within a vehicle, and systems that can manage, secure, process, understand and act on all of it, the best version of all outcomes would lead to tremendous advances. These advances include safety — both physical and environmental — as well as commerce and business. As the advent of the motor vehicle helped shape the cities of the day, the connected vehicle will re-shape the landscape in which we live, work and play.
IoT technology continues to evolve with new applications and transformational use cases being created by market leaders. Growth is expected to continue despite some early industry disappointments and concern about complexity of deployment. Organizations can benefit from the lessons learned by early adopters.
Some industries have mastered the obstacles and found the operative combination of software and strategy. Enterprise asset management (EAM) use cases are among the trendsetters. High-stakes necessity has helped drive practical solutions for keeping assets performing at peak potential. IoT technology provides a valuable window into asset performance today, as well as into projections for the future. It’s becoming clear that advanced analytics are a key component of success.
Although best practices around IoT deployments have not been carved in stone, some general lessons can be derived from incidents gone wrong. For example, experienced implementation consultants have learned the essential value of cross-organizational engagement. In early adoption cases, managers often failed to consider which engineering disciplines should be invited to the planning process. This inevitably resulted in mountains of data and no clear end-value within reach. This oversight — and others like it — can be easily avoided by engaging with third-party consultants who have logged some practical experience.
Discerning what data to capture for analysis is an artform. Driving influences behind the issue in question can be subtle and hard to identify, perhaps occurring at an early stage in the workflow, far removed from the culminating evidence of a problem. For example, an organization might decide to address its high rate of quality complaints. Thousands of influences can impact quality, so focusing on the most relevant data will be essential. While examining operational processes might be the presumptive place to investigate first, in actuality, the cause can go back as far as the procurement stage, choice of suppliers and how raw resources are stored in inventory.
Finding where to capture influencing data is just part of the problem. Business analysts also must determine how often to capture data points, what context is needed, and what scale to use for acceptable and not-acceptable boundaries.
The state of the IoT industry
The early exaggerated hype that surrounded IoT projects is being replaced by more realistic, practical views of what the technology can and cannot do. An article by Forbes Councils Member Maciej Kranz recently addressed today’s reality versus yesterday’s predictions for IoT in an article. He discussed how the challenges — including security breaches and lack of skills or understanding — have limited widespread adoption of IoT and made it a greater risk.
Not all IoT deployments have lacked clarity and success. Investment in the technology continues, proving enterprises have faith in finding the right mix of goals, software tools and implementation strategies. When coupled with advanced analytics, the technology provides insights that can bring a reliable ROI. Rather than the broad-sweeping applications that become entangled in complications, organizations are striving for the practical, scalable and repeatable approach to IoT technology. This is where EAM professionals are leading the pack, providing best practices that others can emulate.
Market research firm IDC expects worldwide IoT spending will maintain a double-digit annual growth rate, surpassing the $1 trillion mark in 2022. The industries expected to focus on IoT technology are: Discrete manufacturing with $119 billion, process manufacturing with $78 billion, transportation with $71 billion and utilities with $61 billion.
Why IoT technology is a good fit for asset management
Organizations with capital-intensive assets and mission-critical machinery face intense pressures to keep assets running at peak performance without unexpected shutdowns. Lives might be at stake. National security, local commerce and global networks can be on the line. Maintenance technicians are responsible for the safe and reliable operation of many types of assets, from exterior lights and alarm systems to complex machinery with multiple high-tech components.
Forward-thinking maintenance teams turn to technology to help them optimize the use of resources and automate processes. IoT technology provides the added efficiency boost they need to keep pace with demands.
How it works
Smart sensors, which are tiny computers and communication devices, are embedded in equipment or machinery, sometimes in multiple places. Each sensor measures physical attributes, which provide a window into the operational health of the asset. Sensors can measure a wide variety of conditions such as vibration, moisture, temperature or density. The information is sent to the cloud, where it’s aggregated and analyzed for anomalies or data points that fall outside of predefined guidelines. Over time, machine learning helps the system identify patterns and discern favorable data from issues that might be early warning signs of a failure or reduction in efficiency. Data that demands attention can trigger automatic responses such as stopping operations, supplementing resources or re-routing activities.
Paradigm-shifting technologies like IoT commonly weather growing pains. Despite a slower than expected phase one, organizations are now achieving traction with IoT projects. Some early adopters, particularly in asset maintenance, are experiencing dramatic improvements in their use of data to understand costs, the driving factors in asset performance and customer expectations. Companies are using IoT technology to create new value propositions, new revenue streams, new business models and glimpses into the future.
Industries and facilities are finding the predictive abilities of IoT technology to have great value in forming preventive strategies for asset maintenance. Combining IoT and advanced analytic solutions helps users identify early warning signs of equipment failure. This window into the future is proving valuable for preventive action. Asset management applications provide good examples of how IoT technology can be leveraged for success.