The internet of things is impacting mobile app development in a huge way. With the growing trend of connecting all kinds of physical devices to the web, controlling them through a smartphone is gaining fast momentum — and for a good reason.
The benefits of connected things are fairly obvious and plentiful. By connecting devices to a smartphone, one can have complete control of the features provided by the different gadgets and machines. Running devices through the internet means that applications can push notifications straight to the phone and allow update parameters as well, thus making it possible to switch the systems on and off remotely.
Mobile phones and mobile app programming provide scope to access IoT-enabled devices. Various sectors, such as healthcare, education, retail, travel and more, are using mobile connectivity and applications to access IoT ecosystems. There are multiple benefits of a mobile app approach:
- Mobile apps boost the involvement of customers as they can easily use applications and can provide valuable opinions to help a business grow.
- Creating mobile applications is very affordable; they reduce the costs of sending newsletters and SMSes. Applications can integrate communication directly to customers via messages.
- It’s a faster option than web browsing; it won’t take even a minute to access applications as customers do not have to wait for the site to load.
- Mobile app development companies try their best to create mobile apps that are IoT-friendly and reform the mobile app development and mobile app development services world.
In addition, there are many reasons why a business should opt for an IoT mobile app:
- Customers today use their smartphones to acquire information on just about everything. Unlike traditional websites, mobile apps come up with quality browsing and buying options, and they’re considered more important nowadays for business growth than websites.
- Companies can reach their target audience through a mobile app, spreading information to all customers in seconds. By using features such as push notifications, one could connect to customers and remind them of updates.
- Mobile apps can promote the brand and win over the most customers. Furthermore, one could earn a great deal of customers via the applications that persuade them to buy products and services.
- Mobile apps prove to be excellent social platforms. This is because they come with features, such as likes, comments and so forth, which can boost social media presence.
- The soaring demand of mobile apps is due to their flexible accessibilities. Mobile apps can be access on a smartphone 24/7, from any part of the world.
The evolving IoT trend and mobile app development
The IoT trend is evolving with each passing day. However, it’s also true that the internet of things is a beginner industry and will take some time to prosper. Improvements in mobile and IoT apps can boost the connection between people all over the world. A lot of businesses are already running numerous devices online, adding another security layer as well as growing productivity and response times. Security is a key pivot point of any enterprise app, and IoT could help improve overall defense barriers by allowing physical devices to be the first entry point.
More than anything, the fast rise of IoT will drive mobile application development, leading to a mobile application development explosion. Without a doubt, IoT devices will soon be everywhere. Hardware spending by consumers and businesses on IoT devices will total almost $3 trillion by 2020. All of the investments in IoT will drive the development of mobile applications. Among the most popular IoT devices are smartphones, which let people not only access apps and the internet, but also provide a huge amount of data that could be tapped into and used by businesses all over the world.
In fact, IoT has already changed mobile app development. In another 10 years, expect hundreds of thousands of jobs in this field. Nonetheless, to achieve the ultimate goal of making people’s lives easier, developers must first undergo the pains of building infrastructure and platforms from the ground up. Developing a mobile application is similar to developing a web application and has its roots in software development that is more traditional. Nevertheless, there is one major difference: Mobile apps often are specifically written to benefit from the unique features mobile devices offer.
Creating IoT-friendly mobile apps
The time is now for app development companies and businesses to come together to build mobile apps that are IoT-friendly. For example, an IoT-friendly mobile app could help build a mechanism in which information is transmitted by objectives through integrated sensors that would be received by the app in real time.
Mobile applications have revolutionized the mobile field, gaining more power in the hands of customers, as well as more business for organizations. In the dynamic technology field, the mobile application development market is at its peak. It is the need of the hour and the latest trend in business.
The future of mobile applications looks both challenging and bright with enticing and innovative possibilities. Remember that quality will always remain a constant and a major component in the development of mobile applications that are futuristic for both mass and niche markets.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Forty-eight percent of U.S. companies with IoT devices on their network have been breached, according to a recent study.
All industries, including healthcare, retail and finance, rely on IoT for its efficiency and productivity benefits to beat out competitors. As a result, IoT manufacturers are working diligently to keep up with the supply and demand logistics of this increased adoption. Unfortunately, more often than not, these devices lack proper security, ultimately creating an opportunity for an adversary to hack through the device and infiltrate the broader network.
A recently discovered vulnerability dubbed Devil’s Ivy showcases exactly how security flaws impact IoT devices. The Devil’s Ivy vulnerability was found in a toolkit called gSOAP, which is a bundle of reusable code that software engineers or device manufacturers use so devices can talk to the internet, and was located deep within the communication system of Axis smart cameras. Researchers discovered that the gSOAP toolkit has been used by many big name manufacturers; there are currently one million devices using gSOAP that carry the Devil’s Ivy vulnerability.
So, what’s the solution? While it might seem simple — to stop using vulnerable development toolkits and create stronger security systems — unfortunately, manufacturers face many challenges when developing these devices. Let’s take a look.
Four reasons why IoT devices are insecure
Lack of experience
Manufacturing organizations are not in the business of cybersecurity. As such, they are unknowingly making it easier for cybercriminals to breach a network. We saw this first with the PC industry. PCs have been manufactured by engineers that are experienced in hardware and software development for over 25 years, and while they might be attempting to build them with proper security, they have ultimately been unsuccessful. But now, businesses operate in digital and physical environments that continue to grow as new technologies, including IoT, are added to the network. As a result, the complexity of the environment increases. So, IoT manufacturers face the same challenge PC manufacturers did — they might attempt to make their devices secure, but since this is not their area of expertise, they are failing to do so.
Organizations are financially motivated, as is the case with the manufacturing industry. While some businesses are able to scrape together funding to back a security division, most manufacturers don’t prioritize it and cannot finance the efforts. When thinking about the magnitude of IoT devices connected today — roughly 8.4 billion according to Gartner — and the increasing demand, manufacturers are incentivized to bring devices to market as quickly and cost-effectively as possible. Therefore, security is an afterthought, if even thought of at all.
Keeping in line with compliances and regulations
One industry where regulations can hinder IoT security is healthcare. For example, the FDA requires continuous communication with manufacturers so they can be alerted when a new vulnerability is discovered. Then, the manufacturer must make an update and patch the device. However, this can be an incredibly slow process and may take up to 60 days, leaving the devices open to attack.
Manufacturers are constantly trying to keep up with competition by producing new IoT devices to address growing interest. In turn, businesses are drawn to these new flashy devices to reap their benefits. The competition to develop the latest and greatest technology prevents manufacturers from slowing down to ensure that security is embedded properly from step number one. Building security from scratch takes time, and in the eyes of the manufacturers, slows them down from developing the next big thing.
How you can protect your IoT network
All this gloom and doom aside, there are some simple and efficient processes you can start to prevent IoT breaches in your enterprise environment. To begin, you’ll need visibility to see what devices are connecting to your network. Next is the ability to manage those devices — i.e., restrict access to a non-compliant device, block internet access, quarantine any device based upon anomalous behavior, and/or notify its owner of a security concern. Finally, you’ll want to implement a mitigation plan when malicious behavior is detected. Once those processes are in place, dedication via continuous and thorough monitoring will be the most effective way to keep your organization’s IoT devices, and entire networks, safe on an ongoing basis.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Artificial intelligence is slowly but steadily embedding itself into the core processes of multiple industries and changing the industrial landscape in so many ways — be it deep learning-powered autonomous cars or bot-powered medical diagnostic processes. The industrial and energy sectors are not immune to the disruption that comes with embracing AI. As upstream and downstream companies gear up for AI, there is one important lesson I want to share that might seem counterintuitive. For the successful execution of an AI project, the data matters more than the algorithm. Seems odd, right?
Let me start by sharing a recent experience. Flutura was working with a leading heavy equipment manufacturer based in Houston that has numerous industrial assets deployed on rigs globally. These rotary assets were quite densely instrumented; they have great digital fabric consisting of pressure sensors, flow meters, temperature sensors and rpm sensors all continuously streaming data to a centralized data lake. The problem the manufacturer was trying to solve was how to “see” typically unseen early warning signals of failure modes in order to reduce multimillion-dollar downtimes.
In order to do this, every time a piece of upstream equipment went down, we needed to label the reason why it went down. It might have been motor overheating, bearing failures or low lube oil pressure, but until we know the specific reason why equipment goes down, it’s difficult to extract the sequence of anomalies leading to the failure modes. While this company had a massive sensor data lake, running into terabytes, the information was useless until the failure labels were embedded within the assets’ timeline. In order to tag all “failure mode” label blind spots, we configured an app that helped institutionalize this process. Every time a maintenance ticket was generated for unplanned equipment downtime, the app would step through a workflow at the end of which the failure mode for the asset was tagged onto the timeline.
So, here are three questions to ask your team before you embark on an AI project:
- Top three failures: Which are the top three high-value failure modes that are most economically significant?
Rationale: All failure modes are not the same. Isolating and prioritizing the vital few failure modes from the significant many saves money.
- Tagging process: When equipment goes down, is the failure mode automatically generated by the asset or does it need a “human in the loop” to tag failures?
Rationale: Some machines are programmed to record the failure mode event as a historian tag, others need an external process.
- Breadth and depth: What is the breadth and depth of equipment data available in the data lake?
Rationale: In order to model the entire set of data, one needs to have maintenance tickets, sensor streams and ambient context. In order to “see” sufficient instances of a failure, the sensor data lake needs to have at least one to two years of operational data.
To conclude, it’s easy to get carried away by the hype surrounding AI and algorithms. But the key to winning the game is finding the answer to the above three data-tagging questions. Good luck as you introduce AI to unlock gold in your data.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Many IoT startups apply to win prizes that event organizers or IT industry giants have created to reward the best or most innovative IoT products of the year in different categories.
Let’s take a look backstage of the IoT awards:
The organizers and the nomination process
For most of us, the nominating process is not well-known, but it is also true that reading all published information related to the nomination process is a tedious work. Let´s be honest, when we are allowed to participate in nominations, we usually give our vote to our company, friend or colleague, or the most popular.
A characteristic of some nomination processes is that they allow you to check how the results go. Is it good or bad know in advance if our vote will count for something? Do we lose the interest if we were wrong? Do we try to influence others to follow us in our mistake? There is no such things as a “perfect nomination process,” but those processes that increase transparency, fight against voting manipulation, solve technical issues quickly and have measurable selection criteria get my vote.
The awards committee
The origins of the jury system are 11th Century England. The concept was that people were entitled to a jury of their peers. Somehow, over the centuries, we turned that upside down.
Nominees expect their submitted work to be judged by an ethics committee. The choice of a committee is not easy as we have seen in movies or TV series; organizers of the awards have to convince national or international experts in the fields of M2M communications and IoT, avoiding employees of nominated companies or people recognized by the community by their dubious reputation for impartiality. Many times, organizers offer paid travel and expenses for their work. The most difficult task? The organizers must ensure that members of the committee are kept confidential and not influenced by others.
We all expect that an awards committee to experience some pretty heated deliberation before announcing the winners that deserve the award. Although I do not remember a single award given that has not ended in disappointment.
The heaven of winners
If you are familiar with IoT awards, you will be with me about the different degree of happiness and behavior when we hear or read the names of the winners.
If the winner is a mega-vendor or works for a mega-vendor, we feel that the organization and the award committee was taking the easy way out. The winners accept the award sometimes with indifference or little emotion.
When the winner is an entrepreneur or startup, we all move our attention to them; we want to know more about them. These winners touch the heavens during the speech. New opportunities and doors are immediately open to them.
The hell of losers
Speaking of losers is always very subjective and controversial. For many new nominees, just being nominated is a win. Of course not all companies or individuals can keep in mind that it is expected they win by a landslide. If this does not happen, disappointment is greater. But such is life, a fair and transparent process and an ethical jury can blow the surprise.
There is life after the awards
What happens after the awards? The world goes on, life goes on, and both winners and losers have big challenges ahead. Winners and losers should avoid complacency, keeping focus on core business and proof they can escalate.
Do awards help discover IoT innovators?
There are many reasons for startups to participate in IoT award programs. The jury and the organizers receive hundreds of requests and their criteria filters until they’re left with the best. Being part of this selected group is a great recognition. But we must not wait for all startups to present innovative products; sometimes it is enough they solve a business need in a different way or discover a new untapped opportunity.
Maybe the most important outcome for startups is that they move from relatively unknown companies to a bigger audience, including investors and multinationals that will help grow their ideas. For multinationals, IoT awards are an excellent opportunity to invest in startups, discover new talents and capture new ideas that move dinosaur organizations in the right direction in the digital transformation of the company.
Thanks in advance for your likes and shares.
I wasn’t really sure how fast and how deep IoT technology was penetrating our daily lives until my friend told me about his snoring and his sleepless nights.
My friend, like many other millions, has been suffering from sleep disorder problems for the last couple of years. But in addition, he has also been noticing low-energy levels during the day, causing him fatigue, excessive sleepiness and lack of focus. Just recently, he also realized he has been snoring; he surprisingly found out when his family dared to tell him that he loudly snores every night.
My friend decided to seek medical advice, where he was asked to undergo a sleep test. A few days later, he was diagnosed with sleep apnea, a common sleep disorder that occurs when breathing is briefly interrupted while asleep due to blocked airways in the throat area, in most cases. The person with sleep apnea is generally not aware of these short breathing pauses that can occur hundreds of times a night. One of the consequences is that the brain and the rest of the body may not get enough oxygen during sleep. If left untreated, sleep apnea can result in a number of health issue, sometimes serious heart problems and deterioration in the person’s quality of life, producing excessive daytime sleepiness and morning headaches, as well as lack of energy and focus during the day. While loud snoring is often a symptom, not everyone who snores has sleep apnea, and not everyone who has sleep apnea snores.
My friend told me he was lucky to be diagnosed with a “moderate” level of sleep and has a few good available remedies, one being a CPAP machine, an advanced small apparatus that can be plugged in and hidden next to the bed. It has a very quiet air pump and nose mask worn while sleeping to ensure the user’s airways do not become blocked. The machine reads and registers daily usage data, such as sleep interruption, air blockage, leakage, rate of short breathing pauses and all other details to measure the machine’s effectiveness.
Advanced machines have also a built-in wireless connection, so the data can be sent wirelessly in real time to a central healthcare system that monitors the progress of the treatment and report any abnormalities. In general, these machines are covered by insurance, with a condition that the patient uses the machine for an average of at least 70% and four hours per night during the user’s normal sleeping hours. This condition is to ensure that the machine is used effectively for the person’s best treatment and well-being. For the insurance company, it helps optimize growing machine costs and usage effectiveness among patients while reducing unnecessary administrative follow-up costs.
After receiving the machine, my friend used it for a couple of days. Then he got disappointed that it didn’t bring noticeable improvement to his sleep disorder, nor did it boost his energy level or focus during the day, as he expected. He became even more frustrated as he couldn’t manage to sleep well with mask attached and pump next to him. The only good news was that his family didn’t hear him snoring anymore!
Although the usage condition of four hours per night and 70% of sleep time was stated in the machine’s instructions, my friend didn’t take it seriously. He also didn’t realize how reliably the usage data report was transmitted automatically to the monitoring center. After the first couple of days of disappointing results without noticeable improvement to his sleepless nights, he turned the machine off, eventually putting it away, fully disconnected.
The same week, he received an automated call warning that he wasn’t using the device properly! He was reminded to use it per the instructions to achieve the effectiveness of the remedy. He was also reminded that the machine wouldn’t be covered by insurance if he didn’t adhere to the usage condition.
This effectively pushed my friend to retry the machine, following the detailed instructions. After a week of trying, he quickly learned to modify his sleeping behavior and adapted to using the machine every single night.
A couple of weeks later, he started to feel a positive difference, experiencing much better deep-sleep patterns at night followed by days full of energy and focus, as well as a fresh feeling every morning that lasted with him throughout the work day. Since, his sleeping behavior has been modified positively. The machine also reported improvements to the rate of short breathing pauses.
“Now, with these amazing results, I can’t sleep without the machine anymore,” my friend said with a big smile on his face.
Happy for him, I started to explain to my friend that this automated process is the basis of IoT technology. It helped him accurately track his daily usage, guiding him to modify his treatment behavior track while satisfying the insurance needs.
“Without this wireless automatic reporting technology, the machine could have stayed on the shelf and you would have lost interest in getting the right treatment and continued your suffering,” I told him.
My friend didn’t really seem to care about understating what or how IoT works, but he smiled and said, “OK, anyway. I can’t sleep without this IoT anymore!”
My friend’s story reminded me that we, as individuals or as a society, must start harvesting the benefits of IoT technology to let it have positive impacts on our daily lives in a way or another. Behavior modification is just one outcome of many.
In recent years, the value of IoT in the health sector has been successfully validated in major business areas, such as remote patient monitoring and wellness and healthcare operations. In the very near future, when devices are all connected and generating explosive amount of data and combining with more advanced technologies such as artificial intelligence, individuals and societies will have better visibility and control of their health and well-being.
Early adopters from healthcare providers and industry players are investing in IoT initiatives and seeing real value emerging, including improvements in consumer experience and operational cost-savings.
The healthcare IoT industry is projected to be the third most advanced in IoT implementations, with more than 75% of healthcare organizations worldwide introducing IoT into their operating models by 2019. Major growth of the IoT healthcare market will be driven by the evolution of artificial intelligence technology, the rise in investments and the increasing penetration of connected devices in healthcare settings.
Accelerating innovation in this sector will definitely create step-change improvements in patients’ lives while introducing new business models for the entire healthcare industry.
The important lesson I got from my friend’s story is that most people don’t really care what IoT is. What really matters is how it improves a person’s quality of life with a positive outcome being noticeably achieved.
My friend is happy; I’m glad to hear him say, “Yes, I can’t sleep without IoT anymore!”
A massive botnet like IoTroop (aka Reaper) doesn’t coalesce overnight. Rather, botnets are formed over time, stealthily concealed from law enforcement officials and public attention. This is because botnets cannot be effectively exploited until they have reached critical mass by hijacking a substantial number of infected devices. Botnet recruitment efforts are always ongoing and have significantly increased in recent weeks — as illustrated by Check Point’s alarming discovery of IoTroop earlier this month.
The buildup of this massive and potentially dangerous IoT-based botnet should be a wake-up call to the industry, particularly in the aftermath of the crippling distributed denial-of-service (DDoS) attacks executed by the infamous Mirai botnet last year. Although the identity and intentions of IoTroop’s creators and operators remain unknown, over a million organizations worldwide have already been affected by IoTroop. As such, it is critical for companies to prepare for a potential DDoS onslaught by ensuring effective defensive mechanisms are put into place before attacks are launched.
Additionally, it is important to note that the industry must adopt a proactive approach to IoT security rather than simply react by triaging the latest symptom of a vulnerable ecosystem. Simply put, the bunker strategy of hunkering down to protect services from a formidable DDoS onslaught is no longer tenable or at all effective in the age of IoT. While it may not be possible or realistic to protect every single IoT device, the industry should work to deprive botnets of fresh recruits by protecting connected endpoints. By altering the benefit-cost ratio, the industry can potentially render the formation of large botnets impractical and costly.
This can be accomplished by:
- Reducing the IoT endpoint attack surface. Along with disabling extraneous remote communication protocols, robust authentication ensures that only authorized entities (services) can connect to IoT devices. In many cases, IoT devices run software originating from disparate sources, so it is not always practical for IoT OEMs to ensure that a particular software component is free of bugs and vulnerabilities that can be exploited if accessible. As such, disabling unused remote access protocols and blocking unauthorized access at the transport or network layer can help limit access to existing software vulnerabilities.
- Early detection. We know that no system is 100% secure. When it comes to IoT devices, cost restrictions and market considerations often result in limited security, which is incapable of protecting the device from remote attacks. Consequently, botnet operators take advantage of IoT security lapses by stealthily recruiting unprotected devices.
Real-time detection of infected devices is one way to help service providers address security issues at a relatively early stage, thereby reducing the number of endpoints targeted by botnets. Early detection can be effectively implemented by analyzing anomalous or suspicious device (edge) behavior within a cloud-based platform. Most IoT devices are designed to perform a single function, or a limited set of functions. Therefore, IoT device behavior tends to be more predictable than the behavior of multifunctional devices, such as smartphones. In addition, sophisticated machine learning techniques can be used to reduce false positives and automate the behavioral learning process.
- Recoverability. To avoid the recruitment of additional devices, quick action is required once suspicious or anomalous behavior is detected. In the event of a successful attack, recoverability can be achieved by physically servicing affected devices. However, this approach is costly, time-consuming and often impractical due to various constrains. Over-the-air recoverability, where security updates are pushed to the device via the internet, is the fastest and most efficient way to provide in-field recoverability. This approach is the most effective, because it immunizes (patches) devices than are not yet infected, while, in some cases, also fixing devices that have already been exploited.
There is no single solution capable of completely immunizing IoT devices against various attacks. Although connected endpoints will always be a target, the industry should collectively and proactively fight botnets rather than passively weathering a slew of destructive and costly DDoS offensives. By making devices more resistant to hijacking attempts, we can successfully deprive botnets of unprotected endpoints and effectively mitigate DDoS attacks.
If you’re one of the 128.3 Americans who commutes to work, you understand the time, hassle and frustration it can take to get from point A to point B. Recent statistics from the U.S. Census Bureau suggest that today’s commute is 20% longer than it was three decades ago, with workers taking an average of 26 minutes to arrive at their destination. That’s equivalent to nearly five full days on the road over the course of one year! Add to that the 17 hours a year motorists spend searching for parking spots and it’s clear that we are in need of a more efficient, less taxing journey to and from work.
While ride-shares, mass transit systems and even work-from-home business models provide some solace, it will be the internet of things that will bring about a truly frictionless commute. With a combination of IoT-enabled connected transportation infrastructures (“smart” traffic signals and road signage, automated parking garages, buses and trains serving as Wi-Fi hotspots, etc.) and highly automated vehicles, the challenges we experience today will become inconveniences of the past. Imagine how less stressful your day would be without driving in circles to find a parking spot, or without sitting in bumper-to-bumper, stop-and-go freeway traffic. To put this futuristic utopia in perspective, let’s imagine what life will be like with a frictionless, completely connected commute — thanks to IoT technology.
A glimpse into the future
As you’re getting ready to head out the door to work, you stop for a moment to check the weather forecast on your phone. It’s pouring rain, which in the past would mean a long and sometimes treacherous drive to the office 30 minutes away. That’s no longer the case. You open an application on your phone, which uses real-time traffic and micro-climate and weather data aggregated from IoT-enabled roadside sensors. The app advises you to take an alternative route to work due to localized flooding in some areas, and syncs with your autonomous vehicle to guide you on your way.
When you reach the highway, you see that the digital speed limit signs have temporarily reduced the recommended speed to 50 mph due to the rain and are cautioning vehicles to stay in their lanes. This advisory is based on real-time environmental data as well as speed data collected from other connected and autonomous vehicles on the road, and helps prevent bottlenecks and accidents. All the while, you’re able to relax and catch up on your work email, as your autonomous vehicle not only does all the driving, but also provides a soothing soundtrack to your commute upon detecting your elevated heartrate and blood pressure through biometric sensors in your seat.
You’re about to reach your exit, but receive an instant alert through your dashboard console that a tree has fallen in the road. Instead of getting stuck waiting behind the obstruction like you would have in the past, you easily bypass the incident as your car guides you through a detour. With a few minutes to spare, you decide to make a quick stop at your favorite coffee shop.
Years ago, you would have had to sit in line at a busy drive-thru, where the barista always got your order wrong. Not today. En route, you place your order through an in-vehicle app, which uses location-based services to automatically notify the coffee shop when you are nearby, so your order is ready when you arrive. You breeze through the drive-thru, grab your coffee and go. Your vehicle instantly pays for your order on your behalf, as your car acts like a digital wallet able to communicate with the shop’s smart infrastructure.
With your favorite cup of coffee safely in your cup holder, you reach the parking garage near your office building. There is no need to circle around aimlessly for a spot. Instead, you pull up to a designated area at the curb, get out of your car and tap a button on a mobile app which triggers an automated parking system. IoT-enabled sensors and video cameras on your autonomous vehicle communicate with the parking garage’s smart infrastructure; and using precise, real-time location services, the car drives itself into the garage and parks itself in an available space. While your car safely parks itself, you walk to your desk — arriving early, stress-free and ready to start your day. At the end of the work day, you simply tap the button on the app again and your car drives itself back around to the front of the building to pick you up, like your own, private valet service.
Making the commute of the future a reality
This frictionless commute may seem almost too good to be true, but it is very feasible. The catch is that cities and states need to start making preparations for connected infrastructures and piloting these systems now. Yes, we are expected to have 380 million connected vehicles on the roads by 2020, but that is only half the battle. We need IoT-enabled sensors, cameras, digital signage and other technologies in place throughout our roads, railways, cities, parking garages, mass transit systems and more to allow these vehicles to share, analyze and act upon real-time data.
The first step toward making the frictionless commute a reality is for local and state governments to begin investing in technology architectures and physical infrastructures to power their connected transportation systems. From a technical standpoint, the key is to begin transitioning to more modern, secure and scalable networks, while building data center architectures that can handle the copious amounts of data generated by these systems.
On the strategic side, transportation officials should begin by identifying a use case. It is best to first pinpoint a problem that is unique to your city or region. For example, if your city has notoriously terrible traffic congestion, you might want to start by integrating smart sensors on roadways that can alert drivers and connected vehicles in real-time of potential issues, and eventually even prevent accidents before they happen.
For more advice on how to prepare for connected transportation infrastructures, check out my previous IoT Agenda post. Meanwhile, I encourage transportation executives jumpstart their efforts, so we can bid farewell of the commute we know today and enjoy a stress-free, seamless ride to the office.
The cloud has made deploying servers easy and taken much of the complexity out of application delivery. Now, it will face its next challenge: rescuing the internet of things from itself.
By any measure, IoT is big business. Last year, global IoT spending reached $737 billion, according to IDC, and is expected to reach $1.29 trillion by 2020. The number of IoT devices was about 15.4 billion in 2015 and, according to IHS, will nearly double by 2020. Intel is even more aggressive in its projections, expecting the number of IoT devices to reach 200 billion by 2020.
But it’s difficult to see how IoT will fulfill its promise without addressing the vulnerabilities in IoT devices and systems. And make no mistake, IoT threats are real. Late last year, attackers exploited a vulnerability in a brand of IoT cameras to launch a distributed denial-of-service attack on the website of journalist Brian Krebs. The following month, 100,000 IoT devices were manipulated by the Mirai botnet to launch an attack on DYN, the DNS provider. Since then, we’ve seen more sophisticated IoT threats that have worked cross-platform.
Best practices for securing IoT: Logical but unrealistic
While numerous government and industry IoT security regulations and initiatives are in progress, IT pros are still left implementing best practices around network security. Several pieces have been written about IoT security best practices. For example, in this piece on best practices, Derek Manky identifies four steps:
- Buckle up on patch management. Advanced threats, such as WannaCry, underscore the importance of patching. WannaCry targeted a known vulnerability, largely impacting those who had not followed strong cyber-hygiene practices. Keeping patches current is important, but it is even more challenging with IoT, where patches may be unavailable for the billions of obscure IoT devices. This makes virtual patching using an intrusion protection system (IPS) essential, allowing IT to block IoT attacks on unpatched devices.
- Secure data backups using redundancy segmentation. Redundancy segmentation is a backup strategy that calls for creating multiple copies of backup data and isolating them off-network from other enterprise services.
- Improve the visibility into and control over internal traffic. Only protecting the perimeter is insufficient. Organizations need to understand what’s happening within the network to stop attackers or malware after they breach the perimeter. Visibility and control are needed over all enterprise traffic.
- Tighten up the time to defense. Tie together proactive solutions to reduce defense times. Reduce complexity by integrating different devices and providers and automating interoperability between them.
This is sage advice to follow which will undoubtedly help contain IoT threats. But it’s also a list of tips that many companies will have difficulty implementing. Here’s why.
What’s behind the problem with IoT best practices
Many of the challenges around IoT security relate to how we’ve evolved our networks. For too long, we’ve thought of networking and security in separate silos: The networking team connected our locations; the security team protected them. The two worked together, but each had its own domain. Networking teams concerned themselves with MPLS services, routing and solving the rest of our connectivity challenges; security teams managed the firewalls, IPSes and the rest of the security stack.
As a result, our visibility and control have become fragmented across many appliances and services. Expecting enterprises to automate an MPLS service, mobile VPNs, WAN optimizers, next-generation firewalls and more is unrealistic. Just getting them to work together is challenging.
The mix of appliances has also complicated patch management. Companies need time to test patches, schedule updates for maintenance windows and then deploy those updates. Practically, IT resources are often outpaced by the sheer volume of vulnerabilities, leading to delays in distributing patches throughout the network. The result is precisely the critical gaps in security that can be exploited by IoT threats.
Implementing virtual patching through an IPS makes sense, but has also proven difficult for many organizations. For one, security appliances and IPSes are no exception — they constantly require new signatures and software patches. The result of which is not only a big time-sink for IT teams, but it also requires additional processing in already resource-constrained, edge appliances.
HTTPS growth only compounds the problem. SSL (or TLS) inspection is now essential for any IPS, but it is also a particularly resource-intensive process. The result? Enabling IPSes or other advanced security features, as well as increasing traffic loads, put IT in the tough position of choosing between paying for unplanned hardware upgrades or compromising on security.
Then, there’s the issue of reach. An IPS is only effective at protecting devices on its network, and IoT devices often exist outside the tight confines of a standard office. Deploying an IPS into these environments is often impossible, making appliances additionally problematic.
A solution: Converge networking and security into the cloud
A better approach? Use the cloud. The cloud has already shown how it can simplify IT life. AWS redefined the way we think of our servers, storage and applications. It’s time to bring the same thinking to our security and networking infrastructure.
Instead of discrete, purpose-built network and security appliances, enterprises should think about converged network and security cloud services. With the cloud, enterprises can use its unlimited resources to inspect all traffic and implement virtual patching without concerns around performance degradation. And with the cloud’s ubiquity, connecting everything — offices, data centers, mobile users, cloud resources and more — together, regardless of location, becomes possible.
Already, there are signs that these trends are catching on in mainstream IT. Firewall-as-a-service (FWaaS) offerings replace security appliances with cloud-based security services. Locations send traffic to and receive traffic from a ubiquitous, cloud-based firewall that seamlessly scales for any traffic load, enforces unified policies and is maintained by a cloud provider.
At the same time, organizations are moving away from MPLS services as the basis of their WANs to more agile SD-WANs. Traditional SD-WANs still require heavy investment in appliances and have all of the problems inherent in appliance architectures. Secure, cloud-based SD-WANs avoid appliance limitations, and they combine FWaaS with SD-WAN across an affordable, SLA-backed network.
Cloud-based SD-WAN is more than just an appliance hosted in the cloud. It’s ubiquitous, cloud-scale software designed to use the elasticity and scalability of the cloud.
Traffic is inspected as it enters the SD-WAN, whether from the internet, a location, a mobile user or the cloud. With a complete advanced security stack that includes a next-generation firewall, IPS and secure web gateway, the cloud-based SD-WAN enables security policies to be built that restrict WAN and internet traffic based on full L7 segmentation. IT gains control over internal as well as inbound traffic.
And moving to a service eliminates the patching process. Once the cloud-based SD-WAN provider updates its platform, the problem is addressed across all customers instantly. Enterprises might be uncomfortable relying on a cloud provider to keep their service current, but consider the lesson from the Cloudbleed threat earlier this year.
Last January, Project Zero researcher Tavis Ormandy discovered that corrupted webpages were being returned by Cloudflare, a content delivery network provider, when fulfilling some HTTP requests. CloudFlare fixed the so-called Cloudbleed problem in less than an hour by disabling the relevant features. By contrast, the Heartbleed bug (after which Cloudbleed was named), affected many web servers in 2014 and continued to be an issue three years later. Some 200,000 servers were still vulnerable to Heartbleed at the time of the Cloudbleed incident because customers failed to upgrade their servers.
Use a revolution to enable a revolution
IoT is a broad revolution that will change our society. It’s an advancement that can have profound implications for many industries. But implementing security will be essential to realizing that potential. What better way to meet that challenge than with another revolution: the cloud-based, secure SD-WAN.
Consumers, manufacturers and businesses of every size now face the precarious waters of the internet of things. Devices that allow us to remain constantly connected to our personal data and shopping preferences, or ease the way we conduct everyday life are becoming more and more common. Everything from doorbells to dishwashers is perpetually connected to the internet and shares information with cloud-based servers. As enterprises adopt IoT devices and manufacturers develop tools for the enterprise market, there is a shared responsibility from engineers to end users to ensure that data is fortified against malicious attacks.
According to Common Vulnerabilities and Exposures, the number of reported IoT vulnerabilities nearly doubled in 2017 over 2016 — totaling in 11,371 new types. A large portion of those are directed at vulnerabilities in web-enabled products designed to simplify and support everyday human functions. Similarly in 2017, researchers and doctors at the University of Arizona College of Medicine demonstrated how vital systems connected to the internet could be compromised and cause human casualties. Notably, any device connected to the internet is vulnerable to hacking without proper measures in place. Insulin pumps, pacemakers, drug infusion pumps and even complex MRI machines are all connected to the internet and were targeted in this demonstration.
Connecting devices within the enterprise might be as inevitable as the rising tide, but it should be done strategically and deliberately. By asking the question, “Does this need to be perpetually connected to the cloud?” organizations can ensure that connected devices are less likely to leak access credentials in plaintext to other devices or servers on the same network. Through user education and network guidance, users should only connect to the internet on an as-needed basis. As an added measure, organizations can deploy tools that monitor, prioritize and limit the network resources used by each device to prevent network performance issues.
Consequently, security systems and smart lighting are rapidly being adopted by enterprises. Many of these systems are implemented without current manufacturer updates and firmware patches, which could potentially cause plaintext wireless password leaks by bypassing protocols for adding new devices to the system. Even innocuous things like a fish tank could bring down an entire enterprise. Sound far-fetched? In July, researchers at Darktrace revealed that an unnamed North American casino fell prey to hackers who targeted a “smart” fish tank. The tank was connected to the internet to monitor and report temperature, lighting and water conditions. Hackers used this access point to gain entry into other systems within the network and transfer data to an offsite device before being discovered and locked out by the casino’s cybersecurity team.
Manufacturers and businesses have a responsibility to ensure that in-transit data, from the end user devices to their servers, is secured using strong encryption methods including peer-to-peer encryption when applicable. In fact, a solid mitigation strategy includes regular penetration testing each time new code or hardware is introduced into the product. Patches and updates for third-party code should also be closely monitored and applied on a regular basis. And finally, having a solid vulnerability reporting and response strategy will ensure that if there is a bug reported, there is also a clear path to mitigation or remediation.
Ultimately, the shores of IoT security do not end with the product manufacturer. IT security teams and end users have a responsibility to follow security guidelines and adhere to regular patch management strategies. A constant vigilance for monitoring end-user activity, regular system scans for unrecognized devices and patch management of firmware is of the highest priority. Many organizations that set sail on the oceans of IoT need to accept an increase in investments dedicated to strengthening security initiatives. If your company’s reputation is hinged on your ability to ensure the security of your customer’s personal data and livelihood, consider hiring a qualified security team or consultants who are well-versed in IoT infrastructure guidance.
Selling today is more social, mobile, virtual and conversational than ever before, and oftentimes requires a team to help support sales reps in their quota and revenue goals. However, many business applications for working with enterprise teams simply haven’t kept up. They are hands-on, physical and rearview mirror — simply a picture of the past.
And, all too common in enterprise settings, there is never enough help for sales professionals. Commonly, sales representatives need access to specialized product knowledge to recommend the right products and services to end users. They need someone who understands the customer’s processes and a view of past purchases and a history of the account. And they need internal resources to help in the selling and contracting process, from getting quotes approved to navigating the negotiation process.
Artificial intelligence, while not new, is playing an increasing role in helping sales, legal, finance and operations professionals generate and manage revenue processes. Keep reading below to learn about these new developments and how, when used properly, they offer exciting and limitless opportunities for the enterprise.
The rise of machines
It’s no secret that the internet of things, where all machines are “smart” and connected to one another, is becoming a reality in the business to consumer (B2C) market. Your garage door detects you are coming home and it opens as you enter the driveway. Your office coffeemaker runs out of beans and alerts you. Your toothbrush tells you whether you’re brushing enough, not enough, too hard or too softly. You can control the LED lights in your home with a mobile app on your phone, etc. But in B2B commerce, IoT can also provide valuable assistance necessary for complex, high-value sales and wholesale distribution.
Enterprise businesses, from shipping to telecommunications to manufacturing, are now capturing and analyzing data in real time from physical devices (things) which are deployed in a wide range of settings from warehouses to factories to office buildings to roadways and shipping lanes. IoT is enabling the advanced prediction and automation of maintenance service and parts delivery. So, replace the coffeemaker example above with typical B2B order value and the importance of IoT to an array of enterprise businesses becomes clear and compelling.
The super human capabilities of machine learning
Machine learning refers to math (algorithms) that detect patterns in data. Machine learning is increasingly used to solve everyday, real-world problems by experiencing them many times and figuring out how to solve them. For us as consumers, we may have experience with machine learning without realizing it when we shop on a site like Amazon.com and see recommendations about what products other people searched or purchased. In B2B commerce, machine learning is used successfully as a guiding tool for salespeople, helping them to determine correct pricing, bundling and more, in the name of progressing their deals.
Similar to the Amazon.com example, machine learning with regards to “smart” product recommendations for B2B salespeople are a great starting point because they draw from existing sales data to offer extra value to customers. Dynamic pricing, discounts and bundles based on historical or similar orders are the next step, as they make orders more cost-effective and convenient based on what their needs might be.
And the innovation from AI doesn’t stop there. Imagine the ability to profile customers with insight beyond what humans can glean and then analyze customer behavior to predict their future needs. These capabilities are not a vision from an episode of The Jetsons (remember the loveable cartoon family living in the space-age suburbs?) They are a reality in the B2B world and their effect is already clear: They have made businesses faster, more efficient and more effective for everyone involved.
Make way for intelligent agents
While we are still some ways away from the reality of a robot-nanny-maid like Rosie on The Jetsons — I am perfectly happy with my Roomba, thank you, another example of how AI enhances B2B revenue cycles is through the inclusion of intelligent agents (sometimes called bots or chatbots). Intelligent agents, or AI-enabled bots, are conversational user interfaces that can provide human-like experiences through chat and voice apps. These agents are nothing short of transformational, capable of listening to voice commands, understanding texts and interacting with salespeople, and even connecting to augmented reality environments like that of Microsoft HoloLens.
The benefits of intelligent agents can be realized by sales organizations in a number of ways. First, intelligent agents enable voice-assisted quote, contract or invoice creation and, literally, any task can be set up and executed when a user commands it. Intelligent agents equipped with pattern recognition recognize similar tasks and preempt a user, saving time, before even being asked to perform a task — which can drastically reduce delays in the quoting, pricing and contracting approval process.
Additionally, intelligent agents can prompt sales reps to make decisions that are consistent with company goals, and give a “nudge” to influence seller behavior by showing how a product or discount recommendation will affect a salesperson’s commission. And, if that wasn’t enough, when equipped with machine learning, intelligent agents can provide sales teams the ability to compare customer and sales histories to gain insights that help sellers rapidly create quotes, as well as create and immediately notify of new opportunities — ultimately affecting the top and bottom lines.
Without question, the convergence of IoT, machine learning and AI/bots are all coming to life to improve the technology sales ecosystem. The question is, how quickly will organizations capitalize on these new technology trends? Hopefully before a sales manager, one similar to Mr. Spacely of Spacely Space Sprockets, Inc., screams, “You’re fired!”