Newsflash: security in the Internet of Things calls for a completely different approach than that used for “traditional” Web-centric IT.
Connecting more things changes the way we secure things
As objects, people, infrastructures and environments in the physical world around us grow more digitized, the approach to security requires a shift, a shift from IT security architecture to IoT security architecture.
Companies must consider numerous fundamental changes to successfully transition to this new architecture and way of thinking. To begin to understand why security in IoT is different than “traditional” IT security, organizations of all types across any industry should begin by considering three key questions:
Question 1: What are we trying to protect?
By its very nature, the Internet of Things is not singular to one piece of technology, one business unit or one vertical. Rather, to deploy and connect devices, objects or infrastructure in an enterprise or consumer context inherently implies connections between multiple endpoints. Any connected application, whether a connected thermostat in your home or a fleet of sensor-clad wind turbines in the field, includes some configuration of devices, applications, networks and, of course, people.
When taking inventory of the threat surface (i.e., the landscape of potential vulnerability), organizations must assess risks across the “IoT Security Stack.” These areas aren’t just technological system components, but also the people and organizations who participate in the system, both internally and amongst partners.
While device, application and network (i.e., technological) security are central to safeguarding any connected landscape, people represent another critical aspect of security that is often overlooked. Password security, BYOD environments, employee churn, lack of security training and simple human error are among the many risks that the human dynamic presents in any system. Remember, in the Internet of Things, a secure system is only as secure as its weakest endpoint. Empowering people helps strengthen security.
To understand the fullest context for protection requires organizations take holistic inventory, not just of their proprietary endpoints, devices and systems, but across all linked or associated devices, applications, networks, users and constituencies. Asking “what are we protecting?” is the starting point to:
- Identify this ecosystem
- Identify how the sensors and data we’re adding to and collecting from products or infrastructure fit into that ecosystem
This is a critical first step to developing a security strategy.
Question 2: What would happen if our “smart” system was compromised?
In the event of an emergency, what happens? Many, many businesses today lack any idea — never mind a formalized and distributed plan — for what happens should they find themselves in a data, systems or physical security emergency, breach, hack or other compromise. Companies have a clear sense internally of:
- What the threat surface is
- Where and with whom technology and systems components are associated
- What the actual threats are
- Where the threats may originate
- How to mitigate against those threats
- How to identify when an issue is occurring
- How to respond in the event a partner is compromised
- How to thwart, analyze, classify and communicate about the problem
They should also have a formalized plan in place for external communications about data-related crises — to partners, media and, most importantly, customers and end users.
As security practitioners plan for the what-ifs, they must recognize that IoT security requires a multifold approach that addresses legacy, current and emerging security challenges at once. First, organizations must meet traditional IT security challenges associated with legacy architecture and environments. Next, they must address the challenges introduced by our current generation of technology, characterized by cloud, social and mobile. Finally, as computing interactions and interfaces proliferate, as new classes of technologies emerge and as these interactions drive entirely new economies, organizations have an obligation to at least attempt to address the unforeseen, unintended and uncharted consequences of such digitization as best they can.
Question 3: What does personally identifiable information mean anyway?
Virtually every connected environment involves some element of personally identifiable information, also known as PII. If not data transmission, then data integration; if not integration, then employee or end-user associations. But thinking about security and privacy in IoT requires that we reconsider the very composition of personally identifiable information.
The definition of PII in the Web 2.0 world enjoyed some clarification. The NIST Special Publication 800-122 defines PII as “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial and employment information.”
As we transcend the laptop and digitize objects and environments, as we juxtapose, integrate and monetize diverse data sets from diverse environments, what is or may be “personally identifiable” is far less black and white.
What is clear is that sensing technology is architected to sense physical realities: location, acceleration, temperature, heartrate, moisture, sound, light, position … the list goes on. And when these inputs are viewed in contextual spheres greater than themselves, they tell stories greater than themselves.
Fitbit’s ability to track steps and heartrate generated the same data that revealed its users’ sexual activity patterns, for example. The company quickly made such data — initially default set to public — private in response to outcry.
Whether or not an individual’s movement and activities through time and space are “linked or linkable” is unclear, both in the eyes of the law and in the eyes of those collecting the data. It’s also unclear to end users generating the data:
- Are my comings and goings from my home personally identifiable?
- Is the way I drive my car personally identifiable?
- Are my biometric responses to stimuli personally identifiable?
Advertisers, insurance companies, manufacturers, retailers and employers are all vying to gain as much empirical context as possible, but where do we place technological limitations in favor of human sensibilities?
While no single organization can definitively answer these questions for every context, it is in its best interest to analyze the implications for use cases generating such data and how to manage and safeguard this data. In the event of a data breach, data malpractice or related crisis, such planning and documentation will help companies fare better in court. As businesses vie to collect as much data as possible, they must consider the unintended consequences of data collected and integrations with applications of such data.
Questions reflect a new reality and demand a new IoT security approach
There are a variety of resources organizations can access to aid with each of these questions, but approaches to IoT security will vary. To aid in the quest to truly secure “Smart Systems,” Harbor Research has developed a three-step process to guide organizations in their approach to IoT security, accessible in full here.
While each of the above questions is central to an IoT security strategy, you might have guessed they are far from easily answerable checkboxes. Businesses must begin by assessing existing infrastructure, current development initiatives (including product, process and people), and align these against a larger enterprise strategy for both security and privacy protection. Forward-looking IoT security strategies begin with product design, but like IoT itself, they transcend products, across services, stakeholders, customer segments, threat vectors and lifecycles.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
What gets you excited? A great meal at a famous restaurant? The Stanley Cup? What about smart cities? Perhaps, but more than likely, you don’t really spend much time thinking about it, much less get excited about it. That is understandable, but a glimpse into where we are headed might just might prove exciting, if not horrifying. For me, the idea of smart cities is certainly exciting, but it is also horrifying at the same time. Allow me to explain.
At a basic level, most people think of smart cities as ones where sensors have been deployed in a number of different functions that provide an element of control and response to certain conditions ostensibly making life better for its citizens. They might have traffic lights that operate in sequence and can sense when there are cars at the light allowing traffic to flow better than it would otherwise. Almost all cities employ this in varying degrees. They might have garbage cans that alert the city when they are close to being filled, thereby reducing the city’s operating costs while ensuring the garbage cans stay available. They might have sensors on the public buses feeding a transportation application so you can know when your bus is arriving or running late. They might be deploying environmental sensors to measure air quality in neighborhoods or water quality at the beaches to know when there are issues that need to be addressed, like closing the beach. There could even be sensors in parking spaces, where drivers can more easily locate available spaces instead of driving around creating more traffic and burning more fuel.
But there are other elements to smart cities that have more to do with planning and architecture. For instance, there might be a well-planned system of bike paths through the city, complimented by a large-scale bike share program, which is true in many cities today. There might be building codes and corresponding tax policies to bring about much more energy efficient “green buildings,” which is also becoming more and more prevalent. Still yet, there might be other policies discouraging passenger cars inside the city in lieu of public transportation (such as the fees charged in London for bringing your car into the city), or there might even be a well-thought-out system of parks and green areas — the opportunities are endless.
There are examples all around us that are really cool. In a nutshell, they are generally a function of a well-considered plan to make the city more livable and productive for its citizens through infrastructure, laws and certainly technology. But more and more, we are beginning to see these in combination, and the rate at which these ideas are becoming a reality is impressive. Transportation is a great example. For instance, the bike share programs are becoming more expansive, but also highly instrumented, both in the bikes and the bike stations. Most public transportation modalities (buses, trains, subways, ferries) are being built or retrofitted with technology for tracking, as well as many other functions to improve the quality of service and cost of operating the asset. People are coming to expect that they can use their cell phones to understand when the next train will be or if there are delays, and even to purchase their electronic ticket. The street lights along the roads are changing colors, from the costly yellow of sodium vapor lights to bright white LED lights. These are not only more energy efficient, but they are connected, meaning the city can know their status (Are they on or off? Is there a problem?). And they can also be aware of their surroundings — for example, the hockey game ends, so the lights get brighter for the fans coming out into the streets. They might even blink in a certain pattern to alert drivers and pedestrians of an oncoming emergency vehicle. Moreover, the light poles are no longer just light poles. They are charging stations for electric vehicles. They are Wi-Fi hotspots that can “talk to your cars,” and your cars can talk back to them — e.g., your car hits a pothole and tells the city via the light pole. The city then tells the cars ahead of the pothole that either results in the car avoiding the pothole altogether, or adjusting its suspension dynamically in anticipation.
Then there is the data. Data can be both the kryptonite as well as the Holy Grail. For starters, I would be shocked if there is not a shift to provide control — if not outright ownership — of the data by those deploying the IoT-enabled equipment (as opposed to those providing it). In the specific case of cities, this means the city and its citizens. The more thoughtful architectures will deploy with the ability to combine many elements of this data for deeper interrogation and analytics. In other words, there will be a separation between the creation of the data and the consumption of the data. But the key value is in the data. So the obvious questions become who controls that, and what are they doing with it? There are many opinions on this. Certainly there are large technology companies investing in the infrastructure that feel it is advantageous to own the data. That should not be surprising at all. The investment that goes into all this needs to be monetized, and owning the data is clearly one way to get there. But the early projects and associated familiarity and learning that goes along with these efforts has begun to expose this consideration, and the potential controversy associated with it. Concerns ranging from privacy to the ethical considerations around having a specific company becoming the primary beneficiary of a publicly funded initiative has evoked a certain amount of pushback.
People don’t want Big Brother, although there are clearly some elements of this that are undeniable, so the importance of considering this thoughtfully and deliberately increases. For starters, the data being collected today will pale by comparison to the data being collected tomorrow, yet what is collected today is not insignificant. For instance, think of the license plate reading technology available today that can identify your movements. Is that bad? It isn’t for certain purposes — as some will say, if you are not doing anything wrong, you should not be worried about it. And there are certainly legitimate reasons for this type of technology, most notably toll collection on highways. But when the data is expanded to beacon technology or drones or other combinations of advanced technology capable of tracking your individual movements, then where is the line drawn? Does that help the police? It does. Does it help with city planning? It does. What about modeling population behavior so you can better anticipate and accommodate everything from facilitating a safe and efficient flow of people and vehicles — for example, after the air and water show with a million people along the shoreline to the effective deployment of emergency resources in the event of a hazardous waste spill downtown? These would be capabilities that would benefit everyone. But do you want your specific behavior combined with other information about you to be categorized and sold so that Uber, Abercrombie or Subway can target you for advertising? Instinctively you probably do not, but if you are unaware this is going on and you “happen” to see ads that attract you, you may unconsciously like that and benefit from it. This is a not so future world rendering of what happens today on the Web.
The point is that it is a perilous journey that must be carefully considered. That said, the likelihood of not making the journey is virtually zero. This is going to happen, so the thoughtful consideration and planning is critical. How we approach smart cities will be extremely important. Security is incredibly important since the cost of getting it wrong in the future will be significantly greater. Privacy is clearly a key factor for citizens, and this will play out in many public forums, but we can expect to learn from early efforts, good and bad. Europe in particular has seen good work done here, especially in cities like Stockholm, Barcelona and Amsterdam. Many more projects are cropping up and all offer opportunities to learn and evolve. We are beginning to see this in North America as well. The Array of Things project in Chicago appears to have great potential, but the implementation was not rushed — and in fact, slowed down to ensure that privacy, among other considerations, was properly vetted both in terms of policy as well as the public messaging around it. And in this case, there is a long and growing list of other cities waiting to follow suit with the Array of Things in their cities.
In some ways, the whole idea of smart cities is like a very powerful energy source. It can be harnessed and used to enable good things on a larger scale, but can also do untold damage when the motivation is bad and the control is in the wrong hands. One thing is for certain, our cities are changing forever at an increasing rate, and there is no looking back. I am fearful — and yet excited and certainly optimistic.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The expansion of the Internet of Things (IoT) is a huge growth opportunity for vertical industries and mobile network operators (MNOs), but there are challenges and risks. The recent hacking of a Jeep while it was driving on a public road illustrates the risks to all IoT devices and segments. On the network side, millions of autonomous machines trying to access the mobile network at the same time can cause catastrophic network outages. Meanwhile, for developers the lack of a standard embedded connectivity architecture creates valueless costs and complexity.
The IoT ecosystem is about as complex as an industry can get. There are so many companies in the industry, and to complicate matters, there is a lot of noise and hype coming from all sides. The world’s mobile network operators are rapidly seeking to add value and take a leadership positon in the IoT value chain. In pursuing this, they are assembling ecosystems and sourcing proprietary-enabling technology and tools across the solution building blocks from platforms and services, to embedded hardware and software.
Unleashing the power of the subscriber identity module
Most MNOs simply do not recognize that they already own the key to successful IoT deployments on their own, without the need to partner with so many different companies in the ecosystem. That key is the subscriber identity module (SIM) — the small integrated circuit chip that every MNO embeds in each of its devices. The SIM contains the international mobile subscriber identity (IMSI) number and its key, which are used to identify and authenticate the user of that device on the MNO’s network — or the network of any roaming partner.
Currently, most MNOs view the SIM as a necessary but low-value component of their customer offering in order to deliver a valid subscription, manage roaming and other basic mobile network functions. As such, MNOs have been focused on driving down the cost of the SIM in an effort to minimize the total bill of materials cost for a device. MNOs need to realize that by unleashing the power of a standard SIM, they can provide the industry and enterprises with services that address the needs of successful IoT projects, with no changes in the deployment of their existing standard network elements required. The MNO is then positioned higher in the IoT value chain, while easing the deployment of IoT services for all types of vertical IoT applications on the mobile network.
Making the SIM the “master” and not the “slave” in the IoT architecture
The SIM is a secure processor requiring network authentication for app access, providing increased security. MNOs can also define and embed on the SIM the network access solution (NAS) for the device, ensuring service assurance, and eliminating risks to their networks. Embedded in the device as an extension of the mobile network, SIMs conform to a global standard.
SIMs are fully programmable computer systems. With the right software, any SIM can become the “master” and not the “slave” in the IoT architecture. The MNO does not need to purchase certain brands of SIMs or make any other changes to the SIM or to their network — they just need software that is capable of embedding and executing an IoT application directly on the SIM.
Embedded apps on SIMs are updated via a secure, globally standard over-the-air (OTA) method. The utilization of standard mobile network elements to address IoT challenges experienced by enterprise adopters — and to additionally create new business models such as IoT app stores — positions the MNO as a high value IoT services provider.
Tying value-added features and services to the MNO profile on an eUICC (MFF2)
In the rapidly evolving area of embedded SIMs (eUICC / MFF2), OEMs are sourcing the SIMs directly from the SIM manufacturer for embedding in the machine at time of manufacture. These SIMs are deployed with a “boot-strap” subscription that may be changed over the air to a new MNO once a machine or device arrives in the country of deployment. In this scenario, it is difficult for the MNO to compete on any aspects other than price and coverage in the geographic area. Software can be embedded in a specific MNO’s profile working in conjunction with their network elements, tying all the following described high value features provided to that MNO, establishing a competitive advantage and lessening the likelihood of the subscription being swapped to a different MNO’s profile.
App security, delivering and updating
SIMs have multiple layers of encryption keys that work in conjunction with the authentication center in the mobile network. Individual encryption keys on each SIM for network authentication and the individual application interacting with the OTA server are required in order to install or modify any application embedded on a SIM.
This makes apps embedded on SIMs very secure and virtually unhackable.
Because security is now a critical factor in IoT enterprise applications, MNOs will be able to charge a premium for this service, quickly recovering any costs related to any software required to increase the SIM’s capabilities. In addition to the premium service charge, the MNO can charge a monthly fee for each device on the platform and a transaction fee for each OTA update that occurs. This secure OTA update will save the enterprise the cost of dispatching a technician to each device for individual updating. The MNO will be able to achieve superior margins by charging for this service based and cost and time savings for the enterprise.
New business models: Creating a standards-based MNO IoT app store
The combination of a standardized embedded architecture, secure applications space and globally secure OTA method creates the opportunity for an MNO-controlled IoT app store business model. All that is required is for the device makers to publish the hardware specifications with I/O addresses so that multiple parties can develop apps and services for the device. The end user can choose the embedded app and service provider and securely download the chosen app to the devices embedded SIM via OTA.
The IoT app store model creates new revenue streams for the MNO. Potential revenue elements include:
- A monthly platform maintenance fee for each device
- A monthly fee for maintaining an app in the App Store
- A revenue split for any app sales from the App Store
- OTA fees for each installation or update of an application
Mobile network connectivity service assurance
As stated by the GSMA in its recently released non-binding permanent reference document regarding IoT Device Connection Efficiency Guidelines: “the predicted large scale growth of Internet of Things (IoT) devices and their associated IoT device applications, will create major challenges for MNOs. One major challenge that MNOs must overcome is the risk caused by mass deployment of inefficient, insecure or defective IoT devices on the MNOs networks. When deployed on a mass scale such devices can cause network signaling traffic to increase exponentially which impacts network services for all users of the mobile network. In the worst cases, the mass deployment of such IoT devices can disable a mobile network completely.”
An easy to understand scenario is an earthquake in a city such as San Francisco where hundreds of thousands of connected machines with motion detectors or accelerometers are deployed. The application in each of those machines will detect the motion and attempt to use the network at the same time to report the event. Due to congestion, the vast majority of the machines will not successfully connect to the network and they will all try again, at the same time, perpetuating the scenario and potentially bringing the network down.
The network access solution component enables the MNO to provide the application network access software with an API for the developer to integrate the application to on the SIM. In this way, the MNO now has some control over how autonomous machines interact with their network. A key element of the NAS is a connectivity back-off timer algorithm that escalates over time.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The Internet of Things can land intrepid organizations in some top-flight destinations, but an IoT initiative at a company such as Air Canada can take many years of planning to take wing.
At the Connected Things 2016 event Tuesday in Cambridge, Mass., a panel outlined an IoT initiative that tags Air Canada Cargo’s shipments with RFID-enabled sensors. Experts on the panel, held by the MIT Enterprise Forum of Cambridge, said the deployment integrated temperature and humidity sensors within cargo shipments. This not only improved customer service and decreased losses, but also helped ensure ongoing compliance as regulations change.
Barb Johnston, Air Canada Cargo’s manager of operational programs, said the project took nearly eight years to complete, building the business case over time with a series of steps: mapping manual processes, overlaying them with appropriate electronic messages, and then conducting a pilot program on flights between Frankfurt and Montreal.
“We did have to ask for a little bit of a leap of faith because of this ground-breaking technology,” Johnston said. However, Johnston says Air Canada Cargo is confident its investment will pay off in improved customer experience, reduced cargo loss and employee efficiency.
According to Johnston, Air Canada Cargo is expected to grow 50% over the next two years. Thanks to its IoT initiative, the company has been able to automate certain manual processes, such as handwriting eight-digit codes for each piece of cargo shipped, enabling the company to improve operational efficiency and more effectively use its staff.
Tagging cargo: A turbulent task
A “glass pipeline” is critical to a successful IoT initiative, Tom Zurick, director at Unisys Corporation, said. However, achieving this comes with many challenges, such as accommodating labeling between multiple providers, keeping up with regulatory guidelines, creating too much data at the piece level, and the mere fact that RFID tracking is not available everywhere.
How can that last problem be solved? “We’ve designed a solution with a high amount of flexibility,” Zurick said; flexibility that comes in terms of labeling at different points in the supply chain, adding barcodes to RFID labels for locations lacking RFID scanning capabilities, and removing clutter by consolidating piece IDs.
The benefits far outweigh the challenges, Zurick said. There’s security and safety in knowing where every piece is, service that gives tracking capabilities to customers who want visibility, and revenue improvement through charging appropriate cargo costs.
Mike Nicometo, CEO of CargoAware LLC, offered a “quick peek at what’s under the hood” of RFID tags. By replacing manual codes and barcodes with a label containing an embedded RFID card, he said, Air Canada and other cargo companies give digital identities to physical things.
The key, Nicometo said, is using a variety of technologies to collect data from the cargo pieces. For example, real-time data can be captured at the “edge of the enterprise” not only using smartphones, tablets and computers, but also with RFID antennas. Air Canada Cargo’s RFID tags are read at three-second intervals. A specialized dashboard tracks cargo every step of the way from warehouse, to flight, to delivery.
Smooth sailing requires proper planning
Eric Wood, vice president of product management at RR Donnelley, reiterated the importance of the ends justifying the means — and this takes patience and preparation.
“All the ‘things’ are not the same,” Wood said. “You need to know different stuff about them: the information you want to gather from them, the insight you need to drive your business, the income drivers … they’re all going to be different for those things.
“Go out and do some research and figure out what you’re trying to solve,” Wood said. Blindly adopting technology because it is “cool” will undoubtedly end in disaster.
“This is how you’re going to get to the future of IoT,” he continued. “It’s getting the information you need that gets you the insight you have to have in order to run your business that’s going to drive the income that’s ultimately going to justify your expenditures.”
Moderator David Eagleson agreed. “Hopefully you’re getting a sense of how complex (IoT deployments) can be, but that the value side is there,” Eagleson said. “Even though there’s money to be spent — and time and effort — there’s truly value to be had.”
Air Canada Cargo certainly is reaping the rewards; Johnston said thanks to the successes seen, the company is deploying its IoT initiative across 92% of its market over the next two to three years.
While the hype around the Internet of Things (IoT) might seem deafening for early adopters and those in the tech industry, it is an unfamiliar term to most consumers. In a poll from Acquity Group, 87% of people polled had never heard of IoT.
This isn’t necessarily a bad thing.
IoT doesn’t need to be consciously embraced by consumers to succeed. In fact, the more unobtrusive IoT is for consumers, the more successful it will become. Businesses across industries have harnessed the power of IoT to create value-added services that enhance our lives in ways that aren’t totally obvious to the average consumer. Already, many of the things we interact with on a daily basis are connected, yet the connection and solutions that enable the services we enjoy remain invisible to us. And often times it is this behind-the-scenes, inconspicuous nature of IoT that lends it such success and potential. Let’s take a look at three areas where the power of invisible IoT is exemplified.
Invisible IoT in automotive
The number of cars connected to the Internet is expected to increase six-fold by 2020, and millions of people are already benefitting from IoT in the car today. Automakers are working behind the scenes to ensure consumers spend more time on the road and less time in the shop. New remote diagnostic and maintenance capabilities make it possible to identify potential issues and address them proactively before they require a visit to the mechanic. Via connected cars, auto manufacturers can push software updates over the air — which could reduce the number of recall-initiated shop visits by 70%.
In 2014 more than 60 million vehicles were recalled in the U.S., double the annual record in 2004. There have been several large software-based recalls in the last 10 years, and they often result in millions of vehicles recalled each time. With IoT, those recalls may largely become things of the past. The average recall costs the car owner hours of time at the mechanic to resolve. Connected car owners are spared from that waste of time, not to mention the accompanying frustration.
Invisible IoT in retail
Retailers too have been unlocking the value of IoT, utilizing IoT’s real-time analytics to better serve consumers. Have you ever walked up to a vending machine only to find out that the slot designated for your favorite soda or snack was empty? With IoT, disappointing moments like that are drastically reduced. IoT-enabled vending machines not only automatically send notifications when an item is running low, they also actively manage inventory, helping vending companies to plan their distribution routes, keep stock fresh and reduce waste. As a consumer, you don’t need to know what’s happening behind the scenes — you just get to enjoy your favorite snack, whenever you want.
IoT-enabled sensors also allow retailers to remotely monitor their inventory in real-time and receive automatic alerts when stocks need to be replenished, leading to greater inventory accuracy. With a majority of retail sales still taking place in physical stores, retailers are looking to make their stores smarter to enhance the shopper’s experience. By tagging individual items, retailers are enhancing the in-store experience by ensuring that the most popular retail items remain in stock. You don’t have to download an app or interact with the “smart” store at all — all the consumer sees is that when they walk into their favorite store, the popular items they are looking for are in stock.
Invisible IoT in cities and towns
Cities and towns are harnessing the power of IoT to improve the quality of life in our communities through safety, sustainability, efficiency and cleanliness. Connected traffic lights are reducing congestion, sensors monitor foot traffic in key areas to better enable crowd control, and smart meters are enabling better distribution and monitoring of critical resources.
As more cities adopt IoT, residents will become the beneficiaries of a connected city in which traffic congestion is reduced, commutes are shorter, transportation is more efficient and streets are cleaner and safer. A recent Juniper Research report on smart cities forecasted that connected traffic management alone will reduce cumulative global CO2 emissions by 164 MMT (million metric tonnes) between 2014 and 2019, equivalent to the annual emissions produced by 35 million vehicles. And with a projected 700 million cars on city roads by 2019, IoT-driven intelligent traffic management has immense potential to favorably impact commute times in cities across the world. Meanwhile, city dwellers will likely have little to no idea how all these improvements are being made. This is the value of IoT’s invisibility.
This invisible IoT power does have a parallel in the history of computers. In 1980, scientist Mark Weiser coined the term “ubiquitous computing,” referring to the idea that computers would eventually be everywhere and anywhere, yet invisible. Similar to the mass acceptance of computers, IoT’s unobtrusive nature and tremendous value-add has enabled it to spread and gain massive adoption in the enterprise as a way to enhance customers’ experience while driving new revenue growth and for consumers. And with a projected 5.5 million new things added every day — and a subsequent growth in services delivered via these connected devices — one measure of IoT’s ongoing success will be whether or not it can remain invisible while providing this added value to both enterprises and consumers.
What were your first thoughts about IoT? Did you even call it IoT? In most cases, connected devices were around long before people were paying attention to them. From early version factory floor automation, on-board diagnostic (OBD) units in cars, cellular switching and control, and to disk drives that “phoned home” before they would break, machines have been instrumented and communicating their status for a long time. Now, as the deployment architecture has ostensibly expanded to a huge degree, with standards and increased addressability via IPv6, we are seeing and thinking about virtually everything being connected. This is the next frontier of technology.
But it isn’t — technology is already at that point, so it can’t logically be the next frontier. Rather, what we now find ourselves in are the various iterations of this massive technological wave. The early iterations were all about hardware (sensors), connectivity, and the ensuing workflow, rules and resulting actions taken based on the insight gained from a given record. This was the early, very cool phase. And since smartphones have become largely ubiquitous (at least in some geographies), there is more often than not the mechanism to determine that you left your refrigerator door open, and you can get an alert on your iPhone, or maybe you can even see the open door. Miraculous, right?
Maybe not miraculous, but a nice first step. So once you have all that IoT data, then what? For starters, you close the door. But another thing you might do is instrument the lights or track the security in your house — and the HVAC, ceiling fans, entertainment system, energy systems, large kitchen appliances ad so on. On a separate but related note, you may have an iWatch that is collecting a good amount of information about you based upon your pulse, the steps you walk and even more depending on how you use it. You may also be using other IoT tools for blood pressure, blood glucose monitoring, weight and BMI measurements, temperature and more. The systems you use — and IoT data being collected about you — are only going to grow. The same is true for your house and for that matter, your car. Have you ever looked at what your heart rate looks like when you are driving? Have you ever looked at a correlation between the temperature in your home and the temperature of your body? For that matter, have you tried to understand what the conditions were with your vital signs, as well as in your house preceding the last time you got sick? Did you notice any correlation between the air quality in your house, the temperature outside, the air quality in the neighborhood, the temperature inside, and the exercise and vital signs you were registering leading up to your illness? Probably not, right? Why exactly do you think that is? I am guessing it is probably because you cannot control how you see and access the IoT data, and how you can ultimately consume, enrich and analyze that data. But if you were to look back in time at how data evolved and then look forward, would you predict that just maybe you would one day be able to access, correlate and analyze that data?
Of course that will happen. The reason is that the market — in this case, the consumer market — will demand it. It will come in phases — and there will be forces against it — but it will come. A good indication of this is in the home market, where there is consolidation around the home “hubs” that serve to interconnect and consolidate the implementation of smart homes. This is a first step on the path to harness the breadth of data in a home, although most probably just reduce to the fans talking to the thermostats. That is a mistake, because the value is in the data. And insight is less a function of the data from an IoT subsystem, and more a function of all the IoT subsystems working alongside one another. It is not so much what happens with the HVAC system, but what happens with the HVAC system correlated with what happens with the appliances, the activity in the house, the weather and so on. Insight is gained from leveraging the utility value of the IoT data, but that only happens when you can access and analyze that data. You can’t really do that well in 2016, but it is inconceivable that you won’t be able to do so in the future.
And if that is true for homes and mhealth, what do you suppose is the view of businesses that are implementing multiple IoT subsystems? Are they happy to have their HVAC, beacon, lighting and kitchen equipment systems gathering information that they cannot leverage and correlate? How long do you think it will be before the users of the IoT subsystems — or more to the point, before the buyers of the IoT subsystems — demand the ability to own or minimally at least control for the purposes of accessing, enriching, correlating and consuming the entirety of the data associated with all of the IoT subsystems in use?
IoT is cool, and the doors it opens are new and enabling in ways not seen before. But the battleground will mainly focus on the data. The ownership and the control and leverage of the data will become central to how IoT moves forward. Ultimately, the control will lie with those who own and/or implement these systems.
As a side, this can and should happen without compromising the vendors that provide these IoT-enabled products. They should — and likely will continue to — get the same data they get today, just not at the expense of the users of the systems, but that is an architectural discussion.
A number of factors influence consumer perspectives on privacy and data, and concerns vary for any particular brand or product category. Moreover, the general backdrop of headline news about data breaches and unauthorized data sharing raises the anxiety for some consumers, whether they are affected or not. An increasing number of consumers have actually become victims of identity theft, leaving them with a heightened concern for the real-world consequences of re-establishing identity and monitoring credit records for unauthorized purchases. Privacy concerns about certain devices vary by whether a consumer owns or intends to purchase the device, as opposed to someone with no actual experience with the device. Concerns rise once a consumer owns a device and becomes more familiar with its functions.
Altogether, 47% of broadband households express privacy or security concerns about at least one smart home device. They express the greatest level of concern for the privacy and security of computers and tablets (43%), followed by smartphones (41%). The lengthy history of connectivity, data breaches, and the volume and variety of data stored and transmitted by these devices drives these concerns. Nearly as many respondents express concern about relatively newer smart entry devices (door locks, garage openers) (40%) and home security systems (38%). U.S. broadband households expressed significantly lower levels of concern for thermostats, lights, and HVAC systems (25%), and connected CE devices (24%). Notably, despite stringent HIPAA requirements in the health sector designed to protect consumer health data, respondents express the lowest level of concern for connected fitness devices and connected health devices, each earning a 23% concern rating.
Device ownership and purchase intentions are the best indicators of a consumers’ level of privacy and security concerns. Privacy and security concerns do not differ drastically by age group. Smart home device owners are more likely than non-owners to have concerns, suggesting that concern rises when ownership creates the real possibility of compromise. Those intending to purchase a smart home device also report significantly higher concerns for privacy and security versus those with no intention to purchase, implying privacy concerns are more top-of-mind for those in the market for devices.
A similar pattern exists for other device categories, with an approximate 50% increase in concern level among those who own connected devices. For instance, 20% of smart TV non-owners express privacy and security concerns versus 30% of smart TV owners. In the health devices category, security and privacy concerns among connected blood pressure cuff non-owners (22%) increase by an even greater margin for owners (43%).
When specific privacy and security concerns are considered, concern for “identity theft or data hack” ranks as the first or second leading concern in eight of nine connected device product categories. Regulators, advocacy groups and forward-thinking industry players have championed the notion of a consumer bill of privacy rights. However, when a variety of specific privacy rights are presented to consumers, no one privacy right alleviates the concern of more than one quarter of consumers.
Still, combining at least three privacy rights alleviates almost three quarters of consumer concern. Adding together consumers who have no privacy or security concerns with those whose concerns are relieved by the right to be invisible, the right to approve who uses the data and the right to be erased, relieves concern for 73% of consumers. Further, simply giving consumers the ability to opt-in or opt-out of data collection and still use the product or service alleviates most of the concern.
Sales of connected devices are exploding. The massive amount of data available from connected devices creates an unprecedented opportunity for new products, value-added services, new partnerships and new ways to use data. Consumer concern for data privacy and fears of hacked data loom larger than other concerns for connecting devices to the Internet, and high levels of security may become a differentiator for many new connected products.
The Internet of Things, food quality and food safety take on another dimension at Freight Farms, a Boston company that provides a farm in a box — or, more specifically, a 40′ x 8’ x 9.5’ shipping container.
The company’s container farms provide climate control, lighting and a hydroponic system, enabling customer-farmers to grow leafy vegetables year round. The containers, according to Freight Farms, are optimized to grow herbs, different varieties of lettuce and other vegetables such as kale and cabbage. IoT wasn’t in the picture when Freight Farms launched in 2010, but the technology has become increasingly central to farm management.
“We didn’t start out there … but [IoT] became a very significant part of the business,” said Kyle Seaman, director of farm technology at Freight Farms. “It is essential and fundamental to our success. Continued »
The era of the “connected refrigerator” may have arrived, but Mark Roemers, co-founder of Netherlands-based AntTail, has simply given up on consumer refrigerators, smart or otherwise. They don’t cool evenly, with a dozen or more degrees Fahrenheit temperature difference between storage in the door and storage in the back of a typical refrigerator — more than enough to allow for degradation of certain medications. And AntTail, which focuses on pharmaceutical logistics, is all about keeping medicines fresh. Part of its partnership with one of the major pharmaceutical suppliers in the Netherlands is to supply small drug storage coolers to individual patients to use in their homes.
Using refrigerators, more than 90% of patients don’t store their medications within the safety margin. Using the dedicated cooler turns that statistic exactly on its head. AntTail knows this because it tracks the temperature continuously and monitors when the drugs are accessed for use.
The company has developed a small sensor that fits inside the sealed package in which pharmacies deliver drugs to patients. The sensor device, which looks somewhat like an overgrown SD card, not only tracks temperatures, but also incorporates a light sensor so it knows when the package it resides in has been opened. With a life between battery changes of 18 months, it’s something of a textbook example of these sorts of communications and power-consumption issues that real-world IoT devices must deal with.
The first casualty of power requirements for AntTail, Roemers says, was industry standards. The company really couldn’t use conventional wireless standards such as Wi-Fi, Bluetooth, Zigbee or Z-wave– it’d have only managed six months or so of life from the CR2032 batteries that its sensors use — and thus have invented its own proprietary network. “There’s a big need for someone to come up with a standard for very efficient wireless communication,” Roemers said.
The proprietary AntTail protocol is unusual in that it doesn’t use addressed-based routing the way IP-style networks do. Instead, each device monitors the hop counts of packets traversing other nearby units (this is a mesh architecture) and sends packets to devices that it knows are “upstream” in relation to an aggregator (think, roughly, of a Wi-Fi access point). The aggregator then uses a cellular data connection to send the sensor data to the cloud. If the company had chosen a standard protocol for local connection to the sensors, Roemers said, it would have been Zigbee, but then “all the equipment would be six times larger” because of the extra batteries needed.
Data from the sensors is collected in the cloud and, of late, some of it is shared back to patients by way of a smartphone app, which helps with reminders to take medicines on schedule. At present, there are only about 1,000 sensors in the field, but the deployment is doubling monthly. One downside: fully one half of the sensors are thrown away by patients who forget that they are inside the foil pack containing the medicine. AntTail notes that they do typically get a couple of trips to the end user and back before they go astray. Still, at thirty euros a throw for the sensor units, IoT medicine delivery is still a pricey proposition.
With this post, I am pleased to join TechTarget IoT Agenda as a contributor; I hope to post to the community monthly. My background is in IT operations as a practitioner for 17 years, then moving to an analyst role at Gartner for three years. Currently, I’m helping to drive vision, strategy and roadmap at AppDynamics, an application intelligence software company focused on application performance monitoring and analytics.
This post analyzes some key data and predictions for the IoT market, and helps frame segmentation and IoT spending in IoT project phases.
The Internet of Things has some traits in typical applications, but also introduces some significant new challenges. With typical applications, users interact directly and data is collected inclusive of the specific actions the user is taking as they engage with the app. This means the app is only emitting data for small, more definitive timeframes. IoT systems, on the other hand, often emit data when they are at rest — especially in the case of consumer systems.
IoT spending (in US $ millions)
Forecast Analysis: Internet of Things — Services, Worldwide, 2015 Update (04 January 2016) Analyst(s): Peter Middleton | Thilo Koslowski
Gartner segments IoT spending (you must be a subscriber to access) between connectivity of “things” — typically via mobile networks or Wi-Fi — and two major market use cases: consumer and professional. As the data shows, the professional market is over 50 times larger than the consumer market.
Gartner predicts that “manufacturing and natural resources” is the largest segment by total spend, estimated at $95 billion in 2016 and projected to grow to $136 billion by 2020. By comparison, the entire consumer segment is estimated to be $7 billion in 2016 and projected to grow to $39 billion by 2020. In many cases, these industrial systems do not rest often, and hence provide a larger opportunity — and significant challenge as well — due to both the size of the data and the value locked inside. Among these typically complex and often widely dispersed systems could be sensor-connected machines in factories, construction vehicles, mining equipment, oil and gas equipment, and robotics in manufacturing.
Gartner has done additional interesting analysis, looking at how IoT is likely to evolve. As an IoT project gets underway and is in development, Gartner estimates that 20% of the project spend is focused on design and consulting, 35% on implementation and 45% on operations.
As IoT evolves over the next four years, the ratio of that spending will shift more heavily towards operations. Gartner predicts that in 2020, the ratio will move towards 18% spend on design and consulting, 30% on implementation and 52% on operations.
Operational costs are tied to analytics use cases, which are applied to the operations of IoT assets, including not only hardware or cloud services, but also software and services to enable infrastructure management, application management, device management, performance monitoring, remote diagnostics, authentication, billing and support. The purposes of these functional areas are to collect and analyze the data generated from IoT devices and create insights from it with algorithms and other views of the data.
The reason for this shift is that the high value of IoT is within the analysis and insights derived from the collected data. Newer, more sophisticated algorithms and analysis require more computing and associated resources. The operational cost of increasing the number of devices, customers and ultimately users means more IoT spending on more storage, traffic and raw processing power needed to scale the IoT business.
As the use of IoT projects ramps up, there are economies of scale at play. But the current models analysts are predicting still show that the cost of these services will be passed onto end users in the form of premium services and offerings. This will increasingly become a normal upsell tactic within IoT that has yet to take hold.
Thanks for reading this post! Next time I’ll offer insights around device and data management, along with emerging IoT platforms.
Please leave comments here or via twitter: @jkowall.