For those who don’t know Goya’s “Saturn Devouring a Son,” it belongs to his series of Black Paintings — and also serves as the best comparison I can make after IoT World Europe Summit, part of TechXLR8, in London last week.
In the painting, the god Cronos, who immutably governs the course of time, is devouring a son. The act of eating your child has been seen, from the point of view of psychoanalysis, as a figuration of impotence.
To relate this to the conference I attended, Saturn is AI and his impotent son is IoT. Sure, there are other brothers waiting their turn to be devoured by their hungry father — augmented reality, virtual reality, blockchain, digital twins .., not even 5G will be spared.
If you’re still waiting for the IoT boom, this event confirmed the fact that IoT is badly wounded — at least in Europe. The few IoT companies that exhibited their products and services showed nothing could overshadow the big winner: the ubiquitous father AI. Although augmented reality and virtual reality presents itself as a great rival, it has yet to beat its competitors.
The speaker lineup this year included a mix of vendor presentations and client success stories, but neither was able to raise the event. The few large IT firms present, including Microsoft, SAP and Oracle, were on the side of the father AI.
Discussions of the first years of the IoT boom revolved around connectivity, security, IoT platforms and even business models. Today, nobody is interested in these topics. I am sorry for those advising in these areas, but it seems that all the fish has been sold in Western Europe.
It was also apparent that the great integrators weren’t present either. Those that should have implemented IoT for years but never risked investing continue to squeeze clients with digitization projects, cloud migration projects, products updates and customized developments. And I believe most of them have done a disservice to the acceleration of IoT.
Also, there was no great IoT news during the event. Perhaps the most important announcement was given by Marc Overton, who took advantage of his presentation to announce the recent collaboration agreement between Sierra Wireless and Microsoft as the industry’s first full-stack IoT offering — something that happened far from the event.
As for my session, it mixed IoT and blockchain, something that would have guaranteed success for attendees over the past two years, but did not arouse enthusiasm this year. It’s evident it is becoming a commodity — something that’s not bad, since we can finally stop speculating about use cases and start using it in our lives and business.
Don’t worry, the life of IoT events will continue; this week alone there are three more:
- Living bits and things in Bled, Slovenia
- IoT Tech Expo Europe in Amsterdam
- IoT Week in Aarhus, Denmark
Organizers and exhibitors need to reinvent IoT events to make them more attractive to visitors and generate qualified leads. We need IoT events where IoT is present in every corner of the floor, on every stage and in every service, including the cafeteria, restrooms, transportation and so forth. We need to breathe IoT every minute. Otherwise, IoT events will continue driving away visitors and exhibitors, and Saturn — AI — devouring a son — IoT — will become a reality.
Thank you for your likes and shares.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
There is no shortage of practical commercialized applications around machine learning, AI and blockchain for IoT throughout enterprise and government organizations. Where we have seen the most value across enterprise and government is within prescriptive maintenance. The science of prescriptive maintenance is finally on the cusp of a major transformation with IoT, edge computing and machine learning all poised to accelerate in an era of 5G, quantum computing and innovation in low-power, high-performance processing applications.
It’s critical for companies and government entities to understand the maturity curve of maintenance so they can determine where their operations currently are, where they want to be and where they will get the most return for their investments in technology and processes. They need to explore how to evolve their maintenance programs with future-proof technologies or at least technologies that are not suddenly outdated in the next few years. Prescriptive maintenance is emerging as the next generation of maintenance strategies and will most certainly be a major part of the fourth Industrial Revolution.
What is meant by prescriptive maintenance? The term prescriptive maintenance is derived from the principle of prescriptive analytics. This concept is a step past prescriptive maintenance and it not only supplies the possible outcomes in a situation, but it also gives the best way to approach the maintenance requirements based on analysis of those outcomes. Prescriptive maintenance techniques are designed to help determine the condition of in-service equipment in order to estimate when maintenance should be performed.
Most prescriptive maintenance is performed while equipment is operating normally to minimize disruption of everyday operations. This maintenance strategy uses the principles of statistical process control to determine when maintenance tasks will be needed in the future. The aim of prescriptive maintenance is first to predict when equipment failure might occur, and second to prevent the occurrence of the failure by performing maintenance. Monitoring for future failure allows maintenance to be planned before the failure occurs.
In prescriptive maintenance, a number of tools and techniques monitor the condition of machines and equipment to predict when problems are going to occur by identifying the symptoms of wear and other failures. Prescriptive maintenance is also a philosophy that uses the equipment’s operating condition to make data-driven decisions to improve quality, productivity and profitability. The difference between preventive and prescriptive maintenance is that preventive maintenance tasks are completed when the machines are shut down and prescriptive maintenance activities are carried out as the machines are running in their normal production modes.
Prescriptive maintenance allows government or commercial entities to lower maintenance costs, extend equipment life, reduce downtime and improve production quality by addressing problems before they cause equipment failures. The more high-quality data fed into the prescriptive model, the better its accuracy. Some examples where prescriptive maintenance can be implemented for enterprise and government include the tying together of live monitoring equipment with historical failures and maintenance logs, along with the spare parts refurbishment inventory and maintenance ticketing systems that automate the process of understanding signals that lead up to failure. Algorithmically, it can then have the system check if there is a spare part in inventory and then process the work order for the maintenance event to happen all in a fluid process.
Anyone can advertise these tools. But note that artificial intelligence, machine learning and blockchain services are only part of the process of building, training and deploying coherent models into production systems. When bringing an AI and deep learning solution to a problem, ensure that experience is represented in all aspects of the technology stack.
Any individual can operate the machine; it requires additional knowledge to manage the system. It is critical to determine ways data can be used to configure and trigger machines, prove authenticity or produce any type of output intended to get a business closer to its goals. Also, work to define a problem well before its solution to ensure that the right data gets to the right person or system at the right time.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Amid eye-popping investment figures, hype and claims from both established and emerging automation vendors, gaining clarity on robotic process automation is now a major issue. As the pioneers of RPA technology — which has fueled a rapidly expanding, yet confused market — we feel that it’s more important than ever to redefine what the technology is and what it isn’t.
Forrester Research identified nearly 40 companies offering some sort of RPA or intelligent automation capabilities. This has led to a lot of hype and disappointment on the part of users for what the technology can actually deliver. RPA assertions are important, and not every vendor can back up its automation claims. True RPA is complex and relatively misunderstood, so without a definitive reference point, organizations risk choosing either the wrong options or bad, poorly designed automation options.
Delivering true RPA
True RPA was designed from the start to successfully operate in large-scale, demanding enterprise deployments to enable tactical, business-led change. Since we began developing and evolving RPA software back in 2001, the technology has played an increasingly significant role in transforming the efficiency and productivity of workplace operations of over a thousand large organizations.
We’re now entering a new era of collaborative technology innovation being enabled by ever-greater, more intelligent business automation: connected-RPA. Connected-RPA enables organizations to increasingly release the combined creativity of digitally savvy business users who really understand their business. By giving them the ability to access and exploit leading-edge cloud, AI, cognitive and other capabilities, they can innovate and swiftly develop new, compelling offerings to keep pace with ever-changing market demand.
The origins of connected-RPA go back to when we started solving the “human middleware” issue in banking environments, where human workers perform mission-critical, repetitive tasks requiring interoperability and integration between enterprise-wide IT systems. RPA was the breakthrough software that carried out tasks in the same way humans do — via an easy-to-control, automated digital worker — or intelligent software robot.
Digital workers have also progressed from not only reading any third-party application like humans, but also conducting work like humans. They are interconnected, communicate with one another to collaborate, share workloads and operate as a highly productive digital team. Digital workers make adjustments according to obstacles — whether different screens, layouts or fonts, application versions, system settings, permissions or even languages.
It’s the unique, universal enterprise connectivity capabilities of digital workers, coupled with the increasingly intelligent way that they operate, that’s now being harnessed by business users to integrate with and orchestrate any new or existing technology application. Business users simply create automated processes by drawing and designing process flowcharts, which are then used by the digital worker to automate a task.
Having both human and digital workers working together, while seamlessly interacting with existing and new applications, creates a powerful, intelligent, collaborative digital ecosystem, which is the essence of connected-RPA. This also provides the foundation for ongoing digital transformation, and leading industry academics expect connected-RPA to emerge as the execution platform of choice for best-of-breed AI and cognitive technologies across the enterprise.
Although connected-RPA is business-led, to maintain long-term success it must operate in an IT-endorsed and controlled environment. Therefore, to ensure that they’re trusted by demanding enterprises, digital workers are designed to be scalable, robust, secure, controllable and intelligent. Business users train digital workers without coding, so the system infrastructure remains intact and IT development isn’t needed. If code is used to build automations outside the technology department, unwelcome shadow IT is introduced, along with unaudited process models that represent threats such as backdoors, security flaws and audit failures.
The process models run by the digital worker are made explicit in the process flow chart for each process automated, which is subject to audit and change control and security with dual-key authentication. This approach is highly secure and compliant, as all documentation is securely managed within a connected-RPA platform and protects the business from rogue employees, rogue robots and shadow IT.
Beware of imitators
The majority of newer RPA-labelled offerings, such as robotic desktop automation (RDA), desktop robot, or attended RPA, have been designed to deliver multiple, short record-and-replay tactical automations for navigating systems on desktops. Let’s be very clear: These automation technologies offer limited scaling capabilities and are masquerading as real RPA technology.
Desktop automation’s big promise is that business users working in front and back offices and across different departments can record a process and have software robots deployed within hours. Where processes are complex and require more technical skills, users can automate just some parts of the process that can be recorded and leave the rest. Organizations are being assured that their business users don’t need to involve the IT department, so by bypassing the IT work queue, they can experience both business benefits and ROI faster than other RPA approaches.
The problem with desktop recording and the notion of a personal software robot is that a single human user is given autonomy over a part of the technology estate — their desktop — which introduces a lack of control and by extension creates multiple security and compliance issues. Desktop recording spells trouble for the enterprise as it captures choices based on an individual’s interpretation of a process versus a central consensus for the best path. This obscures a robot’s transparency and hides process steps, which when duplicated over time becomes a potential security threat and limit to scale.
There are two other major drawbacks of the desktop approach to automation. First, if a robot and a human share a login, no one knows who’s responsible for the process; this creates a massive security and audit hole. Secondly, if a robot and a human share a PC, there’s zero productivity gain as humans can use corporate systems as fast as robots. So, this approach doesn’t save any time or make the process any slicker for a user.
By restricting automation to a multidesktop environment outside of the IT department or any central control, RDA vendors are effectively sanctioning and using shadow IT as part of their deployment methodology. This is potentially damaging for an organization as shadow IT, in the context of RDA, means unstructured, undocumented and uncontrolled technologies become part of business process flows.
For example, consider the creator of a desktop-automated process leaves the company or an organization changes. This can lead to audit failure due to an unknown fulfillment activity taking place or security holes, such as passwords embedded in these lost processes, fraud and denial of service. If your business allows departments to build these recorded desktop RDA scripts, then over time you will eventually create a shadow IT nightmare.
Ultimately, as the core architecture of desktop automation isn’t built on strong foundations, it may not be fit for the long-term demands of an enterprise environment. Many of these deployments never get beyond simple subtasks which have been executed using an agent’s login and run on their own desktop. Although they may help that particular task, they deliver limited capabilities and are not transformative at all.
Ultimately, false RPA limits the scale and potential of the technology to the confines of the desktop and introduces a variety of risks, too. True connected-RPA provides a platform for collaboration, securely and at scale, across more than 1,300 large organizations where human workers, systems and applications are already creating a powerful, intelligent, safe ecosystem of partners that enable a real digital transformation.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
As industry experts project a continued explosion in the number of IoT devices connected globally, security remains a hot topic — at least partly because of the significant challenges it brings. Despite IoT being a relatively new industry, there have already been many high-profile security breaches. Perhaps the biggest example to date is the Mirai botnet in 2016, where thousands of devices, such as cameras and DVR players, were infected and a massive denial-of-service attack was launched. The attack affected major services on the internet, including many leading brands like Twitter, The Guardian, Netflix, Reddit and CNN.
Given the severity of this and other breaches, unsurprisingly security remains one of the top technical barriers to IoT implementation success according to a survey published by Gartner in 2018. Undoubtedly, insecure devices and related breaches can result in lost revenue, brand impact and liability for manufacturers and distributors. And, for some IoT applications in areas like healthcare, critical infrastructure and automotive, even human safety can be at risk.
Identity is key to security
IoT brings a new and intricate scale to securing devices as deployments can be large and distributed, and often include mobile devices. Although security remains at the forefront, the industry is still largely grappling with how best to secure IoT deployments. Deployments often undergo a complex manufacturing process with multiple steps and potentially many production lines. Because of these complexities, security is perceived to be difficult, often falling low on the agenda. And as manufacturers are driven to get products to market quickly to maintain a competitive edge, security is often deprioritized instead of ideally being built in from the start.
As a result, the IoT security discussion takes many forms, involves many possible components and still includes a fair amount of confusion. However, underpinning all IoT security schemes is one fundamental requirement: the essential ability to identify devices and services and ensure that they are, in fact, who or what they say they are. This seems simple, but can be detrimental to the protection and governance of an IoT ecosystem if overlooked.
A device identity can take a number of forms; sometimes developers use a piece of information that already resides in one of the existing components, for example, a network MAC address or serial number burned into a microprocessor, or even worse, a hardcoded password compiled into the firmware. These sorts of identities aren’t very secure, are easy to spoof and can’t be used to either guarantee the identity of a device or to secure communications between the device and a service.
Managing IoT complexity with a PKI
To enable a truly trusted ecosystem, each device must be authenticated with an embedded and cryptographically provable identity. If you can’t trust the identity of the device, then you can’t trust the data you receive from the device. This is where public key infrastructure (PKI) comes in. The main purpose of a PKI is to manage keys and certificates that are used to enable trusted infrastructures by enabling parties to mutually authenticate, to transmit data securely between each other and to prove that specific data genuinely came from the party that it claims to have come from. The same elements of trust are required to secure IoT. We need to trust that each device is the one it claims to be and that the device is talking to the appropriate service — both components want to know the communications between them are secure and that there has been no data tampering.
Once a device has a trusted identity, then all the other services and communications from it can be protected. For example, on a medical device, the personal health data being transmitted is sensitive, so it is important to encrypt the communications such that only the authorized healthcare provider can decrypt it. Those encryption keys can be delivered as part of the device’s identity.
Options for implementing a PKI
Fortunately, there are several options for including this critical element of the IoT security puzzle. Many traditional PKI services are available or you may decide to build your own.
Many traditional PKIs were designed to support the delivery of certificates for websites to secure SSL or to deliver employee credentials enabling access to certain services — for example, only managers can access payroll data — to enable VPNs providing secured communications or managing building access control. PKI providers typically haven’t needed to design their infrastructure to scale to the levels required for delivery into IoT. IoT deployments can scale to tens or hundreds of thousands of devices at a time, such as CCTV cameras covering a large metropolitan area. Traditional PKIs also may not support the delivery of custom secured payloads, like secure applications, XML files or other data structures as per your security model. To be sure to choose the right provider, look for one that specializes in delivering device identities.
What about running it yourself? It’s possible, but it’s hard to get right and you are better off leaving it to the experts. There are complexities around running a PKI that require careful consideration. It not only requires a lot of infrastructure, including servers and hardware security modules, but also physically secure data centers with access control and policies. People need to be vetted and processes need to be put in place to ensure no single person can gain access to the keys.
So, now that you know the secret, the most important aspect of any IoT security scheme is that it’s built on the concept of a trusted identity. As identity underpins everything else, it needs to be included in the design from the start, and it should be built on proven trusted technology.
Amazon Prime devotees may not pay much attention to the by-the-minute, step-by-step updates to shipping statuses they can access about their purchases, but this is proof of the triumph of IoT writ large in everyday life. IoT has changed how goods are brought to market, and it has the potential to change the future of mobility even further.
A central component to economic growth is the movement of goods and people. As demographic shifts change where people live and work and the world’s population become more urban, strong transportation networks will be key to continued growth and prosperity for all nations and will have a blunting effect on inequality. IoT can help bolster the resilience of these transportation systems by offering real-time monitoring, adjustments to optimize the flow of goods and people, automation of some services and predictive analytics that can anticipate future needs. These efficiency gains will be all the more important because simply building more infrastructure will not solve the problems posed by rapid urbanization, lack of hierarchical roadway systems, increased motorization, poorly maintained or inadequately built infrastructure and a lack of overall resources. The future of mobility must include IoT capabilities that allow for the monitoring, regulation and logistical support to make a transportation network truly resilient.
Recent research by my colleague, Mariyam Hasham, shows some of the best uses of IoT can already be seen in transportation and logistics companies, where IoT applications are used to track and trace, for network efficiency and to reduce idle time. Real-time monitoring allows for better asset maintenance, and the use of predictive analytics can speed up turnover in supply and demand chains. For transport and logistics companies that have supermarkets and other retailers with a high turnover of goods, the benefits of just-in-time deliveries made possible by IoT reduces overheads and ensures optimum freshness of products. For customers who order a product online, 88% expect to have the ability to track their order from time of purchase throughout the shipping chain until final delivery.
Organizations that manage a fleet can take advantage of IoT capabilities such as intelligent dispatching, real-time incident response and asset monitoring. The logistical complexity of managing vast fleets across multiple countries and supply chains can be simplified by combining IoT applications that provide wide real-time monitoring. This leads to fluidly interconnected business systems, but that allow for customization to meet specific fleet and customer needs. For example, transportation and logistics companies that transport perishable or fragile goods can use IoT technologies to continuously monitor and adjust temperatures without human intervention. This reduces costs through spoilage or contractual failure.
By implementing IoT technologies, transport and logistics companies make their supply chains more resilient, improve their customer interactions, reduce costs and improve their efficacies. Additionally, these initial IoT systems will create the groundwork for city-wide systems that enable driverless cars, improved public transportation systems and a coming revolution in mobility services.
Concerns about security continue to hinder the adoption of IoT devices. Enterprise customers indeed are interested in buying more IoT devices, but only if vendors can provide better security for them.
Bain & Company conducted research into the attitudes of enterprise buyers about cybersecurity and the internet of things, and we found that executives would buy, on average, 70% more IoT devices for their systems if cybersecurity concerns were addressed, compared with what they would buy if the status quo remains. Additionally, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security. Bain estimates that improving security for these devices could grow the IoT cybersecurity market by $9 billion to $11 billion in 2020.
For IoT device vendors — companies that make IoT devices as well as those that provide related solutions — the message is clear: Improve security to gain a competitive edge and expand your market.
Most executives we surveyed (60%) said they are very concerned about the risks IoT devices pose to their companies — not surprising, given the damage that an IoT security breach can cause to operations, revenue and safety. When poorly protected, IoT devices can allow access to enterprise systems, resulting in large data breaches. For example, in January 2018, a Mirai malware variant called Okiru targeted ARC processors embedded in billions of IoT products.
Executives who manage security say they want technologies that are highly effective, easy to integrate and flexible to deploy. Companies take a range of approaches to meet their security needs based on their capabilities and the availability of marketplace mechanisms from vendors. Only about a third of IoT cybersecurity systems used today are from IoT device vendors, indicating that vendors either are not offering holistic, high-quality technologies that meet consumer needs or are not promoting them well enough. Our research found that companies with the most advanced cybersecurity capabilities rely more on internally developed security mechanisms, not only because they may have more complex needs, but also because they are more likely to have the resources to develop their own technologies. As might be expected, companies with ad-hoc security capabilities have the most gaps across all IoT layers that we tested, including access interface, applications, data, hardware and operating system, network and operations.
We also looked at how companies deploy technologies by layer of security, and found ample opportunity for IoT device vendors at every layer of the stack. Our survey shows that the access interface layer has the greatest level of protection, whether internally developed or provided by a manufacturer or third party. Other layers of the stack are protected by more internal systems — or, in some cases, none at all.
IoT device vendors and ecosystem players that move quickly to improve the security around IoT devices are likely to reap rewards, both from their ability to earn a premium and from an expanded market.
First, manufacturers need to understand how customers are using their devices. Refreshing their understanding of customer use cases every 12 to 18 months will allow them to stay on top of evolving security requirements and identify unmet needs. Ascertaining the average cybersecurity maturity level of their customers will help manufacturers invest in the appropriate out-of-the-box and add-on systems.
Second, manufacturers should provide cybersecurity capabilities on the device and, when possible, partner with trusted cybersecurity vendors to offer additional systems. Engineering teams should embed secure development practices into the software and hardware components of the device, and provide inherent technologies for the access interface, apps, data and device layers.
Third, manufacturers also need to meet quality assurance thresholds and be able to certify that their IoT devices are free from known vulnerabilities. This would mitigate a major pain point for customers, who sometimes install new devices without realizing they contain vulnerabilities. Deploying a more methodical process to identify and remove vulnerabilities across layers, or engaging third-party vulnerability scanning and penetration test firms, can help manufacturers meet this bar.
Finally, manufacturers can fulfill their obligations during the warranty period by continuously testing for new vulnerabilities and by providing software and firmware updates, as well as feature and functionality upgrades for out-of-the-box and aftermarket systems. Delivering updates to firmware, operating systems and applications in response to newly discovered security vulnerabilities should remain a top priority throughout the warranty period.
These four steps are a start, though by no means all it will take to begin addressing the security concerns that are holding back IoT device adoption. While growth in IoT markets seems destined to continue its inexorable march, many enterprise customers will continue to move cautiously until they can gain some reasonable assurance of security — not only of their data, but also of the operations that increasingly rely on devices, sensors and IoT.
This article was co-written by Ann Bosche, a partner with Bain’s Global Technology practice, and Frank Ford, a partner with Bain’s IT practice. Ann is based in San Francisco and Frank is based in London.
A mere buzzword a few years ago, IoT has come to define modern technology: digital, smart, connected. From watches to vehicles and from homes to entire cities, our world is becoming smarter and more connected by the day.
However, IoT’s promise of a more convenient, more efficient future comes with drawbacks. Smart devices don’t always live up to their name. While they are smart at doing what they were designed to do, most are lacking when it comes to peripheral areas — security in particular.
In recent years, the IoT ecosystem has become a hot target for bad actors, affecting everyone from consumers to critical infrastructure. The healthcare sector in particular has become a lucrative target, not only because it’s one of the most IoT-centric industries, but also because it handles the most sensitive data: personally identifiable information and health data. Protecting medical IoT gear is tough, because embedded devices don’t support individual security agents. So how, then, can we protect medical IoT products?
Lack of security puts lives at risk
Frost & Sullivan estimated IoMT devices will number between 20 and 30 billion by 2020, and will be used for anything from remote patient care to hospital operations to interoperability and data management.
These devices have embedded operating systems, which means they usually don’t allow third-party software into the OS or, even worse, can’t be patched. As IoMT devices proliferate beyond hospital grounds, connected medical equipment used in homes and even in human bodies has become vulnerable to attacks.
Medical IoT security incidents are on the rise, according to the 2018 HIMSS Cybersecurity Survey. A study by Netherlands-based Irdeto goes even further, showing how organizations in transportation, manufacturing and healthcare have suffered substantial losses due to IoT-related incidents. According to the report, such incidents cost on average more than $330,000. Of the 700 enterprises surveyed across China, Germany, Japan, UK and the U.S., 80% admitted to suffering an IoT-related cyberattack in the past year. And almost half of respondents said they need additional expertise within the organization to address all aspects of cybersecurity. More worrying is the fact that 82% of organizations that manufacture IoT devices are themselves concerned that what they put on the market is not adequately secured against potential cyberattacks.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency recently issued an urgent notice that researchers found a potentially deadly flaw in cardio defibrillators equipped with wireless functions.
Patient data is a hot commodity
The dangers don’t stop at the hardware level. IoMT devices frequently access healthcare networks, expanding the attack surface for criminals to steal electronic medical records and other patient data. Cybercriminals then use the data for monetizing because it is especially lucrative in fraud and extortion campaigns.
As IoMT devices continue to proliferate, and with it the potential for attacks and network breaches, healthcare organizations must be prepared to monitor and detect threats for thousands of endpoints. This means an additional challenge of ensuring the best security posture along with meeting stringent compliance measures.
Catching attackers in transit
The inability to install security reporting agents on individual IoT devices has brought to light a serious issue: Attacks are typically detected when it’s too late. This challenge has given birth to a new category of security mechanisms expressly designed for individual and networked IoT devices. These systems use network traffic analytics (NTA), a technology that lets IT admins detect anomalous network traffic behavior they would normally have missed without the need to install an agent.
The technology is well suited to healthcare environments where IT staff is limited and the specialized skill set of a cybersecurity analyst may not be among the ranks.
The value of NTA is two-fold. First, it identifies and reports what looks like anomalous network traffic without any agents installed by non-intrusively taking a copy of the network traffic for analysis. Second, it focuses on the network traffic metadata without the need for deep packet inspection, thus providing insights into all traffic — regardless if it’s encrypted or not. This also means NTA meets the compliance requirements of GDPR, HIPAA and the like, allowing logs to be stored for future forensics analysis.
Perhaps most importantly, NTA automates the process of security incident triage to accelerate investigations and reduce the number of trivial alerts, addressing the ongoing issues associated with alert fatigue that so many IT personnel face. It uses machine learning models trained in complex scenarios to correlate thousands of events and report anomalous traffic with high accuracy. Additionally, NTA provides detailed explanations for the incident severity score and recommends remedial actions to speed up incident response.
Whether you’re a small medical practice or a state-level healthcare institution, an NTA-based security tool dramatically reduces the risk of exposure to your IT infrastructure, sensitive medical equipment, patient data and even patient lives from the increasingly sophisticated online threats.
IoT is the Rubik’s Cube of business technology. Every company’s playing with it, a few are starting to nail it and many are stuck rotating through possible solutions that aren’t really panning out.
As with the confounding cube, learning the experts’ secret tricks will increase your chances of succeeding time after time.
The foundation of solving the IoT puzzle is this: Both the starting point and ultimate objective are the use case. A use case is a list of actions spelling out how a person and system(s) accomplish a particular goal.
At the outset of any IoT assignment, we invest ample time working through the use case with clients using this tripartite focus: people, systems and goals. Then we dig into our bag of tricks:
First, convene all the players. One of the biggest mistakes businesses make when they launch IoT initiatives is focusing too little on the people part of the use case. Every initiative should start with people. When you’ve identified the broad outlines of a use case — say, your company wants to better manage its truck fleet — get everyone involved in the room and ask them to share their dream scenarios for connectivity, insights and actions.
The fleet manager will want to know where the trucks are at a moment’s notice. The CEO will want to be able to tell how much money the fleet is making or losing. Maintenance will want to know what trucks need to be fixed when and where the parts are. Customers will want to know where their delivery is and when it will arrive. Drivers will want to know their schedule, performance versus their peers and how they’re faring on incentives. The CFO will want to know about extra capacity in the fleet. Customer service will want to know about breakdowns and ETAs for getting back on the road. The list gets long, which is a good thing: Potential uses equal potential business gains. You can prioritize later.
Second, create personas. The brainstorm is just the start. As you refine your IoT plan with your core team, create personas — fictional identities — for all the stakeholders, including those outside your organization, who would conceivably touch the things, data and insights in your IoT system, and who will take or feel the actions. Visually map personas to every use case you put on the drawing board. In the corporate truck fleet, that group would probably be the people mentioned above plus truck manufacturers, insurers, lawyers and logistics experts, for starters.
Third, be sure to span departments. Let’s say the truck fleet is owned by a city, and its fire department needs a big vehicle to block Elm Avenue commuter traffic during a fire. The best-placed available truck with an on-shift driver might be in public works, sanitation or parks and rec, or it might even be a school bus. Make sure your IoT use case spans all the departments, because an asset is an asset no matter whose name is on it.
Fourth, think of your IoT endeavors in terms of a platform first. You may not see it yet, but your business will have as many use cases as it has roles and functions inside the organization. That means you’re better off with an approach that is inclusive and flexible instead of narrow and tech-specific. Ideally, the goal is to create platforms for your things that can consume data in any form and share it via any device. Too often, companies handcuff themselves by building a project around one use case and one proprietary technology. The organization can’t extend, scale, modify or sustain the app, and not surprisingly, there’s negligible return on their investment.
Fifth, keep your eye on the KPI and the ROI. The ideal first IoT project is one with a high potential return on investment, but that’s simple enough to get done. Once you ace a simple project, you can go bolder and more complex. When you do choose a concept, apply numbers to everything, including expected cost, savings, revenue, operating efficiency, customer experience value and so forth. Every use case implies a set of quantifiable key performance indicators that will yield actionable insights. It’s critical to identify those KPIs.
Finally, plow your insights back into the business. In your early planning stages, your concept must show the data you capture being re-ingested by people inside the organization, either to drive the actions of a user or do something on the back end, for example, initiate a repair ticket. If you’re capturing data and not using it to make your people smarter and better at what they do, then it’s not a viable IoT use case.
These tricks — which admittedly smack of common sense — will help anyone more quickly solve the puzzle of IoT, whether you’re managing a smart truck fleet, factory, store chain, health care operation, workforce, energy grid or city.
And soon, as with the multicolored cube that used to be so perplexing, everyone will be getting it right.
All entrepreneurs dream of the moment when their startup becomes a unicorn. Every startup craves the unexplainable valuation that is gifted to companies that burn through cash but continue to attract and retain investors. Every employee imagines the moment his company rings the bell at the New York Stock Exchange and his equity stake triples in value in a single day.
The climb to unicorn valuation is shrouded in mystery — and some would say covered in clouds. But one component of unicorn valuation that should be the obsession of every leadership team is the contribution from one of the financial world’s most underreported intangible assets.
The growth of intangible assets on corporate balance sheets
Intangible assets are those that are nonphysical, but identifiable. Examples include patents, copyrights, licensing agreements and even website domains. Intangible assets, with the exception of goodwill, can be bought and sold independently of core business revenue products. Historically, tangible assets, including cash, inventory, investments and even real estate, were the majority of the components of any company’s balance sheet. But I recently discovered a Forbes article that made a dramatic claim: “Intangibles have grown from filling 20% of corporate balance sheets to 80%.” This is a trend that will continue because most companies do not yet include what should be, and what already is for many, one of the most highly valued intangible assets: data.
Warning! Data swamps ahead
In every industry, the value of data is skyrocketing, and it will soon become a common practice to include the value of this intangible asset on every company’s balance sheet. The path to unicorn valuation gets a lot shorter if this invaluable intangible asset is monetized correctly. Collecting massive volumes of data spanning customer information, operations and supply chain, product development and delivery, and financial and industry trends is a key first step. But when that first step leads to a data swamp, that asset becomes a liability, especially in the face of data privacy and regulatory expectations. Architecting a unified and executable strategy — that word executable is very important when companies get distracted by “free” open source software — is the fork in the road between a highly valued intangible asset and high-risk liability. Analyzing the data without limitations on volume, without compromises on speed, and without well-built bridges between data repositories is not easy, but it’s mandatory.
Short-sighted data brokers miss out on major windfalls
Given the challenges of an executable unified analytics strategy, the first thought that many enterprises have when they seek to monetize their data is to sell it. Data brokering is a relatively straightforward way to add a revenue stream and monetize data. But truly data-savvy companies know that selling their most valuable asset is short-term thinking at best. Consider a company like Netflix, which knows so much about what each of us watches, our interests, the timing of our watching, the keywords and genres we search for and so much more. That data is obviously valuable to many other companies, but Netflix knows that using that data to better engage us all as customers, including algorithmic-driven analytics to create personalized recommendations, as well as providing guidance for its own content creation and development decisions, is the most effective way to capitalize on its data.
New revenue-generating services for auto manufacturers
Automobile manufacturers are following the same path. Tesla is leading the way, but companies like GM, Chevrolet, Ford and BMW are not far behind. The volume of data that these manufacturers are collecting today spans every component of their vehicles and every aspect of how and where and when those vehicles are used by customers. This data is easily classified as one of the most highly valued intangible assets when you consider the new services that could — and will! — be created based on this highly personalized data. Imagine a service offered by your automobile manufacturer that provides you, not your insurance provider, with data that shows your safe driving actions, including following speed limits, blinker usage and no heavy braking due to tailgating. This service is now a benefit to customers, not a threat, and it is also a net-new revenue opportunity for the manufacturer.
Increasing shareholder value by monetizing and protecting data
The balance sheet is a very simple concept. Assets minus liabilities equals shareholder value. The bigger the total asset value is, the better — unless the liability is growing as well. Big data can make a big difference on both sides of the balance sheet, but the true industry disruptors know that building the intangible asset valuation of their data puts money in their pockets and drives the greatest market differentiation.
Everyone has patents, licenses, goodwill and the standard intangible assets. But not everyone is taking action to build up what is soon to be the most valuable intangible asset: data. When I consider my own personal investment strategy, I carefully consider the indications that the company whose shares I am evaluating is focusing on both monetizing and protecting their most valuable intangible asset. Smart investors like Warren Buffett, Jeff Bezos and Peter Thiel did exactly that over the last couple of decades and their strategy clearly paid off — and paid out.
A senior executive from Ericsson recently started a discussion about horizontal IoT platforms. Horizontal IoT platforms are general-purpose platforms. They include reusable functions to support applications in many different industry verticals. Horizontal platforms look appealing in concept. However, a common criticism is that they are a distraction from immediate needs. They might also compromise on the specific needs for vertical use cases. Somehow, this implies a suboptimal solution.
The advice to solution providers from Ericsson’s Rob Tiffany was to start solving specific problems related to connected intelligence that are customer pain points. Customer pain points are an appealing way to tackle IoT applications: They capture management’s attention. They provide organizational focus. Their boundaries are cleaner, making for a straightforward business case. And, successful implementation yields immediate and visible results.
But should that be the end of the debate? No, not in a market where industrial organizations are still learning about IoT.
Keep in mind that IoT technologies cover topics that are outside the core competencies of many industrial organizations. Moreover, while near-term solutions are good, their knowledge deficit means that longer-term considerations are not even on the radar. Think of the typical IoT pilot project or the IoT solution team working on a well-defined use case. How many of them are planning ahead for second-generation requirements? How many are thinking about the need to scale up and support multiple applications? What about interoperability for cross-silo applications or opening solution stacks to partners in an extended value chain? And how about secondary uses and business models for IoT data?
Strategy is more important than IoT technology
A growing school of thought argues that organizations need to take a strategic approach to their IoT deployments, one that emphasizes horizontal capabilities. Rami Avidan, now of Deutsche Telekom’s T-Systems business unit, talked about strategy rather than technology as the critical challenge of enterprise IoT adoption. He explained the choices that businesses face. An organization will have fast results if it is selling a service that gains uptake rapidly. Conversely, if an organization is digitizing a factory, that’s not a quick fix. The work involved in deploying sensors, linking them, optimizing the data and changing the behavior of machines is a long-term process.
He also pointed out that partners, ecosystems and standardization are three critical elements in delivering viable solutions. Partners are essential because there are so many elements in delivering an IoT application; no single organization has mastery over all of the solution elements. Ecosystems represent environments where partners have laid the groundwork to collaborate. This eliminates many of the technical pitfalls. Ecosystems also provide workable commercial models and solution templates. Standardization addresses longer-term benefits by providing clear rules of engagement on technologies, notably in the area of security.
There is a broader recognition about the value of IoT standardization. Here is a recent viewpoint from Enrico Scarrone, who works for Telecom Italia Mobile and is the Steering Committee Chair of the oneM2M standardization initiative. His observations describe the impact of fragmentation and integration costs on the viability of IoT solutions. This may not matter to some companies — they will focus on commercial imperatives and use a quick, off-the-shelf solution that meets their application needs. Others companies will decide that product sustainability is more important. In this case, they will opt for a standards-based system. As Scarrone observed, there is not a default decision that works for all companies and differing product timeframes.
The consequences for purely vertical thinking, however, are to build downstream switching or systems integration costs into IoT applications. With horizontal thinking, some of those costs are brought forward in time. That probably implies a financial and time-to-market penalty. On the flip side, it encourages designers, operators and mangers to consider sustainability issues. This covers the potential to extend their IoT applications and to look for expansion opportunities arising out of cross-silo possibilities.
For companies adopting IoT concepts into their business operations, the question is whether they are in it for the short of the long haul.