Those who regularly read my articles know that I like movies and TV series. Just remember my article, “About IoT platforms, super powers methodology, superheroes and supervillains.”
This time my article is dedicated to the two trilogies: Jurassic Park and Jurassic World (the latter still pending the third movie).
Sure, millions of years have not since the appearance of the first telemetry species and its evolved cousins of machine-to-machine. But the tempo in technology is measured differently. The unit of time for tech has to do with the Gartner Hype Cycle. For Gartner, technologies pass quickly from “innovation trigger” to “productivity.” Companies that want to appear in a Gartner Magic Quadrant have to successfully adopt these technologies or are they are condemned to disappear.
Large companies that have been in the IT world for more than 15 years may seem like dinosaurs and they are afraid of disappearing because of a meteorite (IoT, metaphorically).
Here I present some technology companies that we could consider dinosaurs that are undergoing a cloning, or transformation, to adapt to the new world of IoT, AI or blockchain. As usual in this type of articles, the included companies and the classification is subjective. Therefore, not all dinosaurs are represented (47 species of cloned animals have been portrayed in the novels and films), nor can all companies be represented by the dinosaur that I have chosen for them.
Welcome to my “Jurassic World” of IoT.
The threats to these cloned dinosaurs are constant. Despite a dinosaur’s size and strength, many predators lurk to take down the giant — take Uptake’s digital safe package over GE Digital, for example.
Some species go in packs to survive — just look at Google and Ayla Networks or Microsoft and Electric Imp — while others seek alliances with cousin giants, like Rockwell Automation making a $1 billion stake in software maker PTC, as the best way to reign in their territory.
There are also dinosaurs in the west world of the telcos, as well as in the world of industrial companies that are adapting or cloning — but that is another story.
Your comments and suggestions can vary my “Jurassic World” table of IoT.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Today, more than half — 59% — of the professional services sector doesn’t have a single digital business strategy. For most professional services organizations, that means IoT initiatives that are still stuck in the earliest stages of adoption in best-case scenarios.
And, since many of these companies feature small employee headcounts, a large portion of the professional services industry is still struggling to implement the internet of things. Unfortunately for these enterprises, a lack of technical expertise and/or limited IT resources makes it difficult to understand the business value of an IoT system — much less successfully deploy one.
For now, professional services organizations perform most data management tasks from within company-owned data centers and public cloud storage networks. However, as the desire for real-time trends and insights continues to grow, this industry will become more and more motivated to make IoT work because of the technology’s ability to perform these activities at the edge of enterprise networks instead. In fact, almost half of the industry uses these flexible technologies to perform IoT data analysis, aggregation and filtering tasks closer to each original data collection source.
As IoT penetrates professional services, expect this sector’s tech-savvy leaders to use endpoints for more than just an expanded variety of network edge tasks — many organizations will look to create competitive advantages with these endpoints, too. If this industry’s enterprises can overcome the significant investment IoT requires, don’t be surprised to see automated facilities maintenance and supply chain workflows within the next year or two — not to mention other business benefits like brand-new market insights, more efficient processes, additional sales opportunities and more data feedback than ever regarding client habits and product/service quality.
Before any professional services business can capitalize on the value IoT creates, however, it must overcome five significant challenges:
Like any other major mobile technology deployment, IoT gives professional services organizations a variety of new endpoint devices to use every day at work. While this creates obvious benefits for the business implementing these innovations, it also opens new avenues for cyberattackers to invade corporate networks, too. If a company invests in IoT, it’s important it also reexamines all existing digital security strategies to make sure they’re updated and include systems to deal with IoT’s most serious threats.
For professional services IT leaders, IoT isn’t as scary as one might think. In fact, many organizations already use most — if not all — the data collection systems IoT needs. The hurdle for these enterprises is centralizing these systems, which have almost exclusively been maintained on separate networks to this point. So, the industry doesn’t need to start from scratch to assemble its IoT infrastructure — it just needs to find an efficient way to unify existing systems and streamline data communications across a single network.
Lack of resources
Some of the sector’s largest, resource-right companies can construct their own customized and centralized IoT management platform. For everybody else, IoT isn’t quite that straightforward. Fortunately, affordable cloud-based SaaS offerings can help. Professional services enterprises are already using these technologies to integrate disparate systems, enhance IoT security and perform data analytics in a cost-efficient manner.
While implementing an IoT program is impressive, it’s only the first step of these advanced projects. The more difficult challenge is collecting and communicating the vast amount of raw data in a way that satisfies organizational stakeholders and benefits the overall business. After all, even something that appears to be the most inconsequential data point possible could unlock and fuel future innovation if it’s combined with another data set or handed off to the right employee.
After IoT has been implemented and integrated into existing enterprise workflows, program security and endpoint safety become paramount. These advanced mobile technologies require not only multiple layers of protection, but also need to be flexible enough to grow and evolve as the needs of professional services companies change. To protect sensitive data from hackers and cybercriminals, ensure your IoT initiative uses these four tools:
- Firewall — Firewalls have been used in enterprise technology for years and are considered an essential part of today’s digital security efforts. By blocking unauthorized network access in a way that still allows external communication, these advanced products are designed to work seamlessly with the millions of unique IoT device types out there.
- Encryption — Data is too valuable in today’s digital business environment to leave unprotected — whether it’s at rest on a mobile device or being transported across a global network. Encryption algorithms make sure this happens by scrambling IoT endpoint feedback, rendering it useless to any recipient that isn’t authorized to have a decryption key.
- Authorization — Before the first IoT device is ever deployed, organizations need to have a policy in place to control user behavior and the inevitable surge of mobile network traffic. Professional services workplace policies should clearly define user permissions and company-wide systems access permissions. Some of today’s most advanced authorization projects even include outlined task management automations for future implementation initiatives.
- Network segmentation — Because IoT requires multiple networks and interconnected enterprise systems, a single external breach carries the potential to create problems for a wider-than-ever range of connected business endpoints. Companies should review how their IoT infrastructure is connected and supported to intentionally separate systems wherever critical technologies, systems and devices are housed. That way, these mission-critical mobile endpoints are left unaffected even in the most widespread intrusion attempts.
As the professional services sector begins to increase its IoT investments, enterprises need to prepare for the myriad of strategy and security risks this technology can create. A managed mobility software partner not only eliminates this burden from any company considering an advanced IoT deployment, but also increases the likelihood of impactful and successful initiatives going forward.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The growth of the IoT industry is impressive, with examples of new use cases continuing to develop almost daily. However, although the industry may be booming, if organizations move too far away from the objectives digitization was designed to address — enhancing day-to-day experiences — the market risks stagnation and undoing the rapid progress that has been achieved so far.
Jason Kay, CCO at IMS Evolve, explains that while a priority for IoT is creating more efficient processes, ultimately those efficiencies should also address issues that are key to the customer experience. From food quality to environmental standards and minimizing product waste, these objectives will not be met solely by automating processes, but by automating outcomes.
There are several possible theories as to why businesses are not making the projected progress towards successful digitization. Overwhelmed by the number of choices when it comes to innovative technologies? Projects with unrealistic goals? A belief, encouraged by some IT vendors, that digitization requires high-cost, high-risk rip-and-replace deployments? Although worthwhile considerations, these are the symptoms, not the cause. The reason for the lack of progression towards effective digitization is that the outcomes businesses are working toward have no correlation with the core business purposes.
Isolated digitization projects with siloed objectives deliver limited value that can be easily absorbed by unavoidable business costs shortly after project completion. These short-term enhancements make ROI difficult to prove and make projects highly vulnerable under C-suite scrutiny.
In order to accelerate the digitization of an organization, a new approach is required. Although disruptive strategies may appear threatening to current business models, when these projects are executed correctly they not only deliver aggressive ROI and efficiency gains, but present the opportunity to explore new revenue streams and business models. By prioritizing the core objectives of the organization, tangible business value aligned with clearly defined outcomes can be identified, as well as opportunities to reduce costs.
In some ways, the IT industry has inadvertently incited this situation by offering new technologies that on face value appear forward-thinking and innovative, such as artificial intelligence and augmented reality, that don’t deliver tangible value to customers. IoT systems and propositions that have weak ROI due to requiring significant investment and a total infrastructure rebuild causing massive disruption to day-to-day business also waste valuable time and money. As a result, this confusion creates a challenge for businesses to establish viable, deliverable and future-proof digitization strategies. Furthermore, if the focus does not progress from single, process-led goals, this confusion will only continue and the perception of IoT technologies will deteriorate.
Through business-wide collaboration that focuses on the organization’s primary objectives, the true potential of digitization can be achieved. Without this outcome-led approach and with a misplaced focus on digitization projects that fail to add up to a consistent strategy, organizations will not be able to capitalize on the opportunity to use existing infrastructure to drive business value.
Consider the deployment of an IoT layer across refrigeration assets throughout the supply chain to monitor and manage temperature. A process-based strategy would priorities creating efficiencies, as well as potentially utilizing rapid access to refrigeration monitors and controls, together with energy tariffs, to lower costs and energy consumption. However, limiting an IoT project to one single, energy-reduction initiative may fail to demonstrate the full potential of ongoing benefits to management.
By collaborating with multiple teams, such as food safety and compliance, maintenance and merchandising, the scope of the technology can drastically increase. Real-time data from refrigeration assets can be contextualized with merchandising data to automate temperatures and correlate with the specific produce type within the case. With produce being kept at optimum temperatures, shelf-life will improve, waste will reduce and basket size may even increase due to aesthetics and availability. In another example, real-time monitoring of refrigerated asset performance can be used to inform and improve maintenance productivity, moving from reactive to predictive regimes, again improving asset availability and performance and therefore, product quality and customer experience.
There are now multiple opportunities to reduce waste, improve productivity and increase sales from one single IoT deployment, going far beyond incremental energy cost reduction and using the same existing assets and data used for energy management.
Sustainable digitization strategy
In order to move toward a future-proof, strategic realization, businesses must consider how digitization will address wider organizational outcomes, including the impact on customer experience, sustainability requirements and macroeconomic impacts. Collaboration across multiple teams is key to achieving this, as confidence in the project grows due to stronger business case and business-wide commitment to the project long term.
Placing a focus on using legacy infrastructure provides an opportunity for numerous business wins. Digitization can be achieved quickly, without disruption and at a significantly reduced rate. The risks are reduced and return on investment is delivered rapidly by using proven and scalable technologies, offering the chance to release value that can be reinvested into additional technological advancements. Furthermore, with an outcome-led approach, digitization gains the corporate credibility required to further boost investment and create a robust, consistent and sustainable cross-business strategy.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Implementing an IoT program is far from a one-stop purchase. In fact, by some estimates, it can take up to 25 partners to drive a complete IoT customer system.
That stat sheds light on a story defining the IoT space right now — the increasing number of partnerships between information technology (IT) and characteristically operational technology (OT) vendors. Across the board, from GE and Oracle to Rockwell Automation and PTC, global tech giants are partnering with one another, systems integrators and startups to deliver deeply integrated systems that will ease the process of deploying IoT projects.
Why? Because linking IoT and transactional data is the gateway to digital transformation, despite the complexities involved. In a recent IFS survey, only 16% of the 200 manufacturing and contracting executives surveyed said they consumed IoT data in their ERP systems. That enterprise software must help facilitate IoT projects was one of the study’s key findings. But, in fact, it’s doing the opposite with the majority of those surveyed blaming inflexible and legacy ERP software, or challenges in selling the value internally.
Cloud ERP eases IoT integration
In addressing that first challenge, there’s growing recognition that a robust, IoT-enabled ERP system must be cloud-based. Because cloud ERP is built on open standards with open APIs, those with cloud ERP have a significant advantage in integrating data generated by operational technology.
Enabling data access by plant managers and line-of-business leaders alike will unlock the true value of the data generated by things. Enterprise software can automatically operationalize IoT data, issuing work orders when certain equipment conditions are present, scheduling technicians in the field according to their proximity to a call, or adjusting production schedules depending on fault reports and overall equipment effectiveness calculations, according to the IFS report.
IT and OT convergence key to success
Easier-to-deploy technologies, prebuilt integrations, and optimized software and hardware are the keys to deeper IT/OT convergence. But as with most technology projects, it’s not only about the technology. To ensure the integration of software delivers the most value, it’s important to focus on strategies for bringing IT and OT teams together who have typically done their jobs in separate spheres.
The benefits are huge — significant improvements in business and financial performance can be achieved by linking real-time IoT and industrial IoT information to your ERP system.
For instance, traditional ERP systems are missing a critical ability to identify operational anomalies and uncover the root cause. Real-time IoT and IIoT data can help identify anomalies and outliers at the moment — enabling decisions that can have an immediate impact on business processes. For example, if operating efficiency is lower than planned or conversion cost for a specific SKU is higher than targeted, properly configuring IoT and IIoT data with ERP data can help to identify which specific attribute or element of the process had the strongest correlation to the outcomes of interests, i.e., costs, quality, service. This allows for targeted improvement initiatives to be launched and minimizes the impact of variation. Less variation means lower operating costs, higher profits and better attainment of performance objectives. Moreover, integrated IoT and ERP can have a positive effect on the end customer as well, from improved service levels thanks to sensor monitoring or predicting equipment performance to seamlessly accounting for outages or repairs in the billing cycle.
When we have more data, we can use technologies like artificial intelligence to analyze, predict and even automate action. Only then can ERP systems move from being systems of record to enablers — predicting and guiding organizations to be more proactive in their pursuit of performance excellence.
5G will play a critical role for extending mobile connectivity in every industry, connecting devices, sensors and computers with wider and faster connectivity. Yet, until 5G is fully realized, there is no need to wait around. Private LTE networks have become easier to establish with recent technological developments. In fact, many companies are using both the Citizens Broadband Radio Service (CBRS) 3.5 GHz band and 5 GHz bands, along with the LAA band to increase network capacity and speed.
Since the FCC established CBRS in 2015, dozens of companies, such as Arris International and Federated Wireless, have turned in special temporary authority (STA) permissions to conduct their own testing of the band in buildings. Apart from CBRS, the MulteFire Alliance aids in the facilitation of creating a neutral host network. These forms of private LTE can blend previous public LTE benefits into a mechanism where operators, carriers and venue owners easily connect users, devices and enterprise applications more efficiently. Essentially, owners are able to control and optimize their own network.
This new build your own network (BYON) model allows mobile operators to provide access to their licensed spectrum so organizations can establish their own private LTE networks. Additionally, vertical-domain specialists are also offering private LTE- and 5G-ready network solutions through partnerships with established network infrastructure OEMs, such as Nokia and Samsung. Lowering the barrier to entry for private LTE creates the opportunity for enterprises to increase mobility, limiting the need for wired networks and Wi-Fi.
Private LTE empowers customers with the BYON model to run their own local network with dedicated equipment and settings. Those given the right to test their own private LTE networks have the ability to control the network and its performance in instances of traffic surges, configuring for optimal upload and download speeds and keeping productivity high with optimization and tailoring to a company’s IoT applications.
Private networks can offer control over wireless latency and coverage, ensuring connectivity for users while supporting a wider range of applications. Private LTE has multiple use cases, ranging from simple applications such as monitoring and location services; compound applications including asset management and automation; and complex applications like smart cities and smart transportation systems.
Recent reports show the impact private LTE will have on the market in various sectors:
In SNS Telecom and IT’s private LTE and 5G network report, they forecast private LTE and 5G as becoming the increasingly preferred approach for delivery in critical communication, industrial IoT, enterprise and campus environments, and public venues. The overall market will eventually account for more than $5 billion in annual spending by the end of 2021.
Public safety is a sector that will be largely impacted by private LTE, consequently causing it to dominate the market due to nationwide public safety coverage requirements. IHS Markit forecasts that the critical communication broadband LTE market, including private LTE for mission-critical enterprise communication as well as public safety LTE, will reach $2.6 billion in 2020. National governments around the world, particularly those in Europe, are suggesting that companies use secure mobile virtual network operator (MVNO) models to avoid costs related to large-scale LTE networks by pairing private mobile core platforms with commercial LTE for critical communication users.
The national rollout of FirstNet in the United States is based on LTE, demonstrating how private LTE can be utilized in public safety, and how public safety efforts can sustain long-term future growth.
Industrial and commercial opportunities
With the introduction of more smart systems into the market, networks of the past are incapable of handling the diversity of growing devices and the increase in customer requirements. Four and a half million industrial and commercial opportunities and sites are expected to arise in the mining industry, hospitals and manufacturing warehouses, along with military bases. These sites will need the adoption of private LTE to meet their customer and industry demands as the internet of things presents connectivity challenges and requirements, such as mobility, security and low latency in applications like real-time surveillance, remote diagnostics and asset management.
Companies that use private LTE opportunities will continuously increase adoption in the industrial and commercial industry while integrating wireless networks as a complementary tool.
The private LTE market is expected to grow in the coming years, and its regulation and testing will provide a tremendous stopgap while 5G networks are built.
According to research from Juniper, spending on IoT cybersecurity will reach more than $6 billion globally by 2023, which the company relates to massive growth in both the consumer and industrial markets. The research also points to increased government regulations and pushing the need for improved IoT security, as companies strive to avoid fines and other penalties.
This rise in IoT cybersecurity must match the explosive growth rates for IoT devices. There’s a fairly low cost of entry for using connected devices. Manufacturing simple sensors isn’t very expensive, and often provides companies with immediate ROI. This low entry cost means some businesses can dive into IoT without much concern about security features and possible privacy exposure. The potential reward of quick sales overtakes the potential branding or legal problems that might come from a security breach and exposure of personal data.
IoT devices are quickly ushering in a new era for cybersecurity, where the safety and privacy of users is increasingly placed at risk. These concerns must be addressed by manufacturers and governments to ensure the coming “connected future” is bright.
Safety and privacy concerns
The development of smart cities promises better usage of resources and new insights from data, but there are underlying security risks that imperil communities. Hackers could access alarm systems that are connected to various utilities and cause destructive panic and expensive first-responder actions. On a smaller scale, hackers have demonstrated how they can trick digital parking meters to provide them with free parking. On a larger scale, such activity can result in millions of lost revenue. Government organizations will need to work hand-in-hand with IoT providers to assure they properly manage the access of passwords and that devices themselves have built-in security in order to prevent potentially catastrophic attacks.
On the consumer product side, consider the rising use of connectivity technology within children’s toys. Many of these toys are Alexa-like in terms of recognizing the child’s voice and responding accordingly. While these toys are a neat interactive novelty, they pose serious security and privacy risks. Many of the toymakers that introduce items with Wi-Fi or Bluetooth connectivity might not add security controls. This leaves the devices vulnerable to hackers who can steal information and potentially take over the toy’s functions. These toys often auto-connect to wireless networks or applications, so someone could use a toy’s app to link to a device and then communicate directly with the child. And if the toy has GPS capabilities to show location, then the attacker could also track the child’s movements. Photo and video features in toys are another area of concern which can be taken over by hackers, and manufacturers aren’t always careful with how this data is stored and transmitted.
Many of these sensors produce data that relates to actual people and their habits. Smart thermometers and other in-home devices record data about daily actions. Fitness trackers record an ever-increasing amount of health data. In many cases this data is reviewed in aggregate, but it still comes from individual people. IoT makers and the general public will need to work out who ultimately owns this data, and how privacy concerns will be addressed to keep personal information protected and anonymous.
Manufacturers must adapt
As the number of IoT security and privacy breaches grow, manufacturers must turn more attention to protecting data and consumer information. Consumers may start to turn away from connected devices if they cannot trust the maker to safeguard their (and their family’s) data.
Manufacturers must be more accountable and recognize there are certain risks with building internet-connected devices. They need to take ownership over security and make it a company-wide mission to build devices that have the right security measures in place. One of these measures is automatic updating. When many connected devices leave the store they are already outdated and at risk when it comes to the latest attacks. Recalling a device is expensive and requires too much effort on the part of the consumer. Manufacturers must adjust their devices so they update automatically, which removes the customer from the equation and ensures protection from attacks that change daily. Device makers should also welcome bug and vulnerability reports from the tech community. They can offer payments of cash or product in exchange as a reward to those who find these bugs.
The manufacturers and providers of IoT devices must pivot from treating IoT as a novelty and rushing to get products out to the market to a more mature mindset. They need to manage IoT-derived data the same way they protect CRM information, by ensuring personal data is kept hidden away and devices cannot be utilized in dangerous ways by outside agents.
As a technologist, I watch with wonder as the once only imagined transitions into everyday reality — all the while taking part in the fun of making this transformation happen.
For example, a third of the world’s population today walks around with a touchscreen, internet-connected device in their hands, doing everything from payment to dating to entertainment. While smartphones hit the scene just 10 years ago, today smartphones are fundamental to how our world works. A similar revolution is underway in the world of consumer products, with the physical products we buy and use every day becoming a part of the internet of things. Most exciting — this revolution just got a major turbo boost with the newly released GS1 Digital Link standard upgrading the ubiquitous barcode — giving every physical product a web address.
Millions of product manufacturers, brands and retailers around the world make and sell over 4 trillion consumer products each year. All of this production, distribution, consumption and disposal is happening with an incredible lack of visibility into the global supply chain — making it nearly impossible to follow the journey of products, let alone a single product. The result: Brands know very little about what happens to the products they make and sell, where they go and who buys them. Worse, this lack of visibility into the supply chain creates huge risk for fraud, with the world’s counterfeit consumer goods economy now worth over $1 trillion.
Fortunately, the disconnectedness of the world’s physical products, and the resulting massive gap of knowledge, is being resolved with the release of the new GS1 Digital Link standard. With this resolution, come both opportunity and an urgency to shift business strategy to effectively compete. Just as the smartphone changed the business model for so many service industries — how we order lunch, how we access transport, how we get our news — so will the digitization of the world’s consumer products be a transformative opportunity for consumer product brands. Those that move quickly will benefit, and those that don’t will likely fall behind, and indeed potentially fall away.
Every product born digital
Over 90% of the products made and sold every year — over 4 trillion product items — are fast-moving products, including clothing, cosmetics, footwear, household products, beverages, packaged food and the like. The impact of connecting these 4 trillion consumer products to the web is going to truly change our world.
Specifically, the new GS1 Digital Link standard represents an update to the ubiquitous 44 year-old barcode, used by over 2 million manufacturers and scanned over 5 billion times every day at point-of-sale systems. GS1 Digital Link replaces the standard 1D barcode with a QR code or NFC tag and gives a product a web address in a standard format. This upgrade means that every product item can be:
- uniquely identified,
- interacted with by a smartphone, and
- connected to applications and data management in the cloud.
Combining physical products with the new GS1 Digital Link standard and a digital identity in the cloud, such as EVRYTHNG’s Active Digital Identities, allows a single code on a product to drive multiple applications and products are #BornDigital.
A new digital ecosystem
We are combining forces with some of the world’s largest packaging and supply chain companies including, WestRock and Crown in the food, beverage and household goods sectors, and Avery Dennison RBIS in the footwear and apparel market, to create a standards-based digital ecosystem. These partners are producing products #BornDigital, with digital identities embedded as they are made, making it easy for brands and retailers to rapidly deploy digitized products at mass scale.
“The same technology that transformed how retail does inventory will transform the way brands connect with consumers. Today’s consumers expect a shopping experience that meets them where they are — whether mobile, in-store or online. The new GS1 standard means every unique apparel item can be enhanced with our RFID technology and a QR code to support supply chain and direct-to-consumer applications at scale,” said Bill Toney, vice president global RFID market development at Avery Dennison, one of the world’s largest providers of label, tag and supply in the apparel and footwear industry.
Our vision is to grow this digital ecosystem with other partners and service providers in the production and supply chain community. On a mission, we are helping every one of the world’s 2 million-plus product manufacturers very simply add a digital identity to their products — plugging into the connected product world.
“The GS1 Digital Link is a potentially game-changing standard, literally linking every product to the web and the digital ecosystem,” said Sanjay Sarma, vice president for open learning at MIT and a member of the GS1 Board of Directors.
Just as the smartphone is a pillar of our daily lives, impacting how we engage the world around us, we can expect a similar global impact when every physical product is digitally enabled. With this digitization comes efficiency, the opportunity for new business models and the ability to improve sustainability.
I look forward to sharing more insights on the intersection of IoT and product digitization in future blogs, including:
- the transformation of business models,
- the application of product data intelligence,
- sustainability in the supply chain,
- connecting brands and consumers through physical products, and
- new applications driven by a connected product world.
Today’s public cloud offerings have helped many companies deploy their products faster and reduce their own data center infrastructure and capital expenses. These readily available public cloud infrastructures have provided an excellent platform to create a variety of different connected products and use cases that are adapted to customer demand and adjusted to optimize ROI.
However, the public cloud doesn’t always work for every situation, and many organizations require a hybrid deployment model, particularly when it comes to managing connected devices. With Uptime Institute finding that 65% of enterprise workloads continue to stay in on-premises data centers, it’s worth taking a closer look at five key reasons why organizations may want to deploy IoT systems in either an on-premises or hybrid environment instead of solely in the public cloud.
1. Efficient decision-making closer to the point of action
Organizations often want to keep decision-making at the local level rather than sending data to a central office for analyzing and processing. For example, data that might be relevant for one factory site may not be useful to other factories within the organization.
By using either on-premises or hybrid IoT device management systems, it allows organizations to save time on decision-making for insights that do not directly transfer from site to site.
2. Critical infrastructure requires zero disruption and latency
Organizations with critical infrastructure often require the ability to obtain data, update and fix any issues in real time, rather than relying on internet connectivity and management in the public cloud. In these instances, an on-premises system helps keep the organization in control.
Also, on-premises device management provides much faster speed of data connectivity between the devices and the server, reducing latency and allowing organizations to make quicker decisions and updates.
3. Regulations: Rules and parameters that form value
If data protection and processing efficiencies are key reasons behind companies’ on-premises needs, so too are adherence to regulations, put in place for a variety of purposes. These may be government regulations — such as the GDPR intended to secure citizens’ personal data and mitigate threats — or they may simply be the company’s own rules for how they want to play the IoT game.
We should bear in mind that the internet of things is still not fully standardized, and technologically systems may not be compatible with each other, so regulations aren’t necessarily a bad thing. They provide discipline, procedures, rules and guidelines that form value for their stakeholders.
4. Integrating IoT with existing systems
A tangible system that enterprise can physically access allows better integration between their IoT devices and existing applications and infrastructure. This is certainly the case when we compare on-premises options and public clouds, where an in-house IoT device management system allows operators to provide instant access, gain administrative rights to the system, and prevent or mitigate many other problems that may arise without complete control over their system.
Better control over the deployment also creates centralized transparency, provides visibility to all aspects of the system and allows stronger integration with management tools.
5. Data and control in the IoT world
Companies are looking to IoT to unlock and unleash their data — the most valuable aspect of their business. They’re capturing, storing and processing vast amounts of data to transform their businesses with actionable insights that deliver new revenue streams, improve customer experiences and reduce operating costs. For example, a shipping company can use sensors on its delivery vehicles to monitor the engine, speed, mileage and average miles per gallon to quickly determine issues and optimize fuel consumption.
However, companies may prefer that their pertinent data does not drift into the public cloud, where there is more potential for it to be accessible by other companies and competitors. Instead, these organizations can keep the data stored, processed and managed on their own premises, using their own databases, servers and data centers.
The public cloud has transformed the way the world works, allowing operational scale and flexibility. However, many companies are looking for an on-premises or hybrid option for their IoT deployment for security, regulatory, process-control and other reasons.
Having an IoT cloud deployment that includes an on-premises configuration provides companies with the flexibility to decide if their system should run as hermetic — without public internet access — to ensure that their system is more secure, better focused and operating on site.
It’s inevitable that the cycle of the data center will continue, where our processing lives changes with the technology cycles from centralized to decentralized and back to centralized again. Organizations today are still all in on the cloud. There have even been recent extreme announcements which show this to be the case. For example, with Geforce NOW, where games are being rendered on Nvidia GPUs in the cloud and streamed to the home, essentially renting a GPU. Due to the requirements of the internet of things along with expanding needs to have computing distributed, we are likely entering another cycle of computing, moving from a centralized model to an edge connected processing model.
We’ve seen the beginnings of this edge shift from Microsoft, Google and Amazon. The one thing missing from their edge models is the notion of loosely connected or disconnected operations. These systems will need to encompass not only distributed processing (and machine learning or “AI”), but distributed data collection and even potentially distributed data stores to handle the data requirements. Although all of the offerings from these leaders have offline support, the state of synchronized data is not well managed when they reconnect. Analyzing these mega-cloud platforms and looking at their current edge models and architectures and what is missing has made for exciting research. They are ordered here based on market share.
AWS Greengrass is the edge and IoT offering from Amazon. Amazon-managed IoT devices must be embedded devices running Linux (only some distributions supported). There is no native storage in the platform, and it executes Lambda functions written in Java, Node.js or Python. The devices can be managed centrally, allowing for configuration, updates and discovery. For monitoring of the devices, CloudWatch or local logs are supported with limitations. For example, if the device is offline and using CloudWatch logs, the data would be lost, making troubleshooting impossible.
Microsoft Azure IoT Hub can run business logic and machine learning on the edge. Microsoft has also included the ability to use SQL Server on the edge, but the SQL server must be provisioned, deployed and managed just like any SQL Server. Both the software and the SQL Server are deployed in a container, increasing the flexibility of the platform. The SQL Server data is not automatically replicated, which means code is required to allow for replication and synchronization. Since all of the edge code runs inside a container or containers, it also must be managed by Azure Container Registry or Docker Hub. The business logic can be in C#, Python, Node.js or C. Microsoft also supports Azure functions, specifically for machine learning use cases. The system can be deployed on Windows or Linux devices. There are several platform services to handle use cases around time series, mapping and machine learning. Microsoft has spent less time on managing the endpoints (things) and operating systems, but instead focuses on and above the container layer.
Google’s IoT solutions are vast, including a wide array of technologies addressing IoT and edge computing. Google IoT core lives in the cloud, collecting data from things running Linux or AndroidThings which are running the Cloud IoT Edge offering. Cloud IoT Edge is in early access, so no testing was done nor was documentation available. The language support is not entirely clear due to the lack of docs. The newest member of Google’s portfolio is Edge Tensor Processing Unit (TPU), which is a custom-built silicon chip designed to extend Google’s cloud-based Tensorflow and Tensor Machine Learning to the edge. The edge offering is in early access, but the Cloud TPU has been out for some time. Google does not have a system which can be easily tested at this time, but it does have a precise model and strategy beyond what Microsoft and AWS are doing today.
So, clear bets are being made by the cloud providers, but none of them have the experience of manufacturing or industrial devices, so contrasting these cloud providers with a couple of the better-known manufacturers moving into software and IoT is also interesting.
GE’s Predix platform has a similar model to Google where there are Machines, which are the edge, Predix Cloud and applications. Predix Cloud is based on the Open Source Cloud Foundry and runs Java applications. Similarly, the Machine is a Java application, but can also run code in C++ or Python. It can also run inside Docker to make management easier. GE, similar to the other cloud providers, has common platform services for geolocation, telemetry, machine learning and security. Predix does provide the PredixSDK Database NoSQL database on the device for disconnected data access, and provides PredixSync to get the data synchronized. There does not seem to be offline support for anything aside from the NoSQL component.
Bosch’s IoT platform is built on top of the open source Eclipse Hono with API-level compatibility, and the data can only flow from the devices via HTTP or MQTT. The Bosch platform consists of several cloud-based services, but does not have many or any edge capabilities. It does not have offline operational modes; hence the platform seems more limited as of this writing.
Although there are many other players with IoT technologies, they are missing an exact edge offering. The contrast in approach from native cloud providers from those who moved to the cloud is exciting to observe and analyze. As these industrial players continue to evolve, we shall see if they can best the native cloud providers with specific expertise or if the cloud providers have too much of a scale and platform services advantage keeping them ahead. Only time will tell.
Cryptojacking has become a growing concern. Cybercriminals aren’t satisfied with the available supply of vulnerable servers and PCs to hijack in order to mine their favorite cryptocurrency. So, they have added another rich source of computational horsepower to their arsenal: IoT devices. Media devices are especially attractive targets due to their use of powerful GPUs combined with lax home security. And because they tend to always be powered on, there is a lot of downtime that can be exploited without detection.
The real challenge, however, is the risk that these compromised devices pose to business. Protecting today’s threat landscape has been complicated by the anywhere, anytime nature of work. Employees working remotely or on the go introduce additional threats to the network because their work devices often run on the same networks as their compromised IoT devices, with many of the apps running on their home entertainment systems linked to the same apps on their laptops, tablets and smartphones.
Data from the latest “Fortinet Global Threat Landscape Report” reveals that 23.3% of surveyed organizations saw cryptojacking malware like ZeroAccess (one of the top botnets for Q2 2018) in their networks. Many of these botnets spread to business networks via devices that were often originally infected in a compromised home network. This growing trend has serious implications for security strategies. To combat this latest attack vector, organizations need to quickly and effectively extend corporate security to employee devices when they are not in the office.
The Mirai botnet lives on
The Mirai botnet warrants mention because it continued to have an impact on the threat landscape in Q2, nearly two years after its first appearance. The Mirai code was made publicly available shortly after its premiere, and some of Mirai’s variants include significant modifications, such as the ability to turn infected devices into swarms of malware proxies and cryptominers. New variants have also added multiple exploits to their arsenals, allowing them to automatically identify and target a wide range of unpatched IoT devices without needing to communicate back to a C2 controller for an update. The Wicked bot, for example, is loaded with a variety of known and available exploits, many of them already being quite old. In spite of this, these exploits remain effective due to poor patch-and-replace security hygiene practices at many organizations and the unpatchable nature of many IoT devices.
Hide ‘N Seek (HNS) is another, and it might be the first in-the-wild malware to actively target vulnerabilities in home automation systems. HNS is an IoT botnet that communicates in a complex and decentralized manner, using custom-built peer-to-peer communication to implement a variety of malicious routines. While it initially just targeted routers, IP cameras and DVRs, the latest iteration of HNS now also targets cross-platform database systems and smart home devices.
HNS managed to evolve to this point due to the availability of the open source Mirai code to malware developers. While HNS was built using code from Mirai, it has been aggressively adding exploits and targeting more platforms and devices to increase its propagation scope. Adding freshly released proof-of-concept exploits to its arsenal increases the chance that it will also be the first to infect these vulnerable devices.
Segmenting for security
One of the reasons that attackers are targeting home-based media devices with cryptomining malware is because many of them use powerful GPUs to decode and transcode content in high-resolution formats. These IoT devices are also not only always on and connected, but spend most of their time idle, making them an ideal target for continuously mining crypto malware. Making matters worse, the interface for many of these devices can also act as a modified web browser, with all of their inherent vulnerabilities, such as granular remote control and communications and the ability to spread more effectively using things like P2P connections with other devices.
Because of this growing risk from home workers, as well as those employees who increasingly bundle their work and personal apps and data onto their devices, segmentation is increasingly important for devices that connect to both home and enterprise networks. One way that security teams can extend protections out to these endpoint devices is by ensuring that home networks are segmented from machines that connect back to the office through a VPN.
When countermeasures fail in one part of the network, segmentation protects other areas from being compromised. Segmenting the network and devices should address risk management functionalities such as:
- Identifying risk: Users, data, devices, locations and threat intelligence feeds, along with a host of other criteria, need to be used to identify threat categories and assess risk in real time.
- Managing policies and devices: Seeing all devices and their related activity, including IoT devices, allows IT teams to appropriately set policies to manage risk across the network.
- Exerting control: Organizations can better control risks from a policy standpoint by treating those parts of the network that interact with IoT devices differently.
- Managing access: One of the most critical risk management tools provided by segmentation is the ability to impose strict access controls based on user, role, device type or even applications. As devices either initiate a new network connection or as traffic or applications attempt to cross network segments, access control combined with inspection helps establish secure perimeters around critical resources by identifying and preventing the spread of malware such as cryptojacking.
While IoT offers limitless potential for transforming all aspects of daily life through connected intelligence and services, these benefits don’t come without inherent dangers. IoT has radically expanded the potential network attack surface of many organizations, and cybercriminals have begun to capitalize on this by creating increasingly sophisticated exploits that target and take over IoT devices. As a result, cryptojacking is now a common form of infection, often spread by employees working from a home network that includes compromised IoT devices. Securing the network against these threats involves user awareness training on potential threats, providing effective endpoint security, inspecting VPN-based traffic and segmentation so that IoT invaders can’t access the entire network.