Almost daily we hear about face recognition. From the contested accuracy of Apple’s FaceID on its latest iPhone to testing by NIST or even apprehension at the ACLU, there are numerous active discussions. As a technologist and entrepreneur involved in the biometric space for over 20 years, these discussions often become simplified to the point of being potentially misleading. I feel compelled to weigh in because the waters have been somewhat muddied around the value that accurate face recognition really can provide in 2018.
For perspective, machine vision has been evolving for several decades. Many consider the father of facial recognition to be a mathematician named Woodrow Wilson Bledsoe who developed a system to classify photos of faces using what’s known as a RAND tablet nearly 60 years ago. This device let people input horizontal and vertical coordinates on a grid using a stylus that emitted electromagnetic pulses as a way to capture and register a facial profile.
Fast forward to 2018 and we are seeing lots of face recognition use cases gaining traction, from accessing mobile devices to identifying people by the police.
This is all good news, as face recognition — and particularly a more accurate version that provides true face authentication — has the ability to improve our daily lives without invading our privacy. What gives me pause is that many of these articles promoting a technology meet narrow and specific research-oriented criteria rather than demonstrating systems in real-world use cases. They often get great press, but are disconnected from how face authentication can deliver value along with preserving people’s privacy across a myriad of potential applications. When the in-field pilot trials fail, it generates a lot of confusion, mistrust and false perceptions. Just look at the recent ACLU test with Amazon’s online face recognition technology.
As another example, Shanghai-based company Yitu Tech recently achieved a notable success in what is called the Face Recognition Vendor Test, a competition conducted by NIST. While impressive based on the limited set of conditions tested, a careful read reveals the best test results are done using mugshots and visa pictures — under controlled lighting conditions and with views of tested faces. Even the “in the wild” data set is far more controlled from a lighting and position perspective than is possible with the view of a tested face in the real world.
These evaluations were conducted in a highly controlled environment that is great for academia, but this approach has limited predictive ability when it comes to trying to verify live people under many real-world conditions. For pragmatic simplicity, this type of testing does not take into account many critical factors that impact accurate face authentication results, such as lighting, motion artifacts and physical position relative to the camera to name just a few. For highly controlled conditions, such as recognizing someone at a passport machine, this might be fine.
In many respects, this testing is an exercise in “fun with numbers.” The results focus on false match non-match rate or FMNR, also known as the false rejection rate, which is of limited practical use given the fact that the tests were conducted in highly controlled conditions.
While some may get excited over these types of test results, I am passionate about the fact that in the real world, face authentication is poised to initiate a whole new paradigm for secure, frictionless and convenient interactions while creating practical new markets and supporting innovative applications. To do this, you need more than just great FAR (false acceptance rate) and FRR (false recognition rate) scores. You need technologies that work in all the environments that it is being asked to perform in. This often requires critical supporting technologies such as 3D recognition and authentication to accommodate the challenges of real-world conditions.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Machines are increasingly taking over tasks traditionally conducted by humans, often working independently to improve business productivity. But if we want our security measures to keep pace as more and more machines come into existence, we need to be able to reliably determine which machines should be trusted and which shouldn’t.
In order to identify the trustworthy machines, first we must, well, give them identities. In the recent past, this wasn’t necessary. Tom’s hammer or Joe’s plow didn’t really need to prove they really were what they appeared to be. But then things turned digital and now we have all sorts of devices — from cars to wireless routers to medical devices to home and industrial IoT components — making autonomous connections and making machine identity suddenly very important.
One of the most secure ways to establish a machine ID is by assigning a unique certificate or key to it. This identity is then checked against a central authority each time it connects to the network in order to establish a chain of trust. It’s sort of like when you cross the border and an agent scans your passport. You get permission to cross only when your passport details are checked against a central authority that validates your “key” or identity, confirming you are who you say you are.
The challenge with assigning keys to every single machine is that there are so many of them, and their numbers are exponentially growing. When organizations start to accumulate keys, they need to be able to keep track of where they are stored and who controls them. They also need to rotate the keys periodically and revoke keys when machines are decommissioned in order to maintain good security hygiene. In short, key management becomes a very serious undertaking.
Staying on top of this is tremendously important. Recent data breaches have demonstrated that hackers can compromise machine identities to conduct an attack either by stealing a trusted identity to get onto a network, establishing a fake identity of their own or, in the case of an unsecured network, get in without one at all. The infamous Target breach was a great example, where the attackers compromised machine identities associated with an HVAC system at a facility in Texas and used those credentials to gain access to a part of Target’s network where customers’ credit card information was stored.
Despite all the challenges, it’s not impossible for security teams to keep pace with the ongoing rise of the machines. They just need to apply the same foundational components that they would in other types of information security — confidentiality, integrity, availability, accountability and auditability. Issuing machine identities securely is the crucial first step for executing on these concepts and ensuring that a secure foundation is in place for IoT.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Nearly every week, we hear about a new cyberattack or security breach. In fact, more than 1.7 billion identities have been exposed in data breaches in the past eight years. As the world becomes increasingly interconnected, organizations become susceptible to more risk. While IoT presents new opportunities, it also creates new security risks that enterprises must address. Having a high number of new endpoints due to IoT requires an increased focus on security.
As organizations accelerate their digital transformation plans and processes, many companies will choose to stop updating or supporting old versions of their software, exposing themselves to cyberthreats, system failures, increased costs and future planning limitations.
On top of increased emphasis on advanced technology and systems, organizations are now accountable for protecting, structuring and identifying data, and complying with new regulations like GDPR. Preventing hacks and managing technology risk can be a challenge for organizations of any size. The consequences of technology hacks can be detrimental, with organizations facing legal liabilities, penalties, costs and fines, not to mention the impact on brand reputation. Luckily, there are easy steps organizations can follow to successfully manage IoT security and assess risk in the enterprise.
Avoid technology obsolescence
Actively assessing the technical fit of applications is one of the first lines of defense when taking steps to prevent risk in the enterprise. Technology obsolescence can be one of the biggest factors that leaves your organization exposed to hackers and outside threats. Unfortunately, many companies do not know the true lifecycle of their technology and software, and fail to run updates which leads to risk. Many enterprises run on complex, legacy technology and applications and ignore the risks of end-of-life technology. The technology risk for applications and business capabilities needs to be evaluated based on the underlying IT components. By identifying underlying IT components that are putting applications at risk, you can mitigate those threats to security. Regular and frequent software updates re-engage existing users, fix bugs or issues, and patch problems before hackers can exploit them. Using a dashboard to track and assess the risk of your organization’s application landscapes and IT components is an easy way to plan and manage lifecycle information and retire technology in the enterprise as needed.
Up-to-date technology product information is a critical and efficient resource for enterprise architects to assess internal technology risks. Setting up a basis to manage and automate updates and application lifecycles through a standard catalog provides a single view of vendor and application information, which can help enterprise architects visualize and proactively update and prevent technology obsolescence. Using up-to-date and easy-to-read reports, enterprise architects can quickly analyze the business impact of each application and understand the severity of risk, should an outage or breach occur. Understanding the impact and dependencies of each application can help determine when and where risk lies.
Determining how device networks will communicate, how data will be processed, which applications or systems to invest in, and which teams will oversee IoT endeavors will be vital to managing IoT risk in the enterprise. IoT generates massive amounts of data, and organizations must be prepared to maintain the high-volume influx. From devices to cloud platforms and analytics platforms, transparency throughout the infrastructure is critical to connect to all data, process it and deliver relevant pieces to the business owners. Microservices enable organizations to quickly deploy, maintain and account for the volumes of data that IoT brings, while breaking down silos.
The demands of IoT alone would slow any monolithic architecture to a snail’s pace, dealing with integrations of heterogeneous connections, devices, applications, sensors, protocols and servers necessary for an enterprise to digitize in the age of IoT. Not only are microservices a cost-effective solution for enterprises, but they enable agility and innovation separate from monolithic, legacy architecture. With applications being developed and deployed independently, enterprise architects can also easily maintain each lifecycle and the security of every application. Microservices help organizations better pinpoint internal bugs and areas of vulnerability, and quickly patch and revamp without shutting down the entire system of a monolithic architecture.
Firm up physical and digital security processes and standards
Ensuring end devices and physical technology are safely stored is a simple step to protecting your organization from curious minds who want to tamper or tinker with new hardware devoted to IoT endeavors.
On the digital side, there are several measures that should be taken to combat risk, including deploying firmware updates to every IoT device, as these updates may contain important security patches that protect your organization from unauthorized access. Assess the security and strength of your authentication process when it comes to accessing IoT devices in your network. Avoid using default logins and simple passwords that hackers can easily guess or steal to manipulate your IoT devices. Strengthening authentication processes and implementing firewalls in order to limit access and better monitor devices is an important layer of IT security and key to risk prevention.
From a network perspective, consider isolating your IoT devices using virtual LANs, routing or creating separate networks for devices to run on. Secure data by deploying end-to-end encryption, protecting it as it crosses the network and while it’s stored on the back-end server. If embedded IoT devices cannot perform natively, use infrastructure techniques such as encrypted tunnels to properly secure data.
Create a plan
Even with the most stringent security protocols in place, breaches may still happen. Creating a plan for how to respond is quite possibly the most important step of all when preparing for and being proactive when it comes to managing risk in the enterprise. Having a plan in place will ensure your team knows what to do in the event of an IoT security breach, and can ensure things don’t get worse in an emergency situation.
Such a plan requires transparency and accuracy about what you have regarding applications, processes and IT components, as well as their relation to each other and their context to projects, user groups, business capabilities and services offered by IT or any other department — and this is exactly what we bring to the table.
In a world where it’s nearly impossible to avoid digitization, IoT is uncovering opportunities and insights at an unprecedented pace. As organizations eagerly adopt new technology and applications, it’s important to ensure your enterprise architecture can handle the demands of IoT and that there are protocols in place to provide total data security. Being proactive and preparing can save organizations from paying the price — both financially and in loss of consumer trust — when it comes to security breaches.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The internet of things has advanced technology in many global industries, but one sector in particular that has benefited from IoT is healthcare. Global study, “The Internet of Things: Today and Tomorrow,” published by Aruba, a Hewlett Packard Enterprise company, found that roughly 60% of healthcare organizations have already introduced IoT devices into their facilities.
Healthcare industry leaders are using IoT for patient monitors (64%) and energy meters (56%). The results are already very positive, with 57% of respondents noting increased workforce productivity and 57% saying IoT helps save costs.
As more healthcare facilities invest in IoT upgrades, it’s interesting to note the improvements felt by patients, providers and stakeholders alike. Furthermore, IoT is bettering individual health through IoT apps and monitoring that give people more knowledge and control over their daily health. Here’s a look at how IoT is revolutionizing the healthcare industry as a whole, from hospital upgrades to at-home apps.
IoT launches smart hospitals
A smart hospital uses connected assets to improve maintenance, procedures and capabilities. Though many hospitals have not yet upgraded their technology, it’s likely that the next five years will see the launch of many smart hospitals around the world. Connected assets improve the functionality of all hospital equipment. Maintenance managers’ jobs will be much easier as they can remotely monitor the hospital temperature, humidity and air regulation.
Managers will also have access to predictive analytics, which means far better regulation of all machines in the hospital. For example, if something happens to an MRI machine in a hospital, it can mean delays for patients that do not have time to wait. Predictive analytics means managers can fix a problem before it happens.
Smart beds will be able to monitor a patient’s blood pressure, temperature, heartbeat and more. This technology can ease the burden off of already overworked nurses who continuously monitor this information. If there is a sudden change in a patient’s vital signs, an alert will be sent to a supervisor who can regulate the situation.
Connected wearables automatically track patients
One problem healthcare providers often face is understanding what happens to their patients after they are discharged. Patients have to come in for multiple follow-up visits and report any incidents, feelings or problems after they leave the hospital. Wearable technology can make this much more manageable for both patients and healthcare providers. For example, a wearable device can measure a patient’s heart rate, blood pressure, temperature, breathing and more, which can then be tracked remotely by doctors and nurses. If a patient is having breathing problems, an alert can be sent to the person monitoring the device, who can then take necessary action, such as sending an ambulance. Imagine the implications of this technology for elderly patients or patients who live alone.
Wearables mean that patients do not need to go to the hospital when it’s not necessary because doctors and nurses can track progress remotely. This allows hospital staff to work on more pressing and urgent cases. Furthermore, when the patients do go to the doctor for a follow-up, staff can review data collected by the wearable for an accurate diagnosis.
IoT revolutionizes patient data collection and records
Connected devices mean endless patient data collection. Imagine a patient in a smart bed — the amount of data that medical staff can view will be extremely useful and recorded automatically. Again, electronic, connected records help nurses because it means less time chasing down information on each patient. The data collected from the patient’s wearable device can also be stored safely in their electronic health record, making diagnosis easier when all information is in one place.
Individualized health assessments
Patient care will completely change over the next five years, but what’s also changing is that now individuals can improve their health themselves with accurate assessments. Many apps have sprung up to give people more control over their health.
Sleep apps monitor sleep cycles to make sure everyone gets enough rest. Fitbits track exercise routines to help people stay in shape. Calorie planner apps help with meal preparation, with many apps offering a tailored nutrition plan so individuals know what to eat and what foods to avoid. On the horizon for the individualized experience are ingestible cameras and internet-connected sensors that can monitor whether or not patients are taking their medication.
A bright future for IoT and the healthcare industry
By 2019, 87% of healthcare organizations plan to implement IoT technology, which is slightly higher than the percentage of businesses that plan to implement IoT by this time (85%). Connected technology can revolutionize the industry and generate products, such as smart inhalers, smart pills and more, all of which will help individuals become healthier. Multiple stakeholders, and especially patients, will all benefit from the expansion of IoT in healthcare, which is why many are looking to invest in this sector.
Pharmaceutical shipping is a particularly compelling application of IoT technologies because of the special challenges and stringent regulations involved. Pharmaceuticals have special requirements with regard to temperature, making precise control critical during transport. An increasing array of pharmaceutical products requires cold chain transport, including all vaccines, many drugs and a significant proportion of biological samples and diagnostic tools.
Most vaccines require storage temperatures of 35 to 46 degrees Fahrenheit and lose potency or physically change after exposure to excess heat, cold or if they are left out too long. Over the last 20 years or so, new vaccines have emerged with different temperature requirements that make their storage even more complex. The potency of most vaccines can be affected by heat during transport or storage. In many cases, vaccines that are shipped to third-world countries are rendered useless due to heat exposure. Patients who have been injected with spoiled vaccines are actually put at greater risk, thinking that they have been immunized when they have not. Some vaccines are more sensitive to heat than others.
Heat is not the only environmental condition that can affect these types of medications. A number of vaccines must also never reach freezing temperatures, especially those that use adjuvants such as aluminum. According to the World Health Organization, between 75% and 100% of vaccine shipments are exposed to freezing temperatures. When a vaccine is damaged by freezing, its loss of potency is permanent and cannot be restored.
These requirements are supported by comprehensive, often global, regulations governing the handling, shipping and packaging of medical products. Deviation from temperature, light, humidity and other prescribed conditions can result in significant fines for noncompliance in addition to the loss of effectiveness of the products. This challenge is especially acute in small or personal shipments from a doctor or medical facility to one specific patient. Depending on the distance, the shipment might travel via several transport modes handled by different logistics companies, including small companies or independent contractors during the last-mile segment of the shipment. It is especially difficult and important to ensure and record the correct temperature when a shipment is handed off from company to company or from mode to mode.
The addition of a smart sensor tracking device enables the shipment itself to provide visibility into its whereabouts and environmental condition. The key benefit of always-on, real-time data is that it validates the unbroken integrity of proper temperature control from point of origin to destination or patient. Smart IoT devices continuously log data and transmit it via a cloud-connected gateway to enable shipper and logistics partners to make decisions while the shipment is in transit and save time from having to download the information after it has reached its destination. Power requirements can be low, as the devices can communicate via Bluetooth or another low-power network with cloud-connected gateways on a truck, shipping container or other conveyance. The gateways collect and process raw data compiled into actionable reports or send alert notifications to the carrier and its partners.
Regardless of transportation mode or carrier, adding real-time visibility into individual pallet or package shipments using IoT technology allows shippers and customers alike to monitor the location, condition and predicted arrival time of important and sensitive cargo such as pharmaceuticals. When shared among supply chain partners, this information empowers collaboration that helps improve shipment efficiency, optimize operations, lower costs and ultimately provide superior customer service.
Ask any company these days if they are making the internet of things a priority and a clear majority will answer with a resounding yes. Ask them exactly what they are doing to make it a priority and the answer gets murky.
It’s an interesting phenomenon and one that foretells a growing problem. The IoT industry is so overhyped these days that virtually every company claims association to it; far fewer have found a business case with repeatable economic benefits that customers are willing to pay for. But that’s exactly what needs to happen for companies to rise above the IoT white noise and plot a course to business success.
And that begs the question: How does a company make the leap from just talking about IoT to deploying IoT products that consumers want or need? As it turns out, it’s not that easy. Here’s why. Often, the decision to pursue an IoT product strategy is made at a management level. As that desire filters down to engineering, however, it takes on another context altogether and therein lies the problem.
Many research and development engineers don’t consider themselves IoT designers. For most, IoT concepts weren’t part of their educational lineup. Instead, what they learned in college, and perfected in the workplace, was how to design widgets of all shapes, sizes and functionality. So, when they get a mandate from management that their widget now needs to communicate wirelessly with other things, they don’t necessarily consider it an IoT device. To them, it’s just a new design requirement.
This disconnect over modifying a widget to communicate wirelessly versus designing a fully functioning IoT device is a crucial misstep and a potentially costly mistake.
Virtually any mundane item can be converted into a wirelessly connected device. Creating one to stand the test of time and onslaught from competing products is much trickier. To make devices “smart,” advanced technologies must be utilized and that introduces complications. A radio must be added to the device to enable its communication, and it must be able to send and receive information. The device must work in an environment with other devices sending and receiving information at the same time, and potentially interfering with its communication. It may even have to operate unattended for long periods of time. Standards must be considered and industry regulations complied with.
The device’s operation in the real world must also be carefully thought through and optimized to avoid issues — a prime example of which is a smart oven (see the Figure). What happens if there is interference from an unintended source, or if its communication circuitry generates unintentional electromagnetic interference? The oven’s operation might be compromised or behave in an unexpected or even hazardous manner. What if its communications function is not properly secured? A cybercriminal could easily exploit this vulnerability to take over the oven’s operation or, worse yet, gain access to the home’s secure network.
Suddenly, creating a device that wirelessly connects to things becomes a highly complicated undertaking. It’s one that demands complete company alignment, starting with management and trickling down to the engineers, and it requires a great deal of heavy lifting. That heavy lifting is essential for any company wanting to do more than just add to the IoT hype.
For any company looking to make that transition, here are five helpful tips to start you down the right path:
- Learn what you don’t know. Fully research and understand the market where your product will play. Who are its consumers and what are their expectations? Are there any specific design requirements that must be met? What do competitive offerings look like and are there any gaps between the functionality they deliver and what consumers want or need?
- Create a strong IoT foundation. Ensure management’s IoT goals and the engineering team’s understanding of those goals are fully synced. Make sure all parties are aligned on the nuances of developing an IoT product and how it differs from previous products the company developed.
- Build a strong team. Make sure the development team is staffed with the right skill sets and ensure each designer has access to critical training and IoT educational resources. Designing a widget that connects to the internet does not make someone an expert in developing IoT products. Consider hiring IoT-specific designers if needed.
- Utilize the right design and test technologies. Choosing a technology because it has a low price often costs a company more in the long run, especially when discovery of bugs during manufacturing or product recalls are concerned. Instead, look for precision systems with a range of functionality that can be scaled as needs change. Precision measurement can make all the difference between, say, a battery that runs days versus hours on a single charge.
- Ask for help. You may not have the IoT expertise you need in-house to tackle an IoT project and that’s okay — if you aren’t afraid to ask for help. A trusted test and measurement vendor can be a great place to start. To develop tools to test IoT, they’ve had to be intimately involved in the IoT industry, the various standards bodies and industry organizations. Their expertise and insight into how to avoid common IoT development mistakes can be a huge boon to your efforts.
Despite all the overhype, IoT is clearly not going away. It would be a mistake for companies to think that succeeding in this market requires little more than ensuring their products can wirelessly connect to things. Developing and deploying IoT products that consumers will pay for requires hard work. That work must start with building a strong IoT business plan that’s supported by the right ideas, people and tools.
The purpose of bringing industrial-connected equipment to market is to embed your products and services inside the customer value chain and break the spiral toward hardware commoditization. To accomplish this goal, you must first understand each link of the chain, mapping the requirements, skills and constraints of each actor from development and delivery through to sales and consumption.
In many cases, this mapping activity will touch actors in the value delivery chain with which your company has not previously had a direct relationship. How will you determine the appropriate levels of investment and capabilities required at each system layer to ensure each actor has what they require from the beginning, avoiding costly rework and market failures after your production release?
Over the past decade, Bright Wolf has helped some of the largest companies in the world to understand and solve these and other challenges of industrial IoT and connected product systems.
Using heavy machinery human-machine interface (HMI) development and operation as an example, there are likely to be the following roles:
- Software developer
- Internal engineer
- Machine system integrator
- Service technician and dealer
- Owner and operator
At each level there are more individuals, starting with the core development team and ending with the individual consumers of the products produced. When you combine the roles by size and activities by frequency into a single chart, you will see clear patterns emerge for guiding your product strategy.
Right away this tells you there will be a lot of users wanting specific layouts and display widgets on their HMI dashboards. If you don’t build in the ability for individual owners to easily configure their own screens, then either your small team of software developers is going to be incredibly busy following up on support tickets to make necessary code changes for each HMI operator — or your product is going to fail in the market due to a fixed one-size-fits-all user interface that nobody wants to buy.
On a related note, there are certain configuration changes that your service techs and dealers are going to need to be able to make that end users should not be allowed to access. How are you going to restrict different levels of configurability for your equipment in the field? This ability to enable or disable functionality based on user role (and the methods for properly authenticating each user) must be part of your overall system architecture or this simply will not be possible. IoT product managers must plan accordingly and include this as part of the initial specification and requirement documentation, budgeting for sufficient development resources to accomplish these tasks.
We’ve seen another scenario occur in connected product systems that is equally problematic if not accounted for upfront. How will the system enable customers to configure I/O during installation? In these situations, manufacturers typically include a set of open I/O ports in addition to an initial set of supported sensors, such as humidity and altitude. When new data types are desired in the future, for example, temperature or vibration, operators are able to plug the appropriate sensors into these channels and begin immediate collection — at least at the physical level. Critical information will be lost, however, unless the digital system has been architected to accept, pass along and process this new data and its associated configuration.
Beyond this, the architecture will also need to account for displaying these new values inside mobile apps and web applications. While new data types as a concept may be anticipated, the specific types of data are unknown until the customer identifies a new requirement or opportunity. Therefore, the architecture must allow for system operators to configure the application user interface and data reporting after deployment. Otherwise, the new sensor values may appear in the list of metrics for each asset in the field, but with fixed, unhelpful names like “DataPoint8” and “Item9” with values shown in generic number formats that must be deciphered manually.
The specifics around how much configuration to make possible for actors at each point in the value chain will vary across industry verticals and the products themselves. IoT product managers must consider all of the actors involved in creating, operating and using the system from end to end so they can provide sufficient specifications for the IoT development teams designing the system architecture. Each actor must be well-understood upfront — their requirements, goals and the tools they’ll need based on their likely skill sets — in order to deliver a commercially successful connected product system.
In my last article, I discussed how the onslaught of billions of connected devices coming in the next few years necessitates the creation of a naming structure which can accommodate the eventual shift toward IPv6 addressing.
The internet of things in general will drive the adoption of IPv6 on a wide scale. According to a Gartner report, 25 billion “things” will be connected to the internet by the year 2020. With this many new IoT devices entering the market each year, connectability — i.e., allowing network-connected devices to “speak” to each other — is vital. In this article, I’d like to expand upon that concept and offer some predictions for how IoT will evolve in an IPv6 internet environment.
Every device will have an IP address. Currently, we have enough IPv6 addresses to give every human in the world 65 million addresses of their own. This is one of the main reasons why IPv6 is such an important innovation — it gives IoT products a platform to continue operating on for a long time.
What people might not realize is that IPv6 has been around for 20 years. What brought it more to the forefront more recently was the need for additional security measures. (IPv6 is natively ready for IP security. More than a namespace, IPv6 offers a way to securely transport data natively versus with an additional protocol.) Recently, many enterprises and service providers have doubled down on IPv6 for this reason. You might compare this sudden adoption to that of air bags being added to vehicles. General Motors tested air bags in vehicles as an experiment in 1973. It wasn’t until the 1990s that they became mandatory. Why? For people’s security.
An average home router gives the user about 255 addresses within namespace. All devices that are talking within the home network use the same IPv4 or IPv6 host address to get to the internet. As the name implies, the router is responsible for routing traffic within the network to the appropriate devices. A home router is the gateway to all the devices within the home, and the business router is the gateway to all devices within the business.
Although IPv4 addresses will continue to work, what may eventually happen is the notion of the home router will go away. Devices might not rely on a local area network for internal addressing, but rather have their own connection to the internet. Local management of the devices might operate more like a mesh network within the home where all devices can communicate to one another — along the lines of what software-defined networking has done in other areas of networking. For the thermostat to “talk” to the smartphone, the smartphone must know the thermostat’s address. These types of technologies and connection requirements will make IPv6 more necessary.
The domain name system (DNS) will become more relevant in the world of IPv6 because no consumer, no matter how tech-savvy they are, will want to remember every address of every device in their house. Think of DNS as serving a role similar to that of a password manager which helps a user keep track of all their passwords. The trends we see today will take on new and interesting forms as IoT becomes more pervasive and as we gain more devices to control. Again, we can compare the current state of technology to what was happening in the ’70s and ’80s when there were many personal computer players, and new iterations of hardware, software and operating systems. It took Microsoft and Apple to step up and say, “this is what we’re doing” to move adoption along in a standard way. Right now, no one is ready to say when exactly we’ll cut over to IPv6 exclusively.
When someone figures out how to license IoT, and its protocols, they’ll be the next titan of industry. But that’s more challenging than it was in the era of the PC and Mac. The first word letter in IoT stands for internet, which is owned by no one and everyone at the same time. For the first time in history, we have a protocol not owned by any one person, entity or organization, and we’re using it to power devices that we never could have imagined having remote access to. Who would have thought we’d be able to start a car from 35 miles away, or set a home thermometer from another state or country?
The golden age of computing has evolved from hardware to software to online, and it’s only going to get more amorphous. What was merely a hobby has become a business necessity in five years. The internet turned a purpose-built machine that did specific tasks into a much more widespread, general-purpose machine that could do many things. Charles Sun, technology co-chair of the U.S. Federal IPv6 Task Force, said, and I agree, “Without the extensive global adoption and successful deployment of IPv6 as the primary version of the Internet Protocol, the IoT won’t be possible.”
The continued growth of the internet of things and connected devices (Gartner predicts a total of 20.4 billion connected things in use worldwide by 2020) has resulted in an exponential growth in data — with a promise to make appliances smarter, processes more efficient and life, in general, easier. While this massive generation and collection of data certainly has its benefits, easy access to data also comes with increased vulnerabilities — unsecured IoT devices pose serious risks to personal and corporate information.
Securing IoT devices is challenging for several reasons. A rapidly increasing number of gadgets are becoming smart devices, and as manufacturers roll out new products more quickly, security can be given low priority as the focus is on time-to-market and return-on-investment metrics. A lack of awareness among consumers and businesses is also a major obstacle to security, with the convenience and cost-saving benefits of IoT tech appearing to outweigh the potential risks of data breaches or device hacking.
For years, consumers and businesses alike have been obsessed with securing computers and smartphones. But in reality, those devices are less at risk than more simplistic connected items. PCs and smartphones, while penetrable, benefit from over a decade’s worth of security developments and regular updates to guard against new threats. The requirement to protect sensitive data that was stored on and/or transmitted through PCs and smartphones was recognized early. However, certain connected devices, like a children’s toy that can be linked to an interactive smartphone or PC app, may not be equipped to deal with the same standard of threats because they are not necessarily associated with handling the same type of information.
An unsecure connected toy, though, poses an entirely different sort of danger than hacking into a computer. Malicious hackers could use these toys to gain access to the home’s internet or communicate with and even physically harm children. While it’s an unlikely scenario, it is nonetheless important for parents to be keenly aware of the security and data collection methods of their children’s favorite toys.
A blessing and a curse
The internet of things promises more freedom and functionality for businesses than ever before, with the technology being used in sectors like supply chain, transportation, logistics and healthcare. Eventually we could see almost every home device connected to the internet — with either explicit broadband connectivity or “behind the scenes” data collection used by enterprises as part of their managed services models, which can be incredibly valuable for businesses. Much like the children’s toy example, most IoT devices can serve as entry points into a home or corporate network, exposing families and companies to significant data breach risk. For industrial IoT, those entry points can provide hackers with access to private servers, which is problematic given 80% of the world’s data sits on private servers, mostly operated by businesses. And it’s not just corporate sensitive information at risk — many of these business servers contain sensitive personal data of consumers, which could be jeopardized in attacks and leave unwitting customers open to theft.
Data that lives natively on an IoT device is similarly vulnerable. For instance, the use of commercial drones has become prevalent in sectors like agriculture, military and construction, due to their versatile applications and access to real-time data. If the operators of these drones leave them unsecured, hackers can access them and install malware to strip out sensitive business data, including pictures and video.
While businesses cannot stop IoT attacks from happening, they can be proactive in mitigating threats to network security and protecting valuable data and IT systems. Emerging platforms like blockchain can help secure IoT devices by getting rid of a central authority in IoT networks. This would enable devices in a common group to issue alerts if asked to perform unusual tasks, thereby decreasing the capabilities of a hacker through a single entry point.
For their part, consumers must hold businesses to higher standards and approach any IoT-related purchase with a critical eye. They should conduct thorough research and verify that everything involved with their smart device purchases is legitimate — from the website reviews that inform their decisions to the retailers and manufacturers from which they buy. Luckily, organizations appear to be aware of the increasing threats to IoT security. A recent Gartner report indicates that worldwide IoT security spending will reach $1.5 billion in 2018 and will more than double to $3.1 billion by 2021.
While securing the internet of things is a monumental challenge, doing so will become increasingly important in preventing business and personal catastrophes. It will also allow companies to put the focus back on the primary intents of IoT — to collect and analyze more data to optimize processes, reduce costs, improve quality of service and enhance the customer experience.
In the age of digital transformation, we’ve become accustomed to living our lives immersed in technology. We maintain relationships that follow us seamlessly from the physical world to online platforms and social media, whether we are communicating with old friends or new retail brands. Consider how many times a retailer “follows” you across multiple websites with merchandise recommendations based on a recent purchase or online search.
Of course, omnichannel scenarios are largely limited to a specific experience or company today. When it comes to coordinating actions or decisions across various vertical markets and use cases, humans are still very much involved. But given how far technology has come in a relatively short time, one might wonder if — or, perhaps, when — computing will become truly ambient and span these virtual siloes.
Consider, for example, the task of arranging a vacation, including hotel and car rental, flight reservations, pet boarding and scheduling time off work. Could a software system be enabled to drive various workflows to plan the entire vacation for me based on my specified interests and personal profile? Yes, this can happen … with the right help.
On the road to tomorrow
Many industries are already seeing how pervasive connectivity can be used to benefit business processes through the industrial IoT, which is growing at an annual rate of nearly 25%. The ability to predict equipment failure based on intelligent sensors and algorithms enables significant improvements in inventory management, cost control and resource availability, not to mention the ability to increase safety by preventing failures. The integration of data, analysis, intelligence, process integration and reporting is key to implementing IoT systems. Yet, human intervention and decisions are still required today. Could these diverse systems intelligently communicate without human intervention?
If we envision the next step in IIoT evolution, we can imagine a scenario such as the intersection of automotive IoT and smart city functionality, with a tremendous amount of data coming from smart streets and parking lots, drivers, as well as the vehicles themselves. Car manufacturers could learn from operational data and driving patterns, while municipalities could benefit from information related to traffic patterns, effects of emissions, pedestrian and driver safety, and emergency response situations.
At Aricent, we are actively engaged in a number of vertical markets to enable IoT systems for specific use cases. We see many use cases that are driving IoT development and 5G adoption, such as autonomous driving, smart grids, intelligent retail or healthcare. However, we have yet to see the industry working together to merge systems in an intelligent fashion in order to provide real value across vertical segments.
The key to achieving this vision will be readily available access to relevant data, and a method of translating this information to be understood across various systems. The ability to provide layered data architectures that are rapidly accessible across intelligent systems is paramount; and to that end, we are focused on developing artificial intelligence and machine learning technologies with associated services for vertically specific learning.
Are we there yet?
Essentially, we have the technology to do this today. Emerging 5G networks and other networking technology will enable these systems to scale across many millions of devices that will exist in an operational scenario. Business analysts can translate the current process environment into the next-generation automated workflow. However, enterprises first need to understand the value of integrating vertical systems in order to drive implementation of these scenarios and realize the vision of ambient computing.
Ambient computing allows enterprises to simultaneously use many sources of data, both internally and externally sourced, to improve customer experience, competitiveness, market relevance and product excellence. For example, a hotel chain may be interested in usage variables in order to maximize its appeal to particular consumer groups or business travelers. That data might be derived from rental information, events, sports activities and other consumer data associated with a specific geography or demographic. Collecting and analyzing broadly sourced information allows for more agile and responsive business processes, leading to greater returns.
Digital design plays an important role in all of this. Creating an experience, workflow, usage and integration patterns and, most importantly, a conceptual journey of where the enterprise needs to go in the next five years is central to design-focused engineering. Creating top-down plans that include opportunity discovery and conceptual design can drive the required technology, data and workflows needed for ambient computing systems.
Full speed ahead
As we move toward these more complex and data-rich services, AI and machine learning technologies will enable greater autonomy to identify usage patterns and variables, either as the result of direct information or inferred decisions. Machine learning intelligence can then directly update algorithms and data, thereby improving customer experiences and product offerings. In this way, we create a continuous improvement process to search for relevant information and trends across the entire ecosystem, while minimizing human interaction.
With a better understanding of how to integrate ambient computing into business processes and the back office, enterprises can enable access to real-time and relevant data across industries and vertical markets. And with a little help from digital design engineering, a world of business opportunities will be realized in the very near future.