From immersive virtual reality training to interactive augmented reality product experiences, mixed reality experiments are making their way from pockets of innovation within corporations to full-fledged programs — –that is, if they don’t fall prey to “innovation cannibalism” first.
Companies are under increasing pressure to constantly innovate, often guided by a digital transformation or corporate innovation charter that is mandated by the C-suite, supported by middle management guidance and executed by grassroots “intra-preneurs.” This mounting pressure can serve as both a blessing and a curse for survival. Change agents strive to not only brainstorm the next big idea that will push the company into a new era of technology revolution, but also simultaneously hide their efforts from colleagues and other departments in order to get the glory of being the smartest person in the room.
Hence, innovation cannibalism is born, and virtual and augmented reality (VR/AR, or “XR” as a catchall term for “extended reality”) pilots are its latest victim. Rather than moving the company forward, these competing technology proofs of concept (POCs) ultimately compete for executive budgets and attention, rather than operating toward a common goal. Preceded by myriad other bright, shiny technologies under the innovator’s microscope, XR serves as the next tool primed for real market testing and even companywide rollout, if it can make it out of the corporate innovation vacuum.
ARtillry Intelligence projects enterprise mixed reality alone to grow from $554 million in 2016 to $39 billion by 2021. Growth is dependent on both perceived and proven value as organizations look to competitors and other industry best practices in order to gauge potential success. XR is sitting in the sweet spot for corporate innovators looking to reference existing case examples from early adopting enterprises in order to make their case, while still offering plenty of open water to brainstorm that next big idea to differentiate. And the sea of opportunity is indeed wide, spanning both industry and departments in potential use cases to increase efficiencies, improve employee experience and positively impact the bottom line.
In our latest Kaleido Insights report, “Prepare for the New Reality of Super Employees: How VR and AR Technologies Enhance Workforces to Transform the Enterprise,” my co-author Jeremiah Owyang and I detail the top six use cases for enterprise mixed reality (see Fig. 1 infographic below), as well as the challenges encountered along the road to fruition and a checklist of considerations for implementation. From training employees on dangerous tasks in a completely virtual (and safe) environment, to cutting theft of high-ticket item merchandise in-store, organizations are experimenting with reinvention of legacy procedures and methods to future-proof their businesses.
Though these mixed reality experimentations are typically driven straight from a corporate innovation charter and brought to life by innovation teams, labs and outposts, these change agents aren’t the only catalysts of XR testing. Other sparks that set POCs ablaze include:
Middle management pursues efficiencies
In tandem to XR charters led by innovation groups, other typical leaders of mixed reality initiatives rise from useful, real-world applications. When management in more technical roles — like field service, warehouse logistics or engineering production — come across use cases where XR could make their lives easier, they reach out to internal or external resources to begin experimentation. “Our customers are those who are dealing with challenges upfront and see VR as a way to solve a problem,” shared Jakub Korczyński, CEO of VR solution provider Giant Lazer. “These people get VR’s potential the quickest as they envision immediate benefit.”
HR and marketing strive to impress
In an effort to impress current employees and higher-ups, as well as attract new talent, human resources leaders look toward new technologies like mixed reality. The right application will not only draw positive internal buzz, but also help to retain and inspire the existing workforce (while ideally improving their job experience). Similarly, marketing and digital leaders are often enticed by what they see as interesting XR applications on YouTube — even if these applications are not entirely feasible or applicable to the company.
Desire to compete with automation
Augmented and virtual reality enable employees to become “superhumans” in their own right, using these technologies to augment and support their bionic brains. With artificial intelligence and automation posing increasing threats to industrial manufacturing and low-wage employment, many companies are turning to XR to bring employees closer to their robotic counterparts in capabilities. Scope AR’s Co-founder and President David Nedohin explained, “AR is arming employees to compete with AI by putting them in the position to know exactly what to do to complete a task through real-time data and imagery display. Industrial IoT data can initiate the proper workflow, combined with machine learning analysis and AI, to transform employees and help them stay competitive in the workforce.”
Need for increased collaboration
During many internal processes — from product development to training to sales and service — it can be difficult to get multiple busy leaders in the same room for collaboration, especially across departments and geographies of decentralized organizations. The need for easier, more efficient and more frequent collaboration is a common driver of exploring XR’s engaging and immersive environment, where corporations see a valuable investment.
Though many XR pilots are born from corporate innovation programs, among other aforementioned catalysts, these POCs cannot achieve critical mass until supported by the company at large. Executive support is essential in spreading an innovation imperative culturally, as well as greenlighting budgetary allocation and employees toward mixed reality initiatives. Without top-down alignment and goal-oriented prioritization, grassroots XR efforts cannibalize one another in a battle for resources and attention. It takes a comprehensive strategy that examines the impacts and opportunities of all relevant emerging technologies to move mixed reality from catalyzing to testing to fruition.
Download the full research report (note: registration required), “Prepare for the New Reality of Super Employees: How VR and AR Technologies Enhance Workforces to Transform the Enterprise,” from Kaleido Insights’ website.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The benefits of deploying IoT are becoming clearer for many organizations, especially when the use case is identified for a business problem solved with IoT (see my other article for more on that). However, once an IoT technology “sticks,” additional security considerations prior to deployment may not be top of mind — but they should be.
Device security should be incorporated into any design, and IoT deployments are not exempt. The general approach is to use the CIA triad: ensure the confidentiality, integrity and availability of the technology. While there are many debatable concerns around the security of devices, such as smart locks, there also are concrete examples of internet-connected devices posing a security risk with default passwords. The viral video demonstrating how an internet-connected carwash using default passwords can be exploited helps put the urgency of securing IoT devices into perspective. Weak and default passwords on IoT devices and platforms can even put personal safety at risk. When securing IoT devices, seek integration with existing certificate frameworks.
From a reliability perspective, cascading failure is a consideration as well. Consider a smart refrigerator that could run the risk of being “bricked” due to an IoT device failure, misconfiguration, malicious use or bad firmware. If in a hospital use case, unreliable devices could risk ruining a very expensive inventory of medicines that require climate control or even put lives in danger. Device reliability may also be a consideration over time as conditions may change. Temperature and other atmospheric factors, quality of network connection, changes in network equipment and changes in logical configuration (such as routing to the internet) may all introduce small and seemingly irrelevant changes to an environment, but IoT devices may respond unexpectedly to these changes.
From a cost perspective, consider a fixed device removal (and replacement) date or cycle. Just as capital expenditures like PCs and desktops have a three- to four-year life span, IoT assets should have their own asset management cycle. The details of that cycle will depend on factors such as the device, cost and use case, but also consider the process for spare part management, both from a supplier and, possibly, from a private inventory within the organization. A fixed removal date also provides a possible remediation for vulnerabilities that emerge in the future for IoT devices, because updating them may be daunting. Additionally, we should expect that capabilities will increase and costs will decrease for individual devices over time.
While this view on IoT may seem alarmist, a single catastrophic failure or breach could wipe out any IoT benefit. The challenge today is to design with these considerations in place to avoid an unforeseen challenge that wasn’t addressed ahead of time.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
When traveling to many different parts of the globe, the local public transportation can give individuals a real feel for a culture. Much like eating where the locals eat, it gives a taste of what everyday life is like in those locations. Public transit provides a greater perspective on people and places and makes the experience of visiting a new city that much more intimate. And, it is almost always a cheaper and more efficient way of getting around (although the Tokyo subway at rush hour might make you rethink how you commute altogether). Visiting countries where public transportation is a way of life can also give an idea of what the future may bring for this industry. In many locations, it can be surprising how smart the local transportation is.
Trying to catch the No. 43 bus in Paris to get to Gare du Nord? Get on the RATP app, and it will provide you detailed ETA for your stop. You no longer have to guess when the bus will arrive. In the world of supply chain, predictive ETAs can identify down to the hour — or to the minute — when a cargo vessel, train, truck or item is going to reach a destination. In the past, this would entail using models to predict, within a window of time, when something would arrive or when an action might happen.
Today, with smart IoT-enabled tags, we can actually “see” where and when these activities are taking place. We can follow the production of a product from supplier to factory floor and track an item all the way down to an individual container — wherever it is on the planet. Now apply that same thinking to mass transit. How can the way we commute and connect with our cities become smarter?
Predictive maintenance means more uptime
One area where IoT has empowered transformative changes is by providing greater insights into how assets are used and when they might fail. We have all seen the advertisements where the building tells the maintenance crew to repair the elevator before it breaks down; the same applies to our transportation assets. If a switch on the subway is not acting just right, smart sensors can identify where and why, and send a signal to the enterprise asset management software to request maintenance. Since the switch is smart, it can ensure that the crew has the appropriate spare parts and qualifications to fix the problem. Once you have a more robust, self-diagnosing and repairing network, what else could you imagine with your transportation network? Sounds like science fiction, but some of this technology is in use today.
Better traffic flow, and not simply for the machines
Whether it is trains, buses or infrastructure, as more assets become smarter, they will be able to better communicate among themselves. As this information becomes richer and available in real time, the network will allow for more optimal flow of vehicles and traffic. We have been exposed to the promise of smarter cars for our personal driving, but as our buses and trains follow the same concept we may start to experience more optimal flows. What about a better-connected passenger? If there are too many passengers on the platform, the IoT-enabled grid will prioritize traffic, maybe even assign a pop-up express train to reduce some of the strain. When the grid notices a surge in traffic, could it push out a message to those entering the train station, giving them a fare reduction if they take the subway an hour later? The smarter grid might even send suggestions to travelers to walk to another, less congested station.
Creating new opportunities with existing assets
Could public transit buses also deliver packages to the customer’s nearest bus stop? This is possible if the bus had sensors that could ensure the proper loading, handling and transport of the package. As its sensors are tied to the network, consumers could monitor when that bus would arrive at a certain stop. As the bus draws closer, the IoT sensors would send a message to recipients’ phones telling them when to get to the stop. The IoT-powered storage unit would then open and allow for scanning of the NFC-enabled phone over a reader. The sensors on the bus could also monitor passengers getting on or off and predict traffic flow to determine if delivering the package at that time would not cause disruptions.
IoT holds much promise for many aspects of our lives. Bringing greater efficiencies to our public transportation is one of them. As we get a more connected transportation grid, not only could we expect the incremental benefits of increased time with our assets, but it could open new business models as well. These new models have the potential to be transformative in nature. Exciting times indeed.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The IoT landscape shows no signs of slowing down, especially as IDC predicted that IoT spend will reach $772.5 billion in 2018. But with this exponential growth, one crucial thing is being overlooked: cybersecurity. A recent study found almost half the organizations with an IoT network have had a security breach, with larger organizations estimating one breach can cost over $20 million. How we secure and react to cybersecurity concerns today will seriously impact the future vulnerability and reliance of IoT.
More data, more risks
The methods and means to capture data in industrial and commercial IoT are currently booming and will continue to rise dramatically as connectivity and networking technology continue to improve. While this increase in data improves operational decisions, reduces manual reporting and increases safety, how can these operators be ensured their data is secure and that increased threat surfaces are protected?
With more data being transported than ever before, it’s important not only to secure assets, but to secure the communication link itself. Traditionally, supervisory control and data acquisition (SCADA) systems have been on the outside of a firewall from the corporate IT network. And with a host of legacy systems still using SCADA, this means those systems are often unprotected.
Smarter equals better
As the use of IoT technologies increases, field operators must utilize the intelligent network connecting the technologies along with intelligent data collectors, sensors and transport to provide additional value. IIoT sensors allow for more functionality, such as edge analytics and predictive maintenance, and increased connectivity to the devices using secure IPv6 standards. And for systems and networks using only remote terminal units and programmable logic controller to connect to the device, that functionality and cybersecurity might be underutilized or unavailable. Long-promised benefits, like assessing predictive failure, become possible only when the device can be accessed directly.
Operators in IIoT environments need to be concerned with everything that could be introduced to the network at every single connection point. This IoT data can be extremely useful, but safely enabling it requires a network that can meet the necessary cybersecurity requirements. Using TLS/SSL and basic AES-128 data encryption standards establishes secure connections, even where data moves across an open network, such as in an IIoT environment like manufacturing floors and oil fields. When data is properly encrypted, an unauthorized party cannot access it even if they can see it, as often is the case in IIoT. In wireless connections, standards-based connections allow relatively easy access to the moving data, leaving encryption as the only line of defense against unauthorized eyes.
Power and pain of IT/OT convergence
Traditionally, IT and operational technology (OT) environments have been divided by a firewall. However, IoT networks have reduced this wall to merely a low fence, meaning the sensors and applications in OT need to be protected to reduce the security threat to the entire network. As the convergence of IT and OT continues with the adoption of intelligent edge devices, industrial organizations are seeing security success with a connected infrastructure utilizing IP-enabled sensors or IP/IIoT-enabled access gateways. This also enables data to be shared with more than just the central control system, including direct communication between machines and multiple systems bringing in real-time sensor data.
IP technology makes it easier to deploy and talk to sensors, but it also makes it easier for intruders to infiltrate valuable data streams. Security through protocol obscurity is not a solution. There are many common attack vectors for industrial devices that become even more relevant when considering IIoT infrastructures and fully networked, geographically dispersed projects.
Knowledge is key
As companies deploy and expand their IIoT networks and technologies, they need to keep their security goals top of mind. A few questions to consider during deployment and adoption include:
- What data is being collected and/or transmitted with this technology? Is it time sensitive and/or mission critical?
- Do we need this technology to be fail-safe to prevent or eliminate catastrophic damage from occurring?
- What external factors might impact the reliable transmission and receipt of critical data from one point to another?
- What is the right tradeoff between features, ease of use and security for my installation?
Whether IT/OT convergence is a factor for an organization, both sides of the fence must put an emphasis on cybersecurity, with alignment between both parties. There are many benefits to the concept of a completely connected IoT system, but this also implies more crossover between IT and OT systems and greater cybersecurity risks. Companies need to prioritize cybersecurity in their quest to create endpoints for all their field assets.
Few industries will see as big an impact from the internet of things as the insurance sector. Indeed, IoT has the potential to touch nearly every facet of insurance, with the promises of both benefits and risks for carriers as well as their customers.
IoT will impact how insurance underwriting and pricing are done for markets including transportation, home, life, healthcare, workers’ compensation and commercial. And it will transform the way insurers gather information about customers and their environments to process claims, determine risks and calculate costs.
Primed for growth
The industry is primed for a big move into IoT. Recent industry research sheds some light on how insurance will be impacted by IoT. Research firm IDC, in a 2017 report that estimated global spending on IoT would grow 17% in 2017 to reach just over $800 billion and rise to nearly $1.4 trillion by 2021, said insurance would see the fastest spending growth of any industry.
During this period, the sector will experience a spending increase at a compound annual growth rate (CAGR) of 20%. A more recent research report predicted even more optimistic growth of 33% CAGR and reaching $9 billion by 2022.
The keys to this growth are the integration of real-time IoT data with AI-powered operational intelligence algorithms. Underwriters will no longer simply rely on actuarial data to insulate their company’s book of business from unacceptable exposure. Real-time operational IoT data will allow insurance companies to proactively prevent loss, ensure contractual compliance and detect fraud.
For example, in the area of auto insurance, vehicles equipped with sensors will provide data back to the carriers about the driving habits of insured individuals and the condition of automobiles and parts. This will help insurers correlate safe or unsafe driving patterns with unacceptable risk of accidents and injury. Unsafe drivers can be alerted before their behavior results in a loss, and premium incentives can be provided to safe drivers.
Automobile insurance pricing will become personalized and dynamic, shifting from being partly based on geographical zones and a forecast of miles driven to observed driving behavior, driving distance, commute route patterns and risks associated with those routes. As an increasingly large number of vehicles are connected to the cloud, more drivers will opt for this type of real-time, usage-based coverage.
Smart homes and buildings
The use of IoT technologies is beginning to transform homeowners’, renters’, workers’ compensation, commercial and general liability insurance.
In the home, connected, smart smoke detectors already help alert security monitoring firms to potential risk of fire. Insurers can offer discounted premiums in exchange for access to IoT home monitoring capabilities (such as smoke and leak-detection sensors) that can reduce the risk and scope of preventable loss. The sooner the homeowner is alerted to an event, the greater the likelihood of keeping damage to a minimum. That results in fewer costly claims for insurers.
Home security monitoring using cloud-connected video cameras and IoT perimeter sensors not only provides a sense of safety and security for the homeowner or renter, but also reduces the risk of burglary and improves the odds of recovering stolen assets.
Of course, the use of IoT sensors to protect assets extends beyond homeowners’ insurance to commercial use cases. Smart commercial facilities, such as office buildings, factories, stores and warehouses, will do more than just controlling lighting and building temperature. These facilities can utilize sensors to monitor valuable assets, detect fire, smoke, earthquakes and hazardous environmental conditions. When integrated with real-time worker notifications, such IoT connected sensors will be able to provide proactive alerts on a variety of dangerous conditions, protecting people as well as property from potential harm and loss. Companies that employ such technologies and are willing to share data with insurers will benefit from a safer operational environment and lower insurance premiums.
Health and fitness
Healthcare insurance providers are starting to gather health and fitness data — with the permission of their customers — to offer promotional programs that encourage good health maintenance practices. The emergence of connected wearable devices that provide personal health-related telemetry promises to usher in a new era of proactive health monitoring and maintenance.
These wearable technologies will have an impact not only on health insurance, but on disability, life and workers’ compensation lines as well. Individuals, employers and carriers all stand to benefit from gaining a better understanding of health-related risks in order to improve premium pricing and reduce costs of claims.
Just as nonsmokers receive preferentially priced health insurance premiums, active individuals may soon be able to receive such benefits. IoT devices will also be able to assist physicians with improving drug regimen compliance. Emerging smart pills contain ingestible sensors that can report when the pill has actually been taken by the patient. Patients who comply with their drug regimen may be at lower risk for adverse healthcare outcomes.
These are just a few examples of IoT’s potential beneficial impact on the insurance industry. But these benefits are not without their challenges. For insurers, one of the biggest challenges will be ensuring robust data security and privacy. Highly personalized insurance will require gathering, storing, processing and analyzing personally identifiable customer information. That data must not fall into the hands of cybercriminals. The costs of such a breach can be significant, including regulatory fines, lawsuits, damaged reputation and loss of trust.
Acquisition and analytic processing of the IoT data are additional significant challenges. Insurers will not simply be collecting and analyzing more data than they ever have; they must also collect and analyze that data in near real time to insure that the operational insights generated can be used to prevent or reduce loss. Traditional insurance companies will require a major upgrade of their IT capabilities to add real-time operational intelligence to their arsenal. Such operational intelligence will require acquiring advanced skills in technology areas such as IoT networking, cybersecurity, cloud computing, big data analytics and artificial intelligence. Finally, it will take time to blend the insurance domain knowledge of traditional underwriting professionals with the knowledge of professionals who are experts in emerging IoT-related technologies.
The good news is that most insurance companies are actively preparing to transform how they do business. The IoT-connected world will change the way both insurers and insured think about preventing loss and managing risk — largely for the better.
Security and privacy are at the root of serious fears about personal information, especially in the IoT space, where remote system hacks become cyberinvasions that impact the physical world. Just look at what happened with Jeep and the Krebs on Security blog. These fears spell trouble for IoT if companies don’t address security concerns and build out a secure IoT infrastructure quickly — indeed, 90% of consumers already express a lack of confidence in the security of IoT devices.
As IoT-related technology is integrated deeper into daily life in the form of fitness wearables, smart home devices, autonomous vehicles and even tracking chips for household pets, it’s up to industry leaders and policymakers to ensure the well-being of the consumer in this smart future. To do this, we must prioritize an aligned IoT framework by keeping the ethics around algorithms and access; values around privacy, security and ownership; and the common reference architectures that protect and build trust with consumers in mind.
IoT ethics: Algorithms and access
By 2021, 40% of new enterprise applications from service providers will include AI. As a result, IoT is set to grow rapidly as scaling costs decrease, and IT and operational technology become more connected. In developing the algorithms that fuel these proliferating IoT devices, enterprises must be cautious of algorithmic flaws and distribution of IoT access.
Industry leaders must be attentive to the reactions and outputs produced when programming IoT algorithms. As the IoT ecosystem becomes increasingly complex, algorithms will be more prone to flaws like exposed biased logic, inaccurate judgments — even security weaknesses allowing manipulated inputs to produce false outputs. If algorithms produce prejudice results that affect consumers, IoT technology will not be trusted.
If IoT progresses according to plan, society will experience tremendous benefits – 61% of consumers predict that increased automation and AI will prompt reduced motor accidents and deaths, safer workplaces, better patient monitoring and more. With these great benefits, industry leaders and policymakers must work together to ensure that all members of society receive these benefits, not just people and areas who can afford to implement IoT into their daily lives.
A strong ethical standard will motivate companies to design smarter and more inclusively to avoid algorithmic issues and ensure global connectivity. When it comes down to it, every company is responsible for maintaining an ethical IoT foundation or else consumers will deny access to their information — resulting in a data deficit for companies. To get this right, leaders must consider the capacity of their IoT technology and how they can expedite access worldwide.
IoT values: Privacy, security and ownership
In addition to developing a code of ethics, IoT should be built on three core values: privacy, security and ownership. IoT devices must retain a certain amount of privacy when processing data and have security measures built in. Ownership of data must also be established clearly for consumers to feel comfortable with integrating IoT into their daily lives.
More precise and extensive data is being recorded through IoT, but customers don’t want their private information scrutinized, monetized or shared without their knowledge. When it comes to storing information and content, 67% of consumers choose to save locally on their device over the cloud. To gain IoT trust and mitigate hesitations, blockchain technology should record and protect the exchanges that contain data. Through these exchanges, consumers could track and maintain ownership over data they want to keep private or secure.
With data ownership, policymakers must be able to determine who holds the rights to IoT data. Wearable manufacturers could sell consumers’ information and impact insurance, credit scores or jobs. By devising policies on data collected within their districts around privacy, security and ownership, policymakers would have those policies travel and expire conjointly with data. Consequently, quantity will be maintained, and concerns will be alleviated.
IoT common reference architectures
After addressing ethics and values around IoT, a clear next step is to discuss and agree on common reference architectures for building out IoT technology. A reference architecture establishes all of the components which are required to implement a complete IoT service. Several organizations, including the Industrial Internet Consortium and the Plattform Industrie 4.0, are making efforts to align the industry. Establishing common reference architectures comes with many benefits for governments, enterprises and consumers to build trust, security and experience. Without common reference architectures, large-scale IoT adoption will take longer and expose businesses and consumers to greater risks.
Of businesses surveyed, 61% think that enterprises should be responsible for securing data at each stage of their journey, and currently, private and public enterprises and policymakers are collaborating on a secure IoT infrastructure. Together, they have explored decoupling data, blockchain technology, securing end-to-end layers from the edge to the cloud and more. By securing IoT frameworks, future developments will have protocols to reference. Subsequently, all socioeconomic levels will benefit from IoT much faster, creating a digitally connected world.
These ethics, values and common reference architectures will set the tone for enterprises creating a smart future. This is already happening at the Center for the Fourth Industrial Revolution, where numerous tech leaders have partnered to use IoT technology to create a safe, connected and sustainable future. Protecting workers from potentially dangerous work environments, providing society with advanced health monitoring devices, and simplifying daily tasks with smart home technology are all great contributions — but these advances should not be made at the expense of security and privacy.
The rise of the internet of things across industries has been huge over the last few years, and it’s only growing. IDC research finds that worldwide spending on IoT is forecast to reach $772.5 billion in 2018; a 15% increase over IoT spend in 2017. Led by manufacturing, transportation, and logistics and utilities, it’s clear that positive business benefits and outcomes are driving the IoT market.
Meanwhile, an increased focus on employee wellness has taken shape as a trend in offices across the country. Companies are using technology to effectively analyze and predict staff needs and ensure a healthier and more productive workforce. But optimal employee health is just half the battle — what about the health of the equipment they use and the facilities they work in? Even the most productive people can only do so much without a healthy, efficient and safe environment.
There are well over 2 million physical locations in the U.S. occupied by retailers, restaurants, grocery stores, banks and other chain-like businesses. And while each has its own unique set of goals, challenges and strategies, there is a common thread across every business: all are faced with an urgency to deliver exceptional experience, at both the customer and employee level. And price — the traditional baseline differentiator between success and failure for many businesses — is no longer driving business as e-commerce and other trends have initiated a dramatic, industry-wide shift. As a result, customer experience is now king.
There are scores of approaches to achieving exceptional customer experience, but the most successful organizations are prioritizing two areas in particular: maintaining safe, clean and well-functioning facilities and equipment, and the application of technology to create exceptional experiences.
The role of IoT and data analytics
The business landscape is as competitive as ever — and part of keeping pace lies in maintaining a proactive strategy around facilities and equipment management. Reacting to maintenance issues as they pop up proves a never-ending battle that can have a lasting impact on consumers’ impression of businesses, ultimately impacting a brand’s reputation.
IoT is quickly maturing in the equipment space, and when addressing equipment wellness trends, there’s no doubt that IoT-enabled devices offer a huge advantage over legacy processes. In terms of equipment management, IoT equals intelligence — connected equipment has the ability to, for example, self-diagnose and initiate a repair and maintenance work order when it senses possible failure or other issues. IoT can also dramatically enhance the product and user performance; for example, fitness machines can now autonomously track their own status, offering actionable data and insights so club owners and gym managers can stay ahead of maintenance issues. Data also gives them a look at trends so they can deliver the best possible experience for customers. While this may sound like tomorrow’s technology, the future is here and coming to a gym, store, hospital or bank near you sooner than anyone might think.
Data analytics is arguably the most effective tool businesses have to better manage equipment and deliver on customer needs. However, tracking and analyzing equipment usage is more than placing a checkmark on a planned maintenance schedule. The technology tools that are readily available to facilities teams enable them to take a holistic look at the health of their capital equipment, including tracking usage data, service records and warranty coverage information and history, on a per-device basis. Let’s go back to the smart fitness equipment as an example: IoT helps self-monitor and track equipment details that help owners understand peak times in the club, enabling them to make informed decisions when scheduling routine maintenance and staffing. All companies can utilize data insights to make informed decisions, ultimately saving time and money, and eliminating the guesswork that was yesterday’s strategy.
The challenge inherent in adopting this (and any new technology and operational practice), is the need for a marked transformation for facilities operators who are accustomed to doing things a certain way. But the motivation for adoption is quite simple: Adopting automation to track equipment health leads to a better customer and employee experience, and a healthier bottom line.
RSA attendees who wanted a hands-on taste of hardware hacking were able to get their fix at the IoT Village area of the RSA Sandbox, a busy ancillary location of the RSA Conference 2018 in San Francisco. There, they learned that the UART interfaces ubiquitously found in IoT equipment have some default behaviors that enable at least preliminary access to the workings of the device, giving hackers a starting point for developing more thoroughgoing security breaks.
I took some time to work through a couple of the hands-on exercises at the workbenches comprising the village. I was drawn, in part, because there was a soldering iron on the table. It turned out we didn’t need a soldering iron, but all the same I was handed the guts of a Philips Hue controller hub and a logic scanner with a bunch of lead probes hanging off of it, a sort of miniature version of the wiring harness used to administer an EKG.
The object was to get root on the hub. To speed the ploughing, a certain amount of advance work had been done. Header pins had been soldered onto the holes in the circuit board for access to a diagnostic port, for example. This made it rather easier to hook up the leads to a logic analyzer, each lead snugging onto a pin on the header board.
What if I didn’t know which unsoldered holes were actually a port in disguise? I asked Nathan, who was helping me. He said that, starting from nothing, you soldered pins onto all the header spots and ran the diagnostic probe on all the pins at once. In any case, I fired up a capture on the Linux desktop at the station, then powered on the Philips hub.
Analyzing the serial capture
The point here is that lots of IoT devices have a similar setup. There’s a CPU chip on board that runs an embedded version of Linux, and there’s a way to hook a serial terminal interface up to it if you’re willing to do some patient poking around. You’ve got to figure out a few basics about the port, such as which pin is transmitting, which receiving, which is ground, what the baud rate is and so on. The analyzer figures most of this out for you. You can work your way through the possibilities for baud rate, or you can use the analyzer to look at an individual bit’s worth of high signal on the line and work backward from how much time that bit takes to transmit, or you can guess a couple of values that are far more likely than not.
When you get it right, somewhat miraculously, an analyzer hooked to the transmit pin will spit out actual ASCII characters and, cue enlightenment, I noticed the word “boot” amid the first few dozen characters.
Terminal console access, but stumped
From there, a further exercise hooked up a serial-to-USB interface to the laptop, to which a console window could be attached. Now, when the hub was powered on, the familiar Linux boot sequence streamed by, with volumes attaching and so on, eventually ending at a console prompt asking for a login.
With the right login credentials, you could sign on and be a root administrator, but the point of the next exercise was that it’s not actually that simple. After all, you don’t know what the root password is.
What the IoT Village folks let you know, though, is that this interface you’re using is a UART interface and one thing that’s true about UART interfaces is that if the master volume doesn’t mount successfully, it fails to a root login prompt. This isn’t a flaw, exactly. It’s just how the thing works.
Since you’re using a boot sequence that’s stored on a non-volatile chip, the play at this point is to short the power to the chip in question to ground, making it non-functional during the boot. For the hardened geek, this is the fun part of the exercise, because now you have an excuse to use the video microscope to see the circuit board better, find the line in question and tap it with the thin point of a probe.
When the volume doesn’t mount, you get a root prompt. The system uses a password hash that is stored in an environment variable (sigh), so you can set this hash to zero, write the environment variables to the chip and reboot one last time. Now you own the full system in its normal operational mode.
This is not, one hastens to say, the same thing as controlling the universe. You haven’t really breached anything usable in the field. Nathan’s view was that Philips had done a pretty good job of the security of the actual system, so this is really just the first step that gets you to the start of the real research. Now you can make a copy of all the software used in the system, get a better look at the network traffic generated by the device, and possibly find poorly protected encryption keys and certificates.
It’s a staple of panel discussions of IoT security to say that most devices have next to no security, but one nice thing about an exercise like this is how it shows that it’s not downright stupidly simple. Yes, it’s the sort of thing that someone with some experience in electronics and computers can push to a point where he can get a look at the source code, but getting source binaries on a device you’ve taken apart in your lab is still a long way from having remote exploits that turn field devices into weapons.
Machines function much like organs in the human body. The brain is the command center, and the central nervous system is responsible for connecting information received from the five senses: sight, smell, touch, taste and hearing. Your smarts aren’t worth much without the awareness of your environment and your internal condition.
In facilities, the network that connects different machines and sensors is called the industrial internet of things. As evidenced in the consumer IoT marketplace with smart thermostats that “feel” temperature, doorbells that “see” who’s outside and other connected sensor-based devices, brain-to-sensor connectivity is one of the most important facets of IoT technology today.
The problem is in the software brain, which today has a host of disconnected sensory inputs that do not relate to one another. Many consumers buy home IoT devices only to find that each one uses a different protocol, requires a new app to operate and often won’t speak with other devices unless explicitly designed to do so.
Disjointed dashboards such as these only hamper operations and lead to frustrated and disillusioned users. IIoT is experiencing similar growing pains, and that’s why focusing on building the central nervous system for IIoT is the next critical step forward.
Where we are in the IIoT evolution
Although we have a sense of what it should be, IIoT doesn’t really exist yet.
That statement may come as a surprise if you take a look at recent headlines, but the current iteration of IIoT is a collection of varied and incompatible protocols, sensors and companies with proprietary information that has to be forcefully integrated together. There is a lot that history can teach us from previous tectonic shifts as new platforms emerged, such as the internet and smartphone ecosystems. We can’t afford to repeat the same mistakes, as there is a lot at stake here — critical infrastructure, manufacturing, hospitals and data-centers will all be affected by decisions we make today.
Right now, the market has yet to get crowded, reach its inflection point and have a shakeout. But even at the beginning of the hype cycle, there is a compelling future to consider if and when the industry works together to connect everything. The winners in this future will have the most overreaching AI with the best interoperability.
So where do we go from here?
Essential traits for IIoT
A central nervous system for IIoT is an ever-present layer that constantly runs in the background. It connects to multiple data sources and communication channels, and is able to provide the right insight to the right person at the right time — pulling in the relevant data and people to quickly address the issue at hand. In building this central nervous system, we will need to focus on two primary functions.
First, we need to focus on the very basics of network connectivity and interoperability. We need to use a common language, so that everything can operate on the same network and share information. The pump, sensing weakness, needs to be able to communicate with the maintenance tech to let him know of a developing malfunction and automatically order the required spare parts for the repair. At the same time, that same pump, sensing its own temperature rising, needs to be able to communicate with the facilities manager and notify him to reduce the load. This command center will employ AI that is aware of various inputs and act on that information to make changes, notify where necessary and generally connect the dots.
Second, we need to concentrate on optimization. Keeping systems up and running as efficiently as possible requires an overarching layer — a central nervous system — to relay information to the brain for interpretation and action. In the examples above, the pump needs to be aware of its internal health and operating condition in order to notify the right person to take the corrective actions.
Now is the time for a shift in mindset
This is no easy feat. It requires multiple entities working in unison, building bridges between silos that have existed for decades, and finding the right business models to enable this cooperation. New technologies and technology vendors will play a critical role in building the infrastructure, but it’s up to the incumbents — the facility managers, the services providers, the OEMs and the insurance companies — to come to the table with a fresh mindset. Our market is changing rapidly, and we can either be surprised or be proactive and control its trajectory to a better outcome. Let’s build the central nervous system that enables our assets to truly speak across boundaries.
The TEE is no longer an emerging technology. If you’ve ever used apps like Samsung Pay or WeChat Pay, device features like Samsung KNOX/Secure Folder, or many of the leading Android device makers’ flagship phones, then you’ve been protected by one. But it is not a technology that is confined to high-end devices.
The proliferation of the internet of things is expanding the need for trusted identification to new connected devices, and the TEE is one technology helping manufacturers, service providers and consumers to protect their devices, IP and sensitive data.
But what is it, how does it work and why should we care?
What is a TEE?
The trusted execution environment, or TEE, is an isolated area on the main processor of a device that is separate from the main operating system. It ensures that data is stored, processed and protected in a trusted environment. TEE provides protection for any connected “thing” by enabling end-to-end security, protected execution of authenticated code, confidentiality, authenticity, privacy, system integrity and data access rights.
It is already used widely in complex devices, such as smartphones, tablets and set-top boxes, and also by manufacturers of constrained chipsets and IoT devices in sectors such as industrial automation, automotive and healthcare, who are now recognizing its value in protecting connected things.
How does it work?
The fundamental concepts of a TEE are trust, security and isolation of sensitive data. The most advanced TEE implementations embed devices with unique identities via roots of trust. These enable key stakeholders in the value chain to identify whether the device they’re interacting with is authentic. It also cryptographically protects both data and applications stored inside it. Applications that sit within the TEE are known as trusted applications. The data stored on and processed by trusted applications is protected and interactions made (whether between applications or the device and end user) are securely executed.
This is because a TEE enables:
- Secure peripheral access — It has the unique capability of being able to directly access and secure peripherals such as the touchscreen or display (i.e., the user interface), offering protection for fingerprint sensors, cameras, microphones, speakers and so on.
- Secure communication with remote entities — It can secure data, communications and cryptographic operations. Encryption keys are only stored, managed and used within the secure environment, with no opportunity for eavesdropping. This is particularly relevant for IoT as secure cloud enrollment of things like sensors is central to scalability.
- Trusted device identity and authentication — Some TEEs inject a root of trust that enables the legitimacy of the device to be verified by the connected service which it is trying to enroll with.
Why should we care?
Our world is driven by data and we need to get better at protecting it
TEE technology solves a significant problem for anyone concerned about protecting data. Take manufacturers and service providers for example; the TEE is increasingly playing a central role in preventing high-profile hacking, data breaches and use of malware, all of which can result in significant brand damage.
As devices become more complex so do their security requirements
It is clear that a smart heart rate monitor or insulin pump will not have the same capabilities as a connected car. Nevertheless, they all embed critical software and handle highly sensitive data and functions that are crucial to protect.
But it is not just the data that is key — secure connectivity and communication are also fundamental. Smart devices increasingly rely on connectivity to function (whether to pair with other devices or enroll with cloud services). This, however, makes them highly vulnerable. The TEE tackles this problem by allowing a trusted application to securely share secrets with a remote entity, such as a server or a secure element, in order to establish a secure communication channel.
IoT needs trust and scalability
The IoT value proposition is very desirable — cost savings, new/faster/better services, increased revenue, improved operational efficiency, enhanced digital lives. The IoT landscape is a diverse and ever-expanding space of possibility — and some of the best benefits haven’t even been imagined yet!
To fully take advantage of the current and future benefits that IoT offers, devices need to be scalable. This can only be achieved if their underlying technology is built on a foundation of security that can provide robust protection long into the future.
The TEE enables scalability in IoT by embedding hardware-backed protection at the heart of the device. New technologies, like Digital Holograms, are also coming forward to solve problems like device attestation, protection from overproduction, cloning and tampering, supply chain integrity from start to in-field operation, and trusted, autonomous cloud enrollment.
The trusted execution environment is already bringing value to a range of device types and sectors, which we’ll explore in greater detail in upcoming blogs. What’s really exciting though, is not the technology itself, but the options and possibilities it opens up. Whether it’s for developers to add additional value to their services by utilizing the hardware isolation, or the complementary technologies like Digital Holograms that sit alongside to add value for service providers and device makers, this is a technology that is only just gaining momentum. For example, our open TEE is already embedded into more than 1.5 billion devices worldwide, a number that has grown by more than 50% in less than a year, and as the IoT ecosystem and its security requirements expand even further, we can expect that growth rate to continue to rise.