The Internet of Things’ Essential Truths

I’ve been writing about what I call the Internet of Things’ “Essential Truths” for three years now, and decided the time was long overview to codify them and present them in a single post to make them easy to refer to.

As I’ve said, the IoT really will bring about a total paradigm shift, because, for the the first time, it will be possible for everyone who needs it to share real-time information instantly. That really does change everything, obliterating the “Collective Blindness” that has hampered both daily operations and long-term strategy in the past. As a result, we must rethink a wide range of management shibboleths (OK, OK, that was gratuitous, but I’ve always wanted to use the word, and it seemed relevant here, LOL):

  1. First, we must share data. Tesla leads the way with its patent sharing. In the past, proprietary knowledge led to wealth: your win was my loss. Now, we must automatically ask “who else can use this information?” and, even in the case of competitors, “can we mutually profit from sharing this information?” Closed systems and proprietary standards are the biggest obstacle to the IoT.
  2. Second, we must use the Internet of Things to empower workers. With the IoT, it is technically possible for everyone who could do their job better because of access to real-time information to share it instantly, so management must begin with a new premise: information should be shared with the entire workforce. Limiting access must be justified.
  3. Third, we must close the loop. We must redesign our data management processes to capitalize on new information, creating continuous feedback loops.
  4. Fourth, we must rethink products’ roles. Rolls-Royce jet engines feed back a constant stream of real-time data on their operations. Real-time field data lets companies have a sustained dialogue with products and their customers, increasingly allowing them to market products as services, with benefits including new revenue streams.
  5. Fifth, we must develop new skills to listen to products and understand their signals. IBM scientists and medical experts jointly analyzed data from sick preemies’ bassinettes & realized they could diagnose infections a day before there was any visible sign. It’s not enough to have vast data streams: we need to understand them.
  6. Sixth, we must democratize innovation. The wildly-popular IFTTT web site allows anyone to create new “recipes” to exploit unforeseen aspects of IoT products – and doesn’t require any tech skills to use. By sharing IoT data, we empower everyone who has access to develop new ways to capitalize on that data, speading the IoT’s development.
  7. Seventh, and perhaps most important, we must take privacy and security seriously. What responsible parent would put an IoT baby monitor in their baby’s room after the highly-publicized incident when a hacker exploited the manufacturer’s disregard for privacy and spewed a string of obscenities at the baby? Unless everyone in the field takes privacy and security seriously, the public may lose faith in the IoT.

There you have ’em: my best analysis of how the Internet of Things will require a revolution not just in technology, but also management strategy and practices. What do you think?

Apple ResearchKit will launch medical research paradigm shift to crowd-sourcing

Amidst the hoopla about the new MacBook and much-anticipated Apple Watch, Apple snuck something into Monday’s event that blew me away (obligatory disclaimer: I work part-time at The Apple Store, but the opinions expressed here are mine).

My Heart Counts app

Four years after I proselytized about the virtues of democratizing data in my Data Dynamite: how liberating data will transform our world book (BTW: pardon the hubris, but I still think it’s the best thing out there about the attitudinal shift needed to capitalize on sharing data), I was so excited to learn about the new ResearchKit.

Tag line? “Now everybody can do their part to advance medical research.”

The other new announcements might improve your quality of life. This one might save it!

As Senior VP of Operations Jeff Williams said in announcing the kit,  the process of medical research ” ..hasn’t changed in decades.” That’s not really true: as I wrote in my book, the Quantified Self movement has been sharing data for several years, as well as groups such as CureTogether and PatientsLikeMe. However, what is definitely true is that no one has harnessed the incredible power of the smartphone for this common goal until now, and that’s really incredible. It’s a great example of my IoT Essential Truth of asking “who else could use this data?

A range of factors cast a pall over traditional medical research.

Researchers have had to cast a broad net even to get 50-100 volunteers for a clinical trial (and may have to pay them, to boot, placing the results validity when applied to the general population in doubt).  The data has often been subjective (in the example Williams mentioned, Parkinson’s patients are classified by a doctor simply on the basis of walking a few feet). Also, communication about the project has been almost exclusively one way, from the researcher to the patient, and limited, at best.

What if, instead, you just had to turn on your phone and open a simple app to participate? As the website says, “Each one [smartphone] is equipped with powerful processors and advanced sensors that can track movement, take measurements, and record information — functions that are perfect for medical studies.” Suddenly research can be worldwide, and involve millions of diverse participants, increasing the data’s amount and validity (There’s a crowdsourcing research precedent: lot of us have been participating in scientific crowdsourcing for almost 20 years, by installing the SETI@Home software that runs in the background on our computers, analyzing data from deep space to see if ET is trying to check in)!

Polymath/medical data guru John Halamka, MD wrote me that:

“Enabling patients to donate data for clinical research will accelerate the ‘learning healthcare system’ envisioned by the Institute of Medicine.   I look forward to testing out Research Kit myself!”

The new apps developed using ResearchKit harvest information from the Health app that Apple introduced as part of iOS8. According to Apple:

“When granted permission by the user, apps can access data from the Health app such as weight, blood pressure, glucose levels and asthma inhaler use, which are measured by third-party devices and apps…. ResearchKit can also request from a user, access to the accelerometer, microphone, gyroscope and GPS sensors in iPhone to gain insight into a patient’s gait, motor impairment, fitness, speech and memory.

Apple announced that it has already collaborated with some of the world’s most prestigious medical institutions, including Mass General, Dana-Farber, Stanford Medical, Cornell and many others, to develop apps using ResearchKit. The first five apps target asthma, breast cancer, cardiovascular disease, diabetes and Parkinson’s disease.  My favorite, because it affects the largest number of people, is the My Heart Counts one. It uses the iPhone’s built-in motion sensors to track participants’ activity, collecting data during a 6-minute walk test from those who are able to walk that long. If participants also have a wearable activity device connecting with the Health app (aside: still don’t know why my Jawbone UP data doesn’t flow to the Health app, even though I made the link) , they are encouraged to use that as well. Participants will also enter data about their heart disease risk factors and their lab tests readings to get feedback on their chances of developing heart disease and their “heart age.” Imagine the treasure trove of cardiac data it will yield!

 A critical aspect of why I think ResearchKit will be have a significant impact is that Apple decided t0 make it open source, so that anyone can tinker with the code and improve it (aside: has Apple EVER made ANYTHING open source? Doubt it! That alone is noteworthy).  Also, it’s important to note, in light of the extreme sensitivity of any personal health data, that Apple guarantees that it will not have access to any of the personal data.

Because of my preoccupation with “Smart Aging,” I’m really interested in whether any researchers will specifically target seniors with ResearchKit apps. I’ll be watching carefully when the Apple Watch comes out April 24th to see if seniors buy them (not terribly optimistic, I must admit, because of both the cost and the large number of seniors I help at The Apple Store who are befuddled by even Apple’s user-friendly technology) because the watch is a familiar form factor for them (I haven’t worn a watch since I got my first cell phone, and most young people I know have never had one) and might be willing to use them to participate in these projects.

N0w, if you’ll excuse me, I just downloaded the My Heart Counts app, and must find out my “heart age!”


 

Doh!  Just after I posted this, I saw a really important post on Ars Technica pointing out that this brave new world of medical research won’t go anywhere unless the FDA approves:

“As much as Silicon Valley likes to think of itself as a force for good, disrupting this and pivoting that, it sometimes forgets that there’s a wider world out there. And when it comes to using devices in the practice of medicine, that world contains three very important letters: FDA. That’s right, the US Food and Drug Administration, which Congress has empowered to regulate the marketing and research uses of medical devices.

“Oddly, not once in any of the announcement of ResearchKit did we see mention of premarket approval, 510k submission, or even investigational device exemptions. Which is odd, because several of the uses touted in the announcement aren’t going to be possible without getting the FDA to say yes.”

I remember reading that Apple had reached out to the FDA during development of the Apple Watch, so I’m sure none of this comes as a surprise to them, and any medical researcher worth his or her salt is also aware of that factor. However, the FDA is definitely going to have a role in this issue going forward, and that’s as it should be — as I’ve said before, with any aspect of the IoT, privacy and security is Job One.

 

 

FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

comments: Comments Off on FTC report provides good checklist to design in IoT security and privacy tags: , , , ,

IBM picks for IoT trends to watch this year emphasize privacy & security

Last month Bill Chamberlin, the principal analyst for Emerging Tech Trends and Horizon Watch Community Leader for IBM Market Development (hmmm, must have an oversized biz card..) published a list of 20 IoT trends to watch this year that I think provide a pretty good checklist for evaluating what promises to be an important period in which the IoT becomes more mainstream.

It’s interesting to me, especially in light of my recent focus on the topics (and I’ll blog on the recent FTC report on the issue in several days), that he put privacy and security number one on the list, commenting that “Trust and authentication become critical across all elements of the IoT, including devices, the networks, the cloud and software apps.” Amen.

Most of the rest of the list was no surprise, with standards, hardware, software, and edge analytics rounding out the top five (even though it hasn’t gotten a lot of attention, I agree edge analytics are going to be crucial as the volume of sensor data increases dramatically: why pass along the vast majority of data, that is probably redundant, to the cloud, vs. just what’s a deviation from the norm and probably more important?).

Two dealing with sensors did strike my eye:

9.  Sensor fusion: Combining data from different sources can improve accuracy. Data from two sensors is better than data from one. Data from lots of sensors is even better.

10.  Sensor hubs: Developers will increasingly experiment with sensor hubs for IoT devices, which will be used to offload tasks from the application processor, cutting down on power consumption and improving battery life in the devices”

Both make a lot of sense.

One was particularly noteworthy in light of my last post, about the Gartner survey showing most companies were ill-prepared to plan and launch IoT strategies: “14.  Chief IoT Officer: Expect more senior level execs to be put in place to build the enterprise-wide IoT strategy.” Couldn’t agree more that this is vital!

Check out the whole list: I think you’ll find it helpful in tracking this year’s major IoT developments.

comments: Comments Off on IBM picks for IoT trends to watch this year emphasize privacy & security tags: , , , , , , , , ,

The #IoT Can Kill You! Got Your Attention? Car Security a Must

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.


PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

Resolved: That 2015 Is When Privacy & Security Become #IoT Priority!

I’m a right-brained, intuitive type (ENFP, if you’re keeping Myers-Briggs score…), and sometimes that pays off on issues involving technology & the general public, especially when the decidedly non-technical, primal issue of FEAR comes into the equation.

I used to do a lot of crisis management work with Fortune 100 companies, and usually worked with engineers, 95% of whom are my direct opposite: ISTJ.  Because they are so left-brained, rational and analytical, it used to drive them crazy that the public would be so fearful of various situations, because peoples’ reaction was just so darned irrational!

I’m convinced that same split is a looming, and extremely dangerous problem for the Internet of Things: the brilliant engineers who bring us all these great platforms, devices and apps just can’t believe that people could be fraidy cats.

Let me be blunt about it, IOT colleagues: get used dealing with peoples’ fears. Wise up, because that fear might just screw the IoT before it really gains traction. Just because a reaction is irrational doesn’t mean it isn’t very, very real to those who feel it, and they might just shun your technology and/or demand draconian regulations to enforce privacy and security standards. 

That’s why I was so upset at a remark by some bright young things at the recent Wearables + Things conference. When asked about privacy and security precautions (a VERY big thing with people, since it’s their very personal bodily data that’s at risk) for their gee-whiz device, they blithely said that they were just a start-up, and they’d get to security issues after they had the device technology squared away.

WRONG, KIDS: security and privacy protections have to be a key priority from the get-go.

That’s why I was pleased to see that CES asked FTC Chair Edith Ramirez to give opening remarks at a panel on security last week, and she specifically focused on “privacy by design,” where privacy protections are baked into the product from the get-go. She emphasized that start-ups can’t get off the hook:

“‘Any device that is connected to the Internet is at risk of being hijacked,’ said Ms. Ramirez, who added that the large number of Internet-connected devices would ‘increase the number of access points’ for hackers.

Ms. Ramirez seemed to be directing her remarks at the start-ups that are making most of the products — like fitness trackers and glucose monitors — driving the so-called Internet of Things.

She said that some of these developers, in contrast to traditional hardware and software makers, ‘have not spent decades thinking about how to secure their products and services from hackers.'”

I yield to no one in my love of serendipitous discoveries of data’s value (such as the breakthrough in early diagnosis of infections in neonates by researchers from IBM and Toronto’s Hospital for Sick Children, but I think Ms. Ramirez was on target about IoT developers forcing themselves to emphasize minimization of data collection, especially when it comes to personal data:

“Beyond security, Ms. Ramirez said that technology companies needed to pay more attention to so-called data minimization, in which they collect only the personal data they need for a specific purpose and delete it permanently afterward. She directly challenged the widespread contention in the technology industry that it is necessary to collect large volumes of data because new uses might be uncovered.

‘I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information,’ she said.

She also said that technology companies should be more transparent about the way they use personal data and should simplify their terms of use.”

Watch for a major IoT privacy pronouncement soon from the FTC.

It’s gratifying that, in addition to the panel Ms. Ramirez introduced, that CES also had an (albeit small…) area for privacy vendors.  As the WaPo reported, part of the reasons for this area is that the devices and apps are aimed at you and me, because “consumers are finding — thanks to the rise in identity theft, hacks and massive data breaches — that companies aren’t always good stewards for their information.” Dealing with privacy breaches is everyone’s business: companies, government, and you and me!

As WaPo reporter   concluded: “The whole point of the privacy area, and of many of the products being shown there, is that technology and privacy don’t have to fight. They can actually help each other. And these exhibitors — the few, the proud, the private — are happy to be here, preaching that message.”

So, let’s all resolve that 2015 when privacy and security become as big an IoT priority as innovation!


Oh, before I forget, its time for my gratuitous reference whenever I discuss IoT privacy and security, to Gen. David Petraeus (yes, the very General “Do As I Say, Not As I Do” Petraeus who faces possible federal felony charges for leaking classified documents to his lover/biographer.), who was quite enamored of the IoT when he directed the CIA. That should give you pause, no matter whether you’re an IoT user, producer, or regulator!

IoT Security After “The Interview”

Posted on 22nd December 2014 in defense, Internet of Things, M2M, management, privacy, security, US government

Call me an alarmist, but in the wake of the “Interview” catastrophe (that’s how I see it in terms of both the First Amendment AND asymmetrical cyberwarfare), I see this as a clarion call to the #IoT industry to redouble efforts to make both security AND privacy Job #1.

Here’s the deal: if we want to enhance more and more parts of governmental, commercial, and private lives by clever IoT devices and apps to control them, then there’s an undeniable quid pro quo: we MUST make these devices and apps as secure as possible.

I remember some bright young entrepreneurs speaking at a recent wearables conference, where they apologized for not having put attention on privacy and security yet, saying they’d get to it early next year.

Nope.

Unacceptable.

Security must be built in from the beginning, and constantly upgraded as new threats emerge.  I used to be a corporate crisis manager, and one of the things that was so hard to convince left-brained, extremely rational engineers about was that just because fears were irrational didn’t mean they weren’t real — even the perception of insecure IoT devices and apps has the potential to kill the whole industry, or, as Vanity Fair‘s apocalyptic “Look Out, He’s Got a Phone” article documented, it could literally kill us. As in deader than a doornail.

This incident should have convinced us all that there are some truly evil people out there fixated on bringing us to our collective knees, and they have the tech savvy to do it, using tools such as Shodan. ‘Nuff said?

PS: Here’s what Mr. Cybersecurity, Bruce Schneier, has to say on the subject. Read carefully.

comments: Comments Off on IoT Security After “The Interview” tags: , , , ,

My #IoT predictions for 2015

I was on a live edition of “Coffee Break With Game-Changers” a few hours ago with panelists Sherryanne Meyer of Air Products and Chemicals and Sven Denecken of SAP, talking about tech projections for 2015.

Here’s what I said about my prognostications:

“I predict that 2015 will be the year that the Internet of Things penetrates consumer consciousness — because of the Apple Watch. The watch will unite both health and smart home apps and devices, and that will mean you’ll be able to access all that usability just by looking at your watch, without having to fumble for your phone and open a specific app.

If Apple chooses to share the watch’s API on the IFTTT – If This Then That — site, the Apple phone’s adoption – and usability — will go into warp speed. We won’t have to wait for Apple or developers to come up with novel ways of using the phone and the related devices — makers and just plain folks using IFTTT will contribute their own “recipes” linking them. This “democratization of data” is one of the most powerful – and under-appreciated – aspects of the IoT. In fact, Sherryanne, I think one of the most interesting IoT strategy questions for business is going to be that we now have the ability to share real time data with everyone in the company who needs it – and even with supply chain and distribution networks – and we’ll start to see some discussion of how we’ll have to change management practices to capitalize on this this instant ability to share.

(Sven will be interested in this one) In 2015, the IoT is also going to speed the development of fog computing, where the vast quantities of data generated by the IoT will mean a switch to processing data “at the edge,” and only passing on relevant data to the cloud, rather than overwhelming it with data – most of which is irrelevant.

In 2015 the IoT is also going to become more of a factor in the manufacturing world. The success of GE’s Durathon battery plant and German “Industry 4.0” manufacturers such as Siemans will mean that more companies will develop incremental IoT strategies, where they’ll begin to implement things such as sensors on the assembly line to allow real-time adjustments, then build on that familiarity with the IoT to eventually bring about revolutionary changes in every aspect of their operations.

2015 will also be the year when we really get serious about IoT security and privacy, driven by the increasing public concern about the erosion of privacy. I predict that if anything can hold back the IoT at this point, it will be failure to take privacy and security seriously. The public trust is extremely fragile: if even some fledgling startup is responsible for a privacy breach, the public will tend to tar the entire industry with the same brush, and that could be disastrous for all IoT firms. Look for the FTC to start scrutinizing IoT claims and levying more fines for insufficient security.”

What’s your take on the year ahead? Would love your comments!

comments: Comments Off on My #IoT predictions for 2015 tags: , , , , , ,

Disney MagicBands: as important symbolically for IoT as substantively!

(I’ve been meaning to write about this particular IoT device for a long time — my apologies for the delay)

I have no objective evidence for this, but I suspect that many C-level executives first learned about e-commerce when they placed personal orders during the Christmas season of 1995. Thus, Amazon deserves a disproportionate share of credit for launching the e-commerce era.

Magic Bands play a number of roles at Disney parks

Similarly, I suspect that many C-level executives’ first direct experience with the Internet of Things has come, or may come this holiday season, with their family’s first visit to Disneyworld since Disney began the beta testing of its MagicBands, which are arguably the most high-profile public IoT devices so far.

IMHO, Disney deserves a lot of credit for such a public IoT project, especially many of the initial reviews were decidedly mixed due to technical and management glitches — risking irritating customers. 

The project reportedly cost north of $1 billion.

The major lesson to decision makers in other industries to be gained from the MagicBand is my favorite IoT “Essential Truth“: who else can use this data?

Disney uses the band data, either by itself, or aggregated with other visitors, to improve almost every aspect of park operations, marketing, and the customer experience — illustrating the versatility of IoT devices:

  • control logistics, speeding entry to the park and individual rides
  • coordinate outside transportation
  • balance demand for various rides
  • add new functionality to existing technology such as the Disney app
  • control mechanical systems, such as hotel door locks
  • add a social component (and avoid the stresses of families getting
  • handle and speed in-park financial transactions
  • personalize the park experience and improve customer satisfaction
  • harvest and analyze big data on customer preferences.

The bands, which work because they have RFID chips inside, are worn on your wrist throughout your stay at the parks. When you book the trip, Disney lets you choose your favorite color, and the band comes in a presentation box with your name on it.

Before leaving, you can program it in conjunction with the My Disney Experience app and web page, entering key choices such as hotels, your favorite rides (FastPass+), dinner reservations, etc., and your credit card info so that they can be used to pay for meals and merchandise.

Disney warns visitors not to pack the bracelets in their luggage, because they are even used to board the transportation from the Orlando airport.

Putting aside the programming involved, this had to be a tremendous logistical challenge, changing the hotel locks, installing readers at each ride, putting readers in the restaurants and shops, which probably accounts for many of the glitches that customers reported during the pilot phase.

My future son-in-law, Greg Jueneman, who knows EVERYTHING about Disneyland, weighs in from a customer standpoint:

“I think they take the spontaneity out of a Disney World vacation. Everything has to be planned in advance and a schedule has to be followed. As a technology they are cool, I’m sure Disney had lots of plans for them but so far the only real thing that they do is open your hotel room without a “key” and allow you to pay for things without your cards (I’m sure Disney loves that! – some blogs Ifollow have said that spending with Magic Bands is up 40%, that’s impressive!).”

As you can imagine, there are also important data privacy and security issues: on one hand, it would probably be very cool to have Mickey come up to you and say “happy 5th birthday, Jeremy,” but that could also creep parents out, and you’d be worried about someone running up a tab on your credit card if you mislaid the band.

From my reading of the most recent media coverage, it appears that most of the beta test problems have been worked out, and that Disney is fully-committed to universal use of the bands in the future.

If you’re visiting Disney this holiday season, think about possible IoT strategy lessons for your company from the MagicBand:

  • marketing: how it can personalize the customer experience and increase sales?
  • transactions: how can it streamline transactions (have to think that Apple looked carefully at this in designing Apple Pay)?
  • operations: how can real-time data from many users help streamline operations and reduce congestion?

Maybe you can write off the family vacation as research! Have fun.

 

comments: Comments Off on Disney MagicBands: as important symbolically for IoT as substantively! tags: , , , , , ,

Live Blogging from IoT Global Summit

I’ll be live-blogging for the next two days from the 2nd Internet of Things Global Summit.

  • Edith Ramirez, FTC chair:
    • potential for astounding benefits to society, transforming every activity
    • risks: very technology that allows this can also gather info for companies and your next employer
    • possible consumer loss of confidence in connected devices if they don’t think privacy w
    • 3 challenges:
      • adverse uses
      • security of the data
      • collection of the data
    • key steps companies should take:
      • security front and center
      • deidentify data
      • transparent policies
    • data will provide “startlingly complete pictures of us” — sensors can already identify our moods, even progression of neurological diseases
    • how will the data be used? will TV habits be shared with potential employers? Will it paint picture of you that others will see, but you won’t
    • will it exacerbate current socio-economic disparities?
    • potential for data breaches such as Target grows as more data is collected
    • FTC found some companies don’t take even most basic protections. Small size and cheap cost of some sensors may inhibit data protections
    • steps:
      • build security in from beginning
      • security risk assessment
      • test security measures before launch
      • implement defense and depth approach
      • encryption, especially for health data.
    • FTC action against TrendNet
    • follow principle of “data minimization,” only what’s needed, and dispose of it afterwards.
  • she’s skeptical of belief that there should be no limits on collection of data (because of possible benefits)
    • de-identified data: need dual approach — commit to not re-identify data
    • clear and simple notice to consumers about possible use of data.
    • Apple touting that it doesn’t sell data from Health App — critical to building consumer trust
    • transparency: major FTC priority. FTC review of mobile apps showed broad and vague standards on data collection & use.
  • Ilkka Lakaniemi, chair, FIWARE Future Internet PPP, EU perspective on IoT:
    • lot easier to start IoT businesses in Silicon Valley because of redundant regulations in EU
    • Open Standard Platform + Sustainable Innovation Ecosystem. “Synergy Platform”
  • Mark Bartolomeo,   vp of integrated solutions, Verizon:
    • Bakken Shale area visit: “landscape of IoT” solutions — pipeline monitoring, water monitoring, etc.
    • concerned about rapid urbanization: 30% of city congestion caused by drivers looking for parking. $120B wasted in time and fuel yearly.
    • cars: “seamless nodes” of system.
    • market drivers & barriers:
      • increased operational efficiency, new revenue streams, better service, comply with regulators, build competitive edge
      • fragmented ecosystem, complex development, significant back end obstacles
    • they want integrated systems.
    • need to remove barriers: aging infrastructure, congestion, public safety, economics
    • remove complexity
    • economies of scale: common services
    • trend to car sharing, smart grid
    • yea: highlighting intellistreets — one of my 1st fav IoT devices!!
    • Verizon working primarily on parking & traffic congestion on the East Coast, and water management in CA.

Smart Cities:

  • Nigel Cameron: nation-state receding, cities and corporations on ascendency
  • Sokwoo Rhee, NIST: Cyber-Physical Systems — emphasis on systems dynamics, data fed back into system, makes it autonomous.  Did Smart America Challenge with White House. Fragmentation on device level. Demonstrate tangible effects through collaborations. Examples: health care systems, transactive energy management, smart emergency response, water distribution, air quality. 24 projects.  Round Two is application of the projects to actual cities. Now 26 teams.
  • Joseph Bradley, VP, IoT Practice, Cisco Consulting: value isn’t in the devices, but the connections. Intersection of people, data, process, and things. Increase City of Nice’s parking revenue 40-60% without raising taxes through smart parking. They project $19 trillion in value over 10 years from combo of public and private innovations. Smart street lighting: reduces crime, property values increase, free wi-fi from the connected street lights. Barcelona is Exhibit A for benefits. Need: comprehensive strategy (privacy is a contextual issue: depends on the benefits you receive), scalability, apps, data analytics, transparency, powerful network foundation, IoT catalyst for breaking down silos, IoT must address people and process.
  • Ron Sege, chair and ceo of Echelon Corp: got started with smart buildings, 25 yrs. old. Why now with IoT: ubiquitous communications, low cost, hyper-competition, cloud. They do outdoor & indoor lighting and building systems. Challenges: move to one infrastructure/multiple use cases, will IT learn about OT & visa-versa?, reliability: critical infrastructure can’t fail & must respond instantly.
  • Christopher Wolf, Future of Privacy Forum: flexible, use-based privacy standards. Industry-wide approach to privacy: auto industry last week told NISTA about uniform privacy standards for connected cars (neat: will have to blog that…).
  • Peter Marx, chief innovation officer, City of LA:  big program to reduce street lights with LEDs: changed whole look of city at night & saves lot of money. 6 rail lines being built there. Adding smart meters for water & power. EV chargers on street lights. Held hackathon for young people to come up with ideas to improve city. Procurement cycles are sooo arcane that he suggests entrepreneurs don’t do business with city — he just tries to enable them.

Outside the City:

  • Darrin Mylet, Adaptrum: Using “TV white space spectrum” in non-urban areas. Spectrum access critical:need mix of spectrum types. Where do we need spectrum? Most need in non-line-of-sight areas such as trees, etc. Examples: not only rural, but also some urban areas (San Jose); Singapore; Africa; redwood forests;
  • Arturo Kuigami, World Bank: examples in developing nations: (he’s from Peru); most of global migration is to smaller cities; look at cities as ecosystems; “maker movement” is important — different business models: they partnered with Intel and MIT on “FabLabs” in Barcelona this year. MoMo — water access point monitoring in Tanzania.  Miroculus: created by a global ad hoc team — cheap way to make cancer diagnosis: have identified 3-4 types of cancers it can diagnose. Spirometer to measure COPD, made by a 15-year old! “IoT can be a global level playing field.”
  • Chris Rezendes, INEX Advisors: Profitable sustainability: by instrumenting the physical world, we can create huge opportunities for a wide range of people outside our companies. Focusing on doing a better job of instrumenting and monitoring our groundwater supplies: very little being done in SW US right now (INEX investing in a startup that is starting this monitoring). If we have better data on groundwater, we can do a better job of managing it. “Embrace complexity upfront” to be successful.
  • Shudong Chen, Chinese Academy of Sciences: talking about the Chinese food security crisis because of milk production without a food production license.  Government launched “Wuxi Food Science & Technology Park.”

Smart Homes:

  • Tobin Richardson, Zigbee Alliance: critical role of open, global standards. Zigbee LCD lights now down to $15.
  • Cees Links, GreenPeak Technologies: Leader in Zigbee-based smart home devices. Smart home waay more complex than wi-fi.  1m chips a week, vs. 1 million for whole year of 2011. “Not scratching the surface.” Small data — many small packets.
  • Todd Green, CEO PubNub: data stream network.
  • no killer app for the smart home..  Controlling by your phone not really that great a method.
  • FTC agrees with me: a few adverse stories (TrendNet baby cam example) can be really bad for an industry in its infancy.
  • always hole in security. For example, you can tell if no one’s home because volume of wi-fi data drops.W
  • FTC: consumer ed critical part of their work. Working now on best practices for home data protection.
  • mitigation after a security breach? Always be open, communicate (but most hunker down!).

DAY TWO

Beyond Cost Savings: Forging a Path to Revenue Generation

  • Eric Openshaw: (had tech problems during his preso: very important one — check the Deloitte The Internet of Things white paper for details) cost savings through IoT not enough for sustainable advantage: need to produce new revenue to do that. Defined ecosystem shaping up, which creates clarity, breaks down silos.
    • areas: smart grid, health care, home automation, cars, industrial automation
    • study the GE jet model for health care: what if doctors were paid to keep us healthy.
    • need comprehensive understanding of the change issues
    • be very specific: singular asset class, etc. — so you get early victories
    • companies will have overarching, finite roadmap
    • security & privacy dichotomy: differentiate between personal health care data and data from your washing machine. Most of us will share all sorts of information if there’s something in return
    • get focused on customer and product life cycle — that’s where the money will be. Focus on operating metric level. This is most far-reaching tech change he’s seen.

Managing Spectrum Needs

  • Julius Knapp, Chief, FCC Office of Engineering & Technology: new opportunity to combine licensed and unlicensed space. Described a number of FCC actions to reconsider role of various types of spectrum. “Hard to predict I0T’s long-term spectrum needs” because industry is new: they’ll watch developments in the field.
  • Prof. H. Nwana, exec. director of Dynamic Spectrum Alliance: most spectrum usually not used in most places at most time.  His group working to use changes to spectrum to end digital divide: (used incredible map showing how much of world, including US, China, India, W. Europe, could be fitted into Africa).
  • Carla Rath, VP for Wireless Policy, Verizon: “in my world, the network is assumed.”  Need for more spectrum — because of growth in mobile demand. Praises US govt. for trying to make more spectrum available. Don’t want to pigeonhole IoT in certain part of spectrum: allow flexibility.  Tension between flexibility and desire for global standards when it comes to IoT.
  • Philip Marnick, group director of spectrum policy, Ofcom UK:  no single solution.  Market determines best use. Some applications become critical (public safety, etc.) — must make sure people using those are aware of chance of interference.
  • Hazem Moakkit, vp of spectrum development for 03b (UK satellite provider for underserved areas of developing world): “digital divide widened by IoT if all are not on board.” Fair allocation of spectrum vital.
  • interesting question: referred to executive of a major farm equipment manufacturer whose products are now sensor-laden (must be John Deere…) and is frustrated because the equipment won’t work in countries such as Germany due to different bands.

Architecting the IoT: Sensing, Networking & Analytics: 

  • Tom Davenport: IoT highly unpredictable. “Great things about standards is there’s so many to choose from” — LOL.  Will IoT revolution be more top down or bottom up?
  • Gary Butler, CEO, Camgian: announcing an edge system for IoT. Driven by sensor info. Need new networking architecture to combine sensing and analytics to optimize business processes, manage risk. Systems now built from legacy equipment, not scalable. They’re announcing new platform: Egburt. Applicable to smart cities, retailing, ifrastructure (I’ll blog more about this soon!!). “Intelligence out of chaos.” Anomaly detection. Real-time analysis at the device level. Focus on edge computing. Must strengthen the ROI.
  • Xiaolin Lu, Texas Instruments fellow & director of IoT Lab: Working in wearables, smart manufacturing, smart cities, smart manufacturing, health care, automotive. TI claims it has all IoT building blocks: nodes, gateway/bridge or router/cloud.  Power needs are really critical, with real emphasis on energy harvesting from your body heat, vibration, etc. Challenges: sensing and data analytics, robust connectivity, power, security, complexity, consolidation of infrastructure and data. Big advocates for standards. They work on smart grid.
  • Steve Halliday, president, RAIN RFID: very involved in standards. 4 BILLION RFID tags shipped last year. Don’t always want IP devices. Power not an issue w/ RFID because they get their power from the reader. Think RFID will be underpinning of IoT for long time. Lot of confusion in many areas about IoT, especially in manufacturing.
  • Sky Mathews, IBM CTO: IBM was one of earliest in the field, with Smarter Planet. Lot of early ones were RFID. A variety of patterns emerging for where and how data is processed. What APIs do you want to expose to the world? “That’s where the real leaps of magnitude will occur” — so design that in from beginning.

‘People’ Side of the IoT: meeting consumer expectations:

  • Mark Eichorn, asst. director, Consumer Protection Bureau, FTC: companies that have made traditional appliances & now web-enable them aren’t always ready to deal with data theft. Security and privacy: a lot don’t have privacy policies at all. At their workshop, talk about people being able to hack your insulin readings.
  • Daniel Castro, sr. analyst, Center for Data Innovation: thinks that privacy issue has been misconstrued: what people really care about is keeping data from government intrusion. Can car be designed so a cop could pull it over automatically (wow: that’s a thought!). Chance for more liability with misuse of #IoT data.
  • Linda Sherry, director of national priorities, Consumer Action: “convenience, expectations and trust.” “What is the IoT doing beside working?” Connecting everything may disenfranchise those who aren’t connected. Need to register those who collect data – hmm. Hadn’t heard that one before. Even human rights risks, stalking, etc. — these issues must be thought about. Can algorithms really be trusted on issues such as insurance coverage? How do you define particularly sensitive personal data? “Hobbling the unconnected” when most are connected? “Saving consumers from themselves.” “Document the harms.” Make sure groups with less $ can really participate in multi-stakeholder negotiations.
  • Stephen Pattison, vp of public affairs, ARM Holdings: disagrees with Linda about slowing things down: we want to speed up IoT as instrument of transformation. We need business model for it. Talks about how smart phone didn’t explode until providers started subsidizing purchase. He suspects that one model might be that a company would provide you whole range of smart appliances in return for your data. “Getting data right matters.” “Freak events” drive concerns about data security & privacy: they generate concern and, sometimes, “heavy-handed” regulation.
    Industry must work together on framework for data that creates confidence by public. Concerns about data are holding back investment in the field. They’re working with AMD on a framework: consumers own their own data — must start with that (if they do, people will cooperate); not all data equally sensitive — need chain of custody to keep data anomyzed; security must be right at the edge; simplify terms and conditions.
    Sometimes thinks that, in talking about IoT, it’s like talking about cars in 1900, but we managed to create a set of standards that allowed it to grow: “rules of the road,” etc.
comments: 2 »
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management