IoT Now: ISSN 2397-2793
Q3 2020 • VOLUME 10 • ISSUE 3
TALKING HEADS Eseye's Nick Earle explains how intelligent connectivity is collapsing and disrupting traditional business models
TRANSPORT
SMART HOMES
UTILITIES
CONNECTIVITY
IoT GLOBAL NETWORK
Telematics for a moving industry. See our Analyst Report at www.iot-now.com
New efficiency for living, working and playing. See our Analyst Report at www.iot-now.com
Smart electricity metering's current state of play. See our Analyst Report at www.iot-now.com
How intelligent connectivity is enabling hyperscale IoT. Read the IoT Now Report inside this issue
Log on at www.iotglobalnetwork.com to discover our new portal for products, services and insight
PLUS: 6-PAGE IoT SECURITY REGULATION REPORT • Why it's time to legislate to accelerate IoT deployments • Inside Blackbaud's ransom attack • 6-PAGE ANALYST REPORT: How eSIMs are providing greater freedom for IoT OEMs • A sense of sensing something greater from IoT sensors • 5-PAGE REPORT ON IoT DEVICE COMPONENTS: Why simplification demands solutions, not just components • MachNation report on device management for IoT • Does IoT really need an ecosystem of specialists to succeed? • 5-PAGE REPORT ON SECURING IoT DEVICES: Has the back door been slammed shut yet? • Latest news online at www.iot-now.com
CONTENTS TALKING HEADS
8
IoT SENSORS
INTELLIGENT CONNECTIVITY
46
12
INTERVIEW
51
IN THIS ISSUE 4 EDITOR’S COMMENT George Malim says simplification of connectivity, components and security are giving IoT a needed boost 5 COMPANY NEWS Inside Google Nest’s US$450m deal with ADT, Mobileum acquires SIGOS 6 SECURITY NEWS The details on Blackbaud ransom attack, SonicWall ransomware research 7 THE CONTRACT HOT LIST A round up of the latest IoT contracts 8 TALKING HEADS Eseye’s Nick Earle tells George Malim how intelligent connectivity is enabling IoT visionaries to collapse traditional business models 12
INTELLIGENT CONNECTIVITY REPORT Our 6-page report on how smarter connections are enabling hyperscale IoT
22
IoT SECURITY REGULATION REPORT Our 6-page report on why it’s time to regulate to accelerate security adoption in IoT
51 INTERVIEW Slawomir Wolf tells Jeremy Cowan that an ecosystem of specialists is required to enable the efficient delivery of IoT capabilities
30 INTERVIEW Robin Duke-Woolley talks to Truphone executives to break down the IoT connectivity complexities of eSIM
53
32 eSIM ANALYST REPORT Beecham Research on how eSIM is delivering greater freedom for IoT OEMs
58 DEVICE MANAGEMENT Nick Booth on why IoT device management remains easier said than done
38 CASE STUDY How Fox Sports and MachineMax have utilised eSIMs to underpin IoT-enabled operations 40 INTERVIEW Josh Mickolio explains why new approaches to component specification for IoT devices are being adopted
18 CASE STUDY How ubiquitous IoT connectivity is propelling telehealth and telecare
IoT DEVICE COMPONENTS REPORT Our 5-page report exploring why simplification demands solutions, not just components
20 INTERVIEW Thomas Rosteck explains why the market dynamics do not work for security in IoT – yet
46 IoT SENSORS Robbie Paul explores the proliferation of sensor adoption that is fuelling IoT innovation
DEVICE MANAGEMENT FOR IoT DEPLOYMENT REPORT Machnation’s Josh Taubenheim on how to optimise for success
62 IoT DEVICES AVSystem on why device management is essential for secure and scalable IoT deployments 65 INTERVIEW Tony Savvas talks to Giuseppe Surace about how to map out a wild west response to the threat of IoT security
42
67 SECURE IoT DEVICES REPORT Our 5-page report on how to secure your IoT devices 72 IoT SECURITY Eurotech advocates an end-to-end approach to IoT security 74 EVENT DIARY Our pick of the mostly-virtual IoTfocused events
Cover sponsor: Eseye empowers businesses to embrace IoT without limits. We help them to visualise the impossible and bring those solutions to life through innovative IoT cellular connectivity solutions that enables our customers to drive up business value, deploy differentiated experiences and disrupt their markets. Our pioneering technology allows businesses to overcome the complexity of IoT deployment and develop, deploy and manage IoT projects without the fear of getting it wrong. We guide them every step of the way. Supported by our unique AnyNet Secure SIM technology, Connectivity Management Platform and a powerful partner ecosystem, we help more than 2,000 customers globally to seamlessly connect devices across 190 countries, agnostic to over 700 available global networks. Find out more at www.eseye.com.
IoT Now - Q3 2020
3
COMMENT
Connectivity, components and security start to enable simplification of IoT – at last
EDITORIAL ADVISORS
This issue of IoT Now is all about simplification. Our reports detail how connectivity, device development and IoT security all need to be made easier for organisations engaging in IoT. Importantly, none of these are the core businesses of the companies that will create the massive IoT market we’ve all been waiting for It seems the penny has finally dropped. Businesses that are digitally transforming and looking to sell products as services are actually good at what they’ve always been good at. They don’t want to become connectivity experts and, while they might be market leaders at designing their own products, the components and design of IoT devices are a foreign landscape. In addition, their adoption of IT security has taken many years and doesn’t relate to the new business they are building in IoT. This disconnect between the vendors of IoT connectivity, IoT device development and IoT security and the customer organisations has been one of the hindrances that have held back IoT and caused it to miss the well-worn multi-billion dollar projections. Those have now proven to be, in fact, threadbare but this may turn out to be a positive for the IoT industry as the vendor community is waking up to the need to create a simplified ecosystem in which it’s not necessary to become an expert in everything in order to succeed in IoT. In intelligent connectivity, companies are providing eSIMs that enable companies to create devices with a single stock keeping unit (SKU) number for global deployment. Once deployed the device bootstraps onto the best available network. This makes connecting everything from vending machines to medical equipment easy and retailers and hospitals no longer have to become experts in wireless communications or have contracts with multiple providers worldwide.
modems, can be used and the device itself can piggyback on that certification. Finally, in IoT security, it’s now understood that force-fitting IT approaches won’t necessarily work in IoT. Instead specialists are emerging to enable secure IoT from the hardware up. Regulation is coming into place that will simplify understanding of security for companies and users alike and this is addressing one of the largest concerns that hampers larger volumes of IoT deployments. It’s a sign of maturity that initiatives across all these areas are taking place to simplify the process of rolling-out and adopting IoT. The realisation that it’s counter-productive for everyone to re-invent the wheel in isolation from each other is a significant step in the development of any sector and IoT looks to have moved from talking about this strategic shift to actually enabling it. An ecosystem of vendors selling simplified solutions in these essential areas will make it far easier for organisations to deploy IoT and they’ll be able to do so more quickly.
We are always proud to bring you the best writers and commentators in M2M and IoT. In this issue they include:
George Malim
Antony Savvas journalist
Andrew Parker, programme marketing director, IoT, GSMA
Gert Pauwels, head of commercial and marketing IoT and M2M, Orange Belgium
Enjoy the magazine!
Similarly, the IoT device components landscape is simplifying. Companies can now buy pre-integrated functional blocks of components. These are essentially sub-assemblies that can be brought together into an IoT device, accelerating development time but also resulting in faster timeto-market because certified components, such as
Contributors in this issue of IoT Now
Robin Duke-Woolley, CEO, Beecham Research
Robert Brunbäck, director, Connectivity, Lynk & Co
Robin Duke-Woolley chief executive Beecham Research
Josh Taubenheim IoT analyst MachNation Aileen Smith, chief strategy officer, UltraSoC
MANAGING EDITOR George Malim Tel: +44 (0) 1225 319566 g.malim@wkm-global.com
SALES CONSULTANT Cherisse Jameson Tel: +44 (0) 1732 807410 c.jameson@wkm-global.com
EDITORIAL DIRECTOR & PUBLISHER Jeremy Cowan Tel: +44 (0) 1420 588638 j.cowan@wkm-global.com
DESIGN Jason Appleby Ark Design Consultancy Ltd Tel: +44 (0) 1787 881623
DIGITAL SERVICES DIRECTOR Nathalie Millar Tel: +44 (0) 1732 808690 n.millar@wkm-global.com
PUBLISHED BY WeKnow Media Ltd. Suite 138, 80 Churchill Square, Kings Hill, West Malling, Kent ME19 4YU, UK Tel: +44 (0) 1732 807410
DISTRIBUTION UK Postings Ltd Tel: +44 (0) 8456 444137
© WeKnow Media Ltd 2020
All rights reserved. No part of this publication may be copied, stored, published or in any way reproduced without the prior written consent of the Publisher.
David Taylor, Board advisor on Digital and IoT innovation
IoT Now magazine covers worldwide developments in the Internet of Things (IoT), machine-to-machine (M2M) communications, connected consumer devices, smart buildings and services. To receive ALL 4 ISSUES per year of the printed magazine you need to subscribe. The price includes delivery to your chosen address worldwide. BUY A 1-YEAR, 2-YEAR, or 3-YEAR SUBSCRIPTION: 1 Year Normal price UK£60.00 NOW UK£51.00 for 4 issues OR 2 Years NOW £102 (8 issues, save £18.00) SUBSCRIBE ONLINE: www.iot-now.com
4
IoT Now - Q3 2020
Google’s Nest cameras
Google spends US$450m on ADT to integrate Nest-based home security Google’s Nest hardware is to be combined with ADT’s security, professional installation and monitoring service. The goal is to create a fully integrated set of devices, software and services for the secure smart home. Google is to invest US$450 million (€380 million) to acquire 6.6% ownership of ADT, cementing a long-term commitment to partnership and removing a major threat to ADT. Each company will commit $150 million (€126 million) for co-marketing, product development, technology and employee training. The partnership is intended to provide customers with integrated smart home technology to be offered in both do-ityourself (DIY) and professionallyinstalled security offerings.
The partnership will integrate Google’s hardware and services and ADT’s DIY and professionally installed smart home security solutions to innovate the residential and small business security industry. The future ADT + Google helpful home security solution is expected to advance smart home offerings and attract new consumers seeking premium technology, end-to-end smart home service and trusted security.
Boca Raton, Florida-based ADT, a provider of security and smart home solutions, and Google announced they are entering into a long-term partnership to create “the next generation of smart home security offerings”.
“We are thrilled to partner with Google to provide the smart home market with a strong, differentiated product and service offering that integrates the best technology, hardware and smart home security expertise from our two brands,” said Jim DeVries, the president and CEO of ADT. “Google’s partnership and financial investment in ADT underscores the depth of our joint commitment to the smart home and security markets.”
The partnership will combine Nest’s hardware and services, powered by Google’s machine learning technology, with ADT’s installation, service and professional monitoring network. The intention is to create a more helpful smart home and integrated experience for customers, initially across the United States.
Rishi Chandra, the general manager and vice president of Nest, added: “We’re excited to partner with ADT to further our mission of building helpful devices for the home. ADT is a leader in smart home security, and I look forward to working with the team to create innovative smart home security solutions that help everyone feel safe and protected.”
COVID-19 has sped up digital transformation by six years, says study A global survey, by cloud communications platform Twilio, measuring the impact and outlook of the COVID-19 pandemic on businesses’ digital engagement strategies says the pandemic has significantly accelerated transformations. The study found that COVID-19 has accelerated companies’ digital communications strategy by a global average of six years. COVID-19 has propelled some industries further than others. Those accelerating their digital transformation most significantly in response to COVID-19 were tech companies (78%), followed by energy (77%), healthcare (74%), construction (71%) and retail (70%). Notably, however, the greatest acceleration in digital communications has been seen by construction businesses (8.1 years) and energy (7.2 years), while retail and e-commerce organisations report an average acceleration of 6.1 years.
IoT Now - Q3 2020
Twilio surveyed more than 2,500 enterprise decision makers globally, to gauge the effect on their Michele Grover, Twilio company’s digital transformation and communication roadmap. The COVID-19 Digital Engagement Report is a snapshot of how businesses have addressed the complex challenges posed by this crisis and how they will continue to evolve. Twilio has also appointed its first chief information officer, Michele Grover. She will reportedly be responsible for the company’s technology systems and processes. Grover’s previous appointment was as senior vice rpesident of software development at SAP Concur.
COMPANY NEWS Lacroix Group buys IoT and AI firm eSoftThings With the acquisition of eSoftThings, a specialist in the Internet of Things (IoT) and artificial intelligence (AI), based in Cesson-Sevigne, France, Lacroix Group has consolidated its R&D division. This was already present in the Brittany region of France and now strengthens its positioning in the industrial IoT and artificial intelligence sectors, particularly in the field of connected vehicles. eSoftThings is described by Lacroix as a young, innovative company with 50 employees, which has achieved 50% annual growth for the last three years and boasts an impressive client portfolio. Lacroix Group believes the company is now an international benchmark in the design and industrialisation and in the field of AI. Vincent Bedouin, the CEO of Lacroix Group said, “This new acquisition, the sixth in four years, concludes the programme of external growth under our Ambition 2020 plan, and sets us on the strategic path towards our forthcoming 2025 plan. The projects already underway and the connection between the teams herald a bright future.”
SIGOS acquired by Mobileum Mobileum, a global provider of analytics-based roaming, network security, and risk management solutions, is to acquire SIGOS. This is the third acquisition that Mobileum has completed, following the purchase of WeDo Technologies in August 2019, and Evolved Intelligence in October 2018. With global operations and offices, SIGOS has been offering its customers active end-to-end domestic and roaming testing solutions to improve network security and service quality for mobile networks since 1989. The SIGOS portfolio includes the largest roaming and interconnection test system in the cloud, covering almost every country in the world. “SIGOS is a company with over 500 network operators in 156 countries. The company has developed an impressive suite of technology and products that deliver great value to global telecom operators” said Bobby Srinivasan, CEO of Mobileum. “We are excited to partner with SIGOS and support them in the next phase of growth.”
5
SECURITY NEWS
Cloud software provider Blackbaud pays ransom, hackers’ increasingly favoured global attack vector
IoT continues to serve threats, ransomware is up globally Work-from-home (WFH) employees or remote workforces can introduce new risks, including Internet of Things (IoT) devices like refrigerators, baby cameras, doorbells or gaming consoles. Researchers at SonicWall found a 50% increase in IoT malware attacks, mirroring the number of additional devices connected online. (www.sonicwall.com/ThreatReport) Meanwhile, California-based SonicWall Capture Labs threat research team has published its mid-year update to the 2020 SonicWall Cyber Threat Report. This highlights increases in ransomware, opportunistic use of COVID-19, systemic weaknesses and growing reliance on Microsoft Office files by cybercriminals. During the first half of 2020, global malware attacks fell from 4.8 billion to 3.2 billion (-24%) over 2019’s mid-year total. This drop is the continuation of a downward trend that began last November. Despite this decline, SonicWall’s CEO Bill Conner said: “Ransomware continues to be the most concerning threat to corporations and the preferred tool for cyber criminals, increasing a staggering 20% (121.4 million) globally in the first half of 2020.”
As our sister title, The Evolving Enterprise reported recently (https://bit.ly/2P6q24E) ransomware is behind one in three cyber security attacks on organisations, news was breaking of another major ransom attack. This time, reports Jeremy Cowan, it was Blackbaud, a thirdparty supplier of database services and customer relationship management (CRM) systems for enterprises, that paid hackers a ransom to unlock its own client data.
removed had been destroyed. Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly. … We apologise that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cybercrime incident.”
Blackbaud describes itself as “world's leading cloud software company powering social good.” The clients in question reportedly include, homeless charity Crisis, the UK Universities of Aberystwyth and Aberdeen, each of which has issued apologetic notices to its customers and partners. Other customers listed by the company include the American Diabetes Association, the Universities of London and Oxford, and YWCA Chicago.
It is not clear what reassurance was given that the data would not be misused or shared in future, or how Blackbaud could trust the hacker’s assertion it was destroyed.
In a statement (https://www.black baud.com/securityincident), Blackbaud said: “In May of 2020, we discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attack, our Cyber Security team — together with independent forensics experts and law enforcement — successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system. Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment. The cybercriminal did not access credit card information, bank account information, or social security numbers.” It went on, “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they
Discovered in May, notified in July In a message to its alumni, Rob Donelson, executive director of Advancement at Aberdeen University wrote: “On 16 July 2020, Blackbaud advised us that it had discovered a ransomware attack in May 2020. According to Blackbaud, the cybercriminal removed data from its backup server at some point between 7 February and 20 May 2020, and we have been informed that data related to our alumni was part of that. We understand that a significant number of organisations around the world have been affected.” One point of immediate concern to clients was Blackbaud’s delay in notifying them of the data breach. Aberdeen University said: “Blackbaud has advised that they did not notify us sooner because they needed to: defend against the attack; conduct the subsequent investigation; take measures to address the issue that led to the incident; and prepare resources for its customers.” If this can happen to an organisation whose raison d’etre is the storage and protection of mission-critical data readers may want to consider the preventative 5 steps outlined in a NordLocker article (https://bit.ly/2P6q24E).
2020 Ransomware Volume / Top 10 Countries COUNTRY 79,985,276
USA UK Malaysia Canada Netherlands Brazil Italy
4,295,721 2,535,693 2,491,377 1,840,836 1,190,836 811,682
France
651,694
Belgium
567,503
Switzerland
545,136 10M
6
20M
30M
40M
50M
60M
70M
80M
IoT Now - Q3 2020
THE CONTRACT HOT LIST
March – August 2020 It’s free to be included in The Contract Hot List, which shows the companies announcing major contract wins and deployments. Email your contract details to us now, marked “Hot List at <j.cowan@wkm-global.com> Vendor/Partners
Client, Country
Product / Service (Duration & Value)
Awarded
Aeris
AEON Credit Service, India
Multi-year strategic IoT technology partnership agreed for car finance business
3.20
AT&T
XENEX, USA
XENEX LightStrike Robots equipped with AT&T IoT Connectivity to fight infections in hospitals
4.20
QuadReal Property Group, Canada
BehrTech MYTHINGS wireless connectivity infrastructure chosen to enable multiple IoT solutions in buildings
6.20
Eseye, global
Deal to supply virtual connectivity infrastructure in new regions, with complementary management and reporting capabilities
5.20
Deal to ensure farmers anywhere in Australia can use Farmbots solutions to remotely monitor water tanks, dams and reservoirs
8.20
BehrTech
floLIVE
Inmarsat/ Pivotel
Farmbots, Australia
Kerlink
CityTaps, Kenya
French start-up, CityTaps, deploys LoRaWAN in Kenya to bring running water to houses
4.20
Kerlink
Saturas, Israel
Provision of LoRa-based hardware and software for launch of automated stem water measuring system
4.20
Quectel
TVU One, China
Selection of Quectel 5G module for TVU One mobile video transmitter device
5.20
Semtech
Everynet, Italy
Utilisation of Semtech geolocation and asset tracking capabilities to monitor runner safety at 2020 Tor des Géants ultramarathon in Italy
6.20
Samea Innovation, France
Selection of Sequans GM01Q module to provide LTE connectivity to new Sensoriis smart building wireless sensor
4.20
Liveable Cities, Canada
Sierra LPWA system selected to enable smart city applications for division of LED Road Lighting company
3.20
Deployment of Sigfox-connected ByteLab retrofit smart devices by national energy company to digitise gas meters
8.20
Civil Rights Defenders, global
Deal to provide secure, reliable connectivity to Civil Rights Defenders for human rights defenders’ security alarms globally
5.20
Tele2IoT
9Solutions, Finland
Tele2IoT selected by provider of nurse call systems to front line workers
4.20
Telit
Kumpan, Germany
Electric scooter designer and manufacturer selects Telit to provide telematics for ridesharing eScooters
4.20
Selection of Google Cloud to deliver highly secure and scalable activation of embedded SIM (eSIM) capable devices
5.20
UltraSoC embedded analytics chosen for use with Simple Machines’ composable computing platform
5.20
Launch of IoT-enabled heat detection camera that combines thermal imaging with Vodafone IoT connectivity to screen temperature of people as they enter buildings
5.20
Insung Information, South Korea
Business cloud communications provider selected to bring telehealth services to patients, medical professionals and healthcare facilities in South Korea
6.20
NNNCo, Australia
Deal agreed for Belgian applications and solutions provider to bring new IoT solutions, including COVID-19 prevention applications, to Australia
4.20
Sequans
Sierra Wireless
Sigfox
Tele2
Thales
UltraSoC
Vodafone
Vonage
WMW
IoT Now - Q3 2020
HEP-Plin, Croatia
Google Cloud, global
Simple Machines, USA
Digital Barriers, UK
7
INTERVIEW
Intelligent connectivity enables IoT visionaries to disrupt and collapse traditional business models Intelligent connectivity is set to enable devices to connect to the internet everywhere with minimised complexity. Nick Earle, the chief executive of Eseye, tells George Malim that this is the piece of the disruptive jigsaw that IoT has been missing. Flexible access to different mobile network providers according to location, application and device needs will take the complexity of connectivity away from the business side of IoT, turning it into a simple fact. This will supercharge a new wave of IoT visionaries, and the good news is the intelligent era is already underway Most people think
George Malim: What does the term intelligent connectivity mean to you?
ubiquitous coverage is a given because their mindset is in the consumer mobile phone model, and the industry coverage statistics talk about coverage by percent of population
Nick Earle: For us at Eseye, intelligent connectivity means the ability to provide embedded universal integrated circuit card (eUICC) enabled orchestration via a single application platform interconnected to multiple mobile network operators (MNOs), offering the widest choice between localisation or roaming on a country by country basis. Only by doing this can you provide ubiquitous connectivity as a service to every IoT device with no MNO lock-in. This near 100% global connectivity capability for every device is enabled via an eUICC compliant eSIM that can rotate between embedded international mobile subscriber identity (IMSI) numbers and multiple bootstraps, as well as have new IMSIs pushed into it over-the-air (OTA). The rules sit at the platform level and determine which mobile network operator gets used at what time, under what circumstances. The key here is that the rules are defined by the enterprise, not by each mobile operator individually.
GM: What is enabling the existing model that is dominated by tier one mobile operators to start to break down? NE: Let’s start by examining the deficiencies in the traditional model. Most people think ubiquitous coverage is a given because their mindset is in the consumer mobile phone model, and the industry coverage statistics talk about coverage by percent of population. But IoT devices are often outside the major population centres and so you need to look at coverage by territory. When you do this businesses are often surprised to see the data that shows the average 4G coverage is 60% per operator. Yes, you can roam but often you’ll struggle to get above 80%. IoT needs 100% coverage not 80% to be truly successful. So, you still have to use a combination of regional operators to achieve 100% coverage and that means the enterprise still has the task of stitching fragmented solutions together. They want to focus on their business not on integrating the various carriers. More critically, the commercial model for roaming is broken. If you’re a tier two or tier three operator it's really difficult as there's an unfair share going to the tier one providers who sell the original deal. That’s why it’s often impossible for MNOs to make money from IoT. So, the net effect is that nobody really wants to accept inbound roaming and it’s the
▲
Once you enable out-of-the-box global connectivity through a single platform you achieve device connectivity rates far higher than possible through a single MNO solution, and you open up a huge opportunity for enterprises. Essentially, by having multiple MNOs connecting to the platform, each of which allows localisation of each of their networks via a single eSIM, you enable enterprises to deploy large numbers of devices globally, with a single product stock-keeping unit (SKU). This massively increases manufacturing, supply chain
and deployment process efficiency and saves them a huge amount of money. It is also good for the MNOs as well because they make more money from devices connecting locally.
SPONSORED INTERVIEW
8
IoT Now - Q3 2020
customer and the business case for their IoT projects that suffer. This is a major problem because connectivity is critical to disrupt the business process and enable businesses to get value from IoT. So, what’s needed to solve this problem? From a business point of view, it’s the model of an eUICC-compliant SIM that has multiple bootstraps, that can deliver complete freedom of choice and power to the enterprise to be able to implement the digitisation of business processes, that their CEO is going to be demanding as we go into 2021 and beyond. That's a lot to do with interoperability and it's a lot to do with whose intelligence it is. What's happening is the intelligence that rules network choice is passing from the mobile network operators, who offer a choice of their network plus their roaming portfolio, to the end user who can now access many more networks and many more roaming agreements. In a word – interoperability.
Nick Earle chief executive Eseye
▲
This open MNO interoperability choice is enabled through a federation of MNOs connecting to our Connectivity Management Platform. The best analogy is the Star Alliance in the airline industry which was good for the consumer and the airlines. Rather than be limited to one airline and it’s choice of smaller airline connection partners for the next leg of your trip, the Star Alliance enabled the traveller to have a much bigger choice of global and regional airlines to plan and book a trip with a single ticket. To help achieve this in the IoT world, Eseye has created the global AnyNet Federation which currently includes 12 localisation options through our platform, with a path to more than 20 in the next 12 months. We believe that the AnyNet Federation is the largest MNO federation in the industry today and it’s getting larger as more MNOs see the commercial advantages, and as more enterprises adopt our solution.
IoT Now - Q3 2020
9
INTERVIEW
In the post Covid world, enterprises will be under increased pressure to dramatically reduce costs and become more competitive
GM: What role does intelligent connectivity play in enabling business process digitisation?
insurance based policy to guarantee the business outcome. Higher connectivity means less risk all round.
NE: In the post-Covid world, enterprises will be under increased pressure to dramatically reduce costs and become more competitive. One of the big trends we are seeing is the disintermediation of traditional value chains to focus on the true end consumer, and to turn products into pay as you use services. For example, Costa Express with its vending machines has reinvented the coffee vending experience by targeting the consumer, who doesn’t have to walk into a coffee shop to get a quality cup of coffee. Their machines deliver a personalised coffee experience that they call ‘a barista without a beard’ and are installed in other companies’ premises – like convenience stores. The store owners make money from having the machines in their location and the machines themselves are highly profitable for Costa Express.
GM: How far away are we from a situation in which intelligent connectivity abstracts all the complexities of connectivity away from organisations when they deploy and utilise IoT devices and apps?
We've also got a great customer in South Africa that's a spice company called Freddy Hirsch. It is collapsing the value chain so, instead of selling spices to people who make sausage machines and who then sell the machines to the butchers, the company is selling IoT-enabled sausage machines as a service that are optimised to use their spices. The company is selling direct to the end user, the butcher, and cutting out the middleman as well as disrupting their spice competitors.
10
The mobile network operators, particularly the people who are outside the tier one category, are all recognising that they need to work together to be able to meet their customers’ requirements – both regionally and globally. One indicator is the demand we are seeing from mobile network operators to join the Eseye AnyNet Federation and another is that the increase in the number of RFIs and the RFPs that we've seen in the last six months. What we're now seeing is bigger RFIs and RFPs and an increased recognition that enterprises want to control the subscription management secure routing (SM-SR), which is another way of saying they want to control the intelligence around connectivity. That didn't happen very much at all during 2019. It's always hard to tell when markets are changing, because the signs are small, and they tend to get overlooked in the noise. There is a lot of noise right now, primarily from a technology point of view. It's all about narrowband IoT (NB-IoT), Sigfox, LoRa and
▲
But it’s not just end-user innovation. When you can deliver near 100% connectivity for every device all of the time you add value to other companies as well. For example, one of our partners, RelayR, enables industrial companies to shift from capex to opex based offerings to their customers by providing a unique combination of IoT technology and an
NE: Technically, we're not very far because most of the technology exists today. But I think if you'd have asked me that a year ago, I would have said it's two to three years away because the market was not moving. If you ask me now, I think Covid has accelerated the change and 2021 is the year in which it happens. The market is clearly changing rapidly right now.
IoT Now - Q3 2020
The mobile network operators, particularly the people who are outside the tier one category, are all recognising that they need to work together to be able to meet their customers’ requirements
what’s going to be the universal standard, as well as the potential of 5G. Take NB-IoT for example, there's a lack of roaming agreements which makes it difficult for customers, particularly the larger enterprises, to universally adopt it and some major MNOs like NTT Docomo have dropped it completely. 5G is all over the news and the business process disruption potential is huge, but it is still some way off. As we’ve discussed, the business model disruption is now possible by connecting everything together, but a lot of people in the industry still wallow in the technology. That’s because it's cool and we like to talk about it, but actually, from the enterprise's perspective, if you're a coffee company you want all of this to be invisible; you just want to sell more coffees. If you're a spice manufacturer, like Freddy Hirsch, you just want to sell more spices. What we're seeing now is the emergence of platforms and capabilities that make the technology invisible to the end user and, as a result, we're seeing accelerated business model disruption. GM: How difficult is it for organisations to identify real opportunities among the false dawns that we’ve seen throughout the IoT era? NE: It’s not easy. You have to obsess about the customer experience and not the product and that’s hard for product focussed companies to do. Engineers want to load products up with features, because they can, and users just want a simple, great experience. Many of the companies that have emerged and flourished over the last couple of years have taken the outside in approach. Going forward we're going to see an explosion in disruptive business models as people look to look to innovate and change their business processes more than they’ve probably done in the last 15 years. Supply and value chains across every industry and every process are being totally rewritten. Now, in order to do that and harness the enormous potential of IoT, there is huge urgency for everyone to work out what is their role in the new world and how they are going to deliver it. And the thing that makes it all work is data and that is why IoT is so important. Without data, you can't do it. The reason that you need ubiquitous connectivity is to get as much data as possible from the customer’s use of your product or service, so you can enable a differentiated consumer experience and create a business outcome, which is based on a new, slimline, disruptive business process. There are several historical parallels to this where exactly the same thing happened. One is the emergence of the internet in the mid-1990s. When the internet first came along, we talked about the Internet Protocol (IP) standard. We talked about HTML and then the browser wars but pretty quickly, after about four or five years of it all being about technology, we suddenly started to hear talk about business. Suddenly companies like Amazon
IoT Now - Q3 2020
just said: ‘I'm going to disrupt’ and they collapsed the value chain. Amazon disrupted the bookstores, Netflix started to disrupt Blockbuster. Suddenly it became a snowball effect because if you're in that industry and someone starts disrupting it, you’ve either got to go and disrupt or be disrupted. And that is what is happening now. With IoT, I think we're moving from technology discussion, through the hype curve, to business process disruption, and that causes a stampede. Visionaries change things. I remember in the late 1990s when I was running the internet programme for HP out of Silicon Valley, I had to take Amazon’s Jeff Bezos to the HP analyst conference we were hosting in New York. I found myself with a fiveand-a-half-hour journey, one-on-one with Jeff Bezos and, although it was an overnight trip, we probably had about half-an-hour before we could get to sleep so I thought, what do I ask Jeff Bezos? After a few pretty lame questions I came up with: “What's next for Amazon, Jeff?” He almost jumped out of his seat and started waving his hands and said, “I'm going to be the biggest retailer in the world.” I said, “Oh, you mean in books and CDs?” He replied: “No, no, in everything.” I said: “You mean, okay, everything digital,” and he said: “No, everything. Everything you buy in a shop, including food.” Don’t forget, this was in 1999, eight years before the iPhone. Then he said: “The only way they can stop me is to put lead cladding around every retail store in the world,” because that would be the only way to stop people price comparing with Amazon in retail stores. Now, he doesn't even need that because the stores won't exist, but the point is that he understood that new business models were possible, enabled by the technology. There will be the Jeff Bezos-style visionaries in IoT. The moment you make connectivity ubiquitous, all pervasive and invisible, you unleash the potential of previously unimaginable business models, which will mean that new, innovative companies get formed. We just can't imagine them right now but in a few years’ time, we'll know exactly who they are and what they do. GM: How do you see intelligent connectivity transforming everyone's approach to IoT connectivity? Every example, including the unknown innovations from the visionaries, require ubiquitous global, outof-the-box connectivity. This needs to be available without anybody needing to think about connectivity – it is just taken for granted. We need to make the connectivity problem disappear and the moment it disappears, business innovation explodes. That's what is happening right now. This is absolutely the core of our mission at Eseye, it is what we do. Our mission is to make connectivity ubiquitous across any network, either localised or roaming, and into every device – globally. We want businesses to be able to innovate and disrupt – without limits.
www.eseye.com
11
INTELLIGENT CONNECTIVITY Smarter connections are enabling the hyperscale IoT reality
INSIGHT REPORT
INTELLIGENT CONNECTIVITY – Why smarter connections are making IoT a hyperscale reality Bill Clinton’s 1992 US presidential election campaign focused on the statement: “It’s the economy, stupid!” as the topic that most worried voters and would get him into The White House if he handled it correctly. In IoT today, it’s more a case of: “It’s the connectivity, stupid!” which, if it’s managed efficiently, will enable massive IoT to become a reality. Connectivity so far has been resolutely dumb, but a new intelligence is waiting in the wings, writes George Malim, the managing editor of IoT Now It seems ridiculous that companies have had to buy plastic SIM cards from a chosen mobile network operator and then deal with the consequences of patchy coverage, roaming relationships with sub-par partners and inflexibility when it comes to contract durations and device locations. The tail, in the form of connectivity, has been wagging the dog, in the form of organisations’ IoT business cases, causing pioneers to flounder in the intricacies of force-fitting the long-established consumer mobile connectivity to the new world of IoT. Mobile network operators have continued to talk their telecoms language, persist with their own traditional business model and do very little to accommodate the specific needs of IoT connectivity.
IoT Now - Q3 2020
What is intelligent connectivity? The term intelligent connectivity has been overused across telecoms and IoT by event organisers, network operators, analysts and industry insiders as they grapple to differentiate a new wave of digitally-dominated economic activity from the days of dumb connectivity. A typical definition involves a blend of 5G, IoT, artificial intelligence, edge computing and cloud-based data processing but this is a red herring, that actually describes a connectivityenabled, data-driven, digitally transformed world, not the intelligence of the connectivity itself. A precise definition of intelligent connectivity is connectivity that is intelligent in itself. This means it is able to be automatically configured and can connect to the best available network at the most efficient cost and provide the optimum level of quality the application or device demands. This should be a global capability and the customer – both in terms of the IoT service provider and the end user –
▲
In reality, nobody engaging in IoT wants to become a connectivity expert and manage relationships with multiple network operators, across several different technologies and with different product variants required for each provider. Therefore, there’s a strong opportunity for connectivity providers – not necessarily, but still possibly, the network operators – to become guides who abstract the complexities away from IoT organisations. Helping companies to access the most appropriate form of connectivity for a given app in a given
location at a given quality can be done simply and quickly. It doesn’t have to be a tedious, uphill grind of specification setting, contract wrangling and continuous monitoring.
13
INSIGHT REPORT
Figure 1: Global eSIM-based* device shipments: 2018 vs. 2025 % growth
Source: Counterpoint Research – Global eSIM Tracker and Forecast – 2018-2025 *includes all eSIM form-factors – hardware, soft/virtual and integrated
should be completely unaware of the connectivity other than that it exists and is performing as expected.
14
Adoption of eSIMs in smartphones is expected to drive the major volume growth while other connected devices such as mobile hotspots, routers, connected PCs, drones and smartwatches will grow at a higher CAGR because of their relatively smaller base of adoption today. However, in terms of shipment volumes, smartphones and B2B IoT devices will lead. Counterpoint expects we will see a shift in adoption to the GSMA compliant hardwarebased eUICC for next five to six years alongside integrated SIM or iUICC within systems-on-a-chip (SoC) across different device categories, replacing the less secure proprietary soft eSIM solutions. While hardware-based eUICC will be popular across smartphones, automotive, iSIM or iUICC will be popular across IoT applications.
▲
The absence of this capability has held back adoption of IoT to the extent that market predictions of there being 50 billion IoT connections by 2020 have reached only about 20% of that figure. It’s a huge forecasting miss, and the complexities of dumb connectivity must shoulder a significant amount of the blame. With embedded SIM (eSIM) and embedded universal integrated circuit cards (eUICC) there is now the real possibility that devices can be shipped globally without the need for region, country or mobile network operator specific SIMs, enabling massive reduction in stock keeping unit (SKU) numbers and far less repeat engineering for product variants.
Juniper Research has reported that adoption of eSIMs will grow 350% over the next five years to exceed one billion eSIMs globally by 2024. The firm also projects that the total number of IoT connections will reach 83 billion by 2024, rising from 35 billion connections in 2020. This represents growth of 130% over the next four years and is evidence of the IoT sector getting back on track to hit the projections of a decade ago. eSIM adoption is underway and is expected to be adopted within smartphones, enterprise IoT and wearables, with integrated SIM (iSIM) technology following by 2025. Counterpoint Research estimates shipments of eSIM-based devices will reach almost two billion units by 2025, up from 364 million in 2018, according to the latest research from the company’s Emerging Technology Opportunities Service. The findings also show that a majority of eSIM-based devices will have a hardware chip-based eSIM solution until 2025 and, after that, there will be a rise in the adoption of iSIM-based solutions.
IoT Now - Q3 2020
INSIGHT REPORT
Figure 2. Global eSIM* based device shipments CAGR 2018 – 2025 %
However, connectivity providers should not get carried away by the introduction of eSIM, eUICC and iSIM. These technologies are not, in themselves, the cure for the complexities of IoT connectivity provision. Instead they provide a useful step forward and disrupt the traditional mobile network operator’s stranglehold on connectivity. Don’t forget that in the old model, the odds were stacked in favour of a very small number of extremely large network operators who could claim to have global coverage and were able to build their own walled gardens of connectivity and set the rules for entering that.
Orchestration for localisation To get to truly intelligent connectivity, it’s necessary to go a step beyond and enable the orchestration that allows for the localisation of connectivity to provide enormous flexibility and choice. Orchestration of coverage and capacity from multiple different network operators invisibly is a true demonstration of intelligent connectivity. A good analogy is the airline industry. The traditional leaders, American Airlines, United, Emirates and British Airways decided on the routes and what planes would be used. Customers flew long-haul between large hubs determined by these airlines and then switched to smaller airlines to get to where they actually wanted to go. Things started to change when airlines started to co-operate through alliances such as the Star Alliance. This levelled the playing field by allowing tier two airlines to offer routes customers wanted via code-sharing.
IoT Now - Q3 2020
enter into a connectivity agreement with, typically, either AT&T or Verizon. Although each would claim excellent nationwide coverage, in reality coverage could be poor in remote rural areas but the healthcare company would have no flexibility to localise effectively. They’d need to, as a minimum, send a physical SIM out to the device user from an alternative operator or even send an engineer to install and configure new connectivity. This inflexible model also provides no choice or adaptability when new technologies are introduced and constrains future innovation because the connectivity cannot be easily upgraded in support of a new offering. In the international arena, the situation is even more complex. The large carriers claimed global coverage by bringing together their global networks plus a preferred roaming partner in countries that they did not operate in. This results in similar constraints for customers and gets them neither the best coverage nor the best deal, especially if their lead operator’s partner is not the best network provider in the country.
▲
The same can be true with intelligent connectivity in IoT. The traditional model would, for example, see a provider of a connected healthcare device to the US market
Source: Counterpoint Research – Global eSIM Tracker and Forecast – 2014-2025 *includes all eSIM form-factors – hardware, soft/virtual and integrated
15
INSIGHT REPORT
Reduced risk
The payback
The arrival of eUICC creates an open standard by which connectivity can interoperate and be orchestrated for localisation. This is important for IoT organisations on several levels. At its most basic, it enables moving devices to shift location and even country without having to renegotiate for connectivity. That renegotiation could involve installation of a new physical SIM.
Intelligent connectivity should act as a central nervous system for IoT that is able to implement end-to-end intelligence vertically through the application stack and horizontally across the globe. This is what IoT is demanding as it matures because business models are now more clearly understood.
Orchestration for localisation means a coffee vending machine can be sited in a garage in Seoul and, if the location isn’t successful, it can be moved with no fuss to another location where the best mobile network may be from another provider. The vending company doesn’t have to worry about the connectivity, only its business case of making sure its machines go where there is high footfall of customers. This capability also de-risks connectivity selection. If you know you can reconfigure device connectivity over-the-air using an eUICC bootstrap – the means by which eUICC initiates connection to networks - to switch operator, you know you are in control of your device. This is particularly important for devices with long lifespans that might be in the field for many years. For these, having to make network selections today for a device that might still be active in 2030 is a significant worry. No one knows what the connectivity landscape may look like then and being tied to a connectivity contract from 2020 provides no flexibility to respond to changing market needs.
16
In these scenarios, organisations are far more concerned about the uptime of the service or device than the cost of the connectivity, so connectivity providers need to shift their model to take account of this. Global IoT cellular connectivity and hardware company, Eseye, has modelled the business impact of connectivity interruptions on an electric vehicle charging provider. If that imperfect connectivity allows only 90% uptime, in one year the charging provider could lose US$10 million. That’s based on a charging estate of 5,000 sites and one lost customer per day at each, resulting a US$2,000 loss for each charger each year. This illustrates how the relatively low cost of connectivity pales into insignificance when stacked against the potential business impacts of poor connectivity. In addition, this does not take into account the savings and efficiencies that simple-to-manage connectivity achieves for an organisation’s back end processes. In fact, the upfront cost of connectivity is now dwarfed by the value it enables and the savings it can achieve.
▲
A further concern that intelligent connectivity addresses are the dynamics of the global economy. Different countries impose different regulations and these could render certain approaches to connectivity obsolete. By having one connectivity platform for IoT, organisations can manage these changes by switching operator to ensure an approved form of connectivity is utilised. In addition, they are insulated from geo-political shifts such as if one country has a conflict with another.
The market has changed from taking an attitude that a connected product could be sold for ten times more than an unconnected one, with the additional features enabled being charged for, to a model that is focused on business outcomes. This might involve a pump manufacturer charging for the delivery of clean water or a shift to a product-as-a-service business model for a health and beauty device manufacturer.
IoT Now - Q3 2020
INSIGHT REPORT
Figure 3. Synergies of transformative technologies
Source: IHS Markit, 2019
Figure 3 above shows the migration across different transformative technologies that are collaborating to address the evolving requirements of people, enterprises and industry. The addition of IoT to connectivity has yielded rich streams of data on the status, location and condition of connected devices and services which are now being monetised. The cloud is addressing the requirement to store and apply analytics to these large volumes of data. AI techniques, meanwhile, are starting to help manage this data and generate useful business insights from it.
The money at the heart of IoT comes from across these different layers of intelligence, traversing the SIM layer, the network connectivity layer, the platform layer and the interoperability and integration layer to enable and extract value. The end game is to have a broad catalogue of apps which can all access the same application programme interfaces (APIs) down to the SIM – the next big step for connectivity alliances is to sell not just connectivity but also the API integration that will truly open up the market place.
Conclusion As IoT is at long last poised to become a mass market phenomenon, it’s important that connectivity providers recognise what this means to them. They are no longer in position to set the rules around connectivity and these will increasingly be set by the user organisations. This doesn’t mean the users will understand everything and be familiar with all the acronyms, but it does mean they will know they can have flexibility to ensure their application or device gets the connectivity it wants when it needs it. Peace of mind is a big driver for IoT organisations. They’re not really concerned about the cost of dumb connectivity today – that’s not the prize they’re chasing – especially since many propositions are commoditised already. They’re concerned they’re in the right position in five to ten years’ time, the devices they have invested in deploying are able to perform optimally and that connectivity presents no barrier to their business. As Figure 3 illustrates, connectivity is the foundation on which the digital economy is built but intelligent connectivity is at the heart of the IoT business model. Network operators also see this as an opportunity to participate but they recognise their vocabulary and business model must also change if they are to participate in the open, interconnected, integrated and global nervous system that makes up intelligent connectivity for IoT.
IoT Now - Q3 2020
17
CASE STUDY
Eseye’s global, ubiquitous IoT connectivity service propels telehealth and telecare forward The demand for telehealth and telecare technology has skyrocketed in 2020, primarily fuelled by COVID-19 and the need to provide remote health monitoring to safeguard the vulnerable. A recent study forecasts a sevenfold growth in telehealth by 20251. The global pandemic has disrupted the healthcare industry and accelerated it towards a new era of smart health. Patient behaviour has shifted: a new survey in the US found that two-thirds are now willing to try virtual care because of the ongoing health crisis2. Telehealth encompasses a wide range of technologies, including remote patient monitoring (RPM) and enables healthcare to be delivered outside of the traditional healthcare setting – affording greater flexibility and reduced disease transmission risks. But for telehealth to work at optimum efficiency, it needs to be highly accurate and able to relay vital signs data in realtime. Telehealth devices demand exceptional IoT connectivity – the risk of latency comes at a high price, negatively impacting on patient outcomes
Transforming home patient care for Philips Healthcare and Alcuris
Philips Motiva
Philips Motiva is an interactive telehealth platform expertly designed by Philips Healthcare to empower patients to manage their chronic conditions, such as Chronic Heart Failure, Diabetes Mellitus, and Chronic Obstructive Pulmonary Disease (COPD). With data sent directly to their healthcare provider, medical staff can deliver effective patient care based on vital sign measurements. The intuitive system tailors to suit individual requirements and monitors weight, blood pressure and oxygen saturation in the blood. This fragmented approach to connectivity impacted the manufacturing, logistics and operational processes, as no single SIM solution or connectivity service was available in Philips Healthcare’s primary markets. In addition to the inefficiencies in the procurement and manufacturing processes, the solution often required multiple engineering visits. This delayed the installation process and expended
significant time and money. Furthermore, despite utilising connectivity from many different network operators, Philips was unable to achieve the critically high levels of uptime that Motiva required. All of which led to a sub-standard solution that was putting patients at risk and negatively impacting the care experience.
▲
Philips Healthcare needed a fully managed connectivity solution, which would grant reliable, in-home connectivity to the Philips Motiva product and enable ubiquitous connectivity across Europe. Philips Healthcare previously held contracts with multiple European network operators and purchased SIM and connectivity services at regional or individual country level.
SPONSORED CASE STUDY
18
IoT Now - Q3 2020
Alcuris is the award-winning assistive remote patient monitoring RPM technology start-up behind the Memo platform; an advanced home monitoring service to support older or vulnerable individuals. Memo was created to enable better-connected care between patients and caregivers and help to fill a gap in the social care system. Working closely with local councils in the UK, Alcuris’ mission is to prolong the independence of vulnerable and older individuals, offer reassurance to caregivers, and provide actionable care insights. The Memo platform is a connected family of products formed of a telecare hub, mobile app, real-time data dashboard and a range of sensors including door, motion and fall detectors which link with the Memo Hub. IoT lies at the heart of the Memo solution. To maximise the full benefits of this telecare platform, Alcuris sought a cellular connectivity specialist who could ensure maximum connectivity uptime and the safe provision of data transfer to the Alcuris database. Obtaining real-time, accurate data and insights is crucial as it could be the difference between life and death.
Multi-network IoT connectivity without limits
Alcuris’ Memo Solution
world while avoiding permanent roaming restrictions. Each Motiva and Memo Hub device work from any location – without limits. Eseye’s unique multi-network switching capability safeguards against poor connectivity: an imperative requirement for Alcuris which must maintain a highly reliable, resilient and critical connection between the Memo Hub and a 24/7 alarm monitoring centre. Healthcare data gathered is securely transmitted back to Philips’ and Alcuris’ via a secure VPN, maintaining the integrity of sensitive patient health data between home and hospital.
Much like the premise behind the Motiva and Memo, the AnyNet+ SIM and cellular connectivity service from Eseye is all about flexibility and freedom. Eseye’s eUICC compliant, multi-network SIM technology allows devices to localise connectivity by rotating between multiple mobile network operator profiles. These networks can switch dynamically and autonomously at the SIM level with a choice of networks (IMSIs). And additional networks can be loaded over-the-air using the AnyNet Connectivity Management Platform which futureproofs any deployment.
“Previously we had not considered a roaming solution due to fixed data plans and high over-usage charges. Using Eseye’s AnyNet+ SIM broke down these barriers and gave us one price, one contract and a single invoice for all global connectivity.” – Udo Goldbach, operations manager Europe, Philips Healthcare
The AnyNet+ SIM helps both organisations to achieve reliable cellular connectivity around the
Bringing IoT powered smart healthcare into the home increases patient’s flexible access to essential care and
Telehealth and telecare are transforming value-based care and creating digitally empowered patients; patients who are encouraged to lead their lives independently and take control of their chronic conditions.
improves health outcomes, all while alleviating the strain on primary, hospital and community care. IoT connectivity is a critical enabler for telehealth and telecare: propelling healthcare to shift its approach from reactive to proactive prevention.
Business impact Improved connectivity uptime for the Philips Motiva and Memo Hub to 99.8% Reduce Philips Healthcare’s connectivity costs by over 25% Single product SKU improved supply chain efficiency Eseye’s IoT connectivity helps to deliver a superior care experience for patients
About Eseye: Eseye empowers businesses to embrace IoT without limits. We deliver innovative IoT cellular connectivity solutions that help our customers drive up business value, deploy differentiated experiences and disrupt their markets. Supported by a powerful partner ecosystem, we seamlessly connect devices across 190 countries, agnostic to over 700 available global networks. Now it’s your time to disrupt: www.eseye.com/NoLimits
1 Frost & Sullivan Study, May 2020, https://go.frost.com/NA_PR_TH_MFernandez_K488_Telehealth_May20 2 Sykes Survey, https://www.healthcareitnews.com/news/survey-americans-perceptions-telehealth-covid-19-era
IoT Now - Q3 2020
19
INTERVIEW
Market dynamics do not work for security in IoT - yet As volumes of IoT deployments scale-up, the question of security has never been more important. To date, much IoT security has relied on well-established IT, web and network security approaches but there is an increasing need for IoT-specific solutions and a growing awareness that regulation is required. Thomas Rosteck, the division president for Connected Secure Systems at Infineon Technologies, tells George Malim that, ultimately, the market will drive implementation of secure IoT devices but first, security experts must enable greater understanding of IoT security and support development and enforcement of clear regulation George Malim: To what extent are existing IT and networking security inappropriate for IoT? Thomas Rosteck: I think IoT is in a similar situation to the PC market in the early 2000s when, with the increasing connectivity triggered by the internet becoming mainstream, threats started to proliferate. Over time, that has led to a situation where it’s now difficult to buy a PC without having basic security tools already implemented. That certainly took a while to happen so it’s a comparable situation but there are big differences between PCs and IoT.
In other words, we’re in a situation where there’s an increasingly bad feeling in people’s stomachs but not everyone is reacting to it.
▲
However the structure in PC and IoT is different. The PC industry overall involves a relatively
small number of PC and server manufacturers and very few operating system providers so these could easily come together and agree, as an industry, what approach to take. This is why security in the PC industry is now an obvious and visible feature. If you look at IoT, I would say that we are in the stage where the awareness of security is rising, yet implementation is more challenging. IoT has many more companies involved and many don’t necessarily know what threats they must be prepared for and what security they need to counteract them.
SPONSORED INTERVIEW 20
IoT Now - Q3 2020
Thomas Rosteck Infineon Technologies However, there will be no IoT without security in the long run. Security is a fundamental feature of connecting devices in order to communicate in privacy, to share sensitive data among companies, or to set up new digital business models. Yet, as the number of attacks is still relatively limited, users don’t necessarily see the risks and device manufacturers do not see the need to act with foresight. GM: Is specific IoT security regulation needed and what will drive it? TR: As security is not a marketed feature today, usual market dynamics don´t work. Regulation can help initiate market dynamics to respond to the very realistic threat of increasing cyberattacks. Government initiatives and standards bodies have started thinking about how to define a common set of standards that facilitate security implementation for device manufacturers, make security features comparable and give orientation to consumers. Because one fundamental problem is that end users have difficulty in understanding what the security level of a device is – or even if any security is there at all. If you go into an electronics store and want to understand the security level of a device it’s hard to get an accurate answer. Security is either not mentioned or it’s simply described as secure or there is a highly technical explanation that is hard to follow. As long as security is not a marketed feature it’s difficult for consumers to make a consistent decision. If this was clarified, people would only buy secure products and therefore there would only be secure products available. To make market mechanisms of supply and demand work, security features must become far more visible and more widely understood. And another important aspect is, that a certain security level is not necessarily the same today as it will be tomorrow. Today, if a car parts maker designs a braking system, the physics of braking will be the same today as they will be in ten years but the ‘physics’ of security will be completely different in ten years as the abilities of attackers will have improved by then. This represents an additional challenge to device manufacturers and calls for regulatory support by standardisation bodies and security agencies.
GM: What would you like to see emerge in terms of IoT security certification and regulation? TS: I would like to see a form of device certification that reflects the evolving character of security and visualises the product’s security level through labelling such as the energy consumption labelling that you see on fridges. If the device has the label, users would see that it fulfils certain requirements and includes a minimum set of features. I think this is a good, clear way to make security transparent to users. But labels like this will only work if they’re mandatory. That triggers everyone to use them. Voluntary codes such as the Security by Design initiative in the UK and similar German regulations remain optional and I don’t think that is very helpful because voluntary codes will not be as effective as we need them to be. Don’t forget, we will have tons of IoT devices and if they’re all insecure we will have a large problem that will hold back IoT. GM: What IoT security solutions does Infineon see being widely adopted? TR: From our perspective, there are common reactions to common threats. Everyone knows that grounding your software in hardware that is not easy to manipulate makes sense. For example, a chip-based trusted platform module (TPM) goes on the circuit board of a device and cannot be easily attacked and manipulated from the outside. Starting with a security hardware base and building on that provides apps with a trust anchor. This also helps to address the five key security threats such as confidentiality, authentication, integrity of the product, integrity of the data and availability of the connection and the data. GM: IoT companies aren't security experts - who can help and abstract the complexity away? TR: Cybersecurity is a very complex topic and IoT companies usually don’t have a lot of knowledge in this area nor do they have the resources to build up security skills. What we recommend is a basic security concept in their devices from when they design them – this is security by design which is a very valid and important term. The good news is that IoT device manufacturers can take a short cut by referring to the knowledge and
experience of the security industry. We’ve developed an understanding of what the threats in the future will look like and we’re investing heavily in developing concepts and architectures that can protect against such attacks. Connected devices are out there for a while and cars, gateways or smart locks need to be secure for the next three, ten,, 15 years and more. The amount of research we do is obviously greater than what an IoT company can do so that’s an important part of our capability. Therefore our strategy is to package what we know into products that are easy to integrate. This helps to eliminate quite a number of common mistakes in the deployment and to always keep security features up-to-date. Finally, we are very actively involved in defining and developing industry standards and certification schemes that are transparent and open to everyone. There’s a risk that if everyone develops security solutions themselves, there will be a lot of implementation problems. Particularly for IoT we need globally harmonised standards for all kind of products from smoke alarms to car factory plants. Ultimately, the market demand will drive cybersecurity, but we have to act now, by increasing consumer awareness of risks and threats, by defining cybersecurity standards that are transparent and internationally accepted and by providing manufacturers with security products that are straightforward to implement. www.infineon.com/security
IoT Now - Q3 2020
21
IoT SECURITY REGULATION REPORT WHY ITâ&#x20AC;&#x2122;S TIME TO REGULATE TO ACCELERATE
IoT SECURITY REGULATION REPORT
IoT security regulation is needed to underpin market acceleration As volumes of IoT deployments scale-up, the question of security has never been more important, writes George Malim, the managing editor of IoT Now. We've looked on in horror at the well-known breaches such as the Jeep hack by Wired magazine and the Las Vegas Casino aquarium water pump cyberattack but these have been in relatively confined, experimental environments and are not at the hyperscale of IoT. The scale in itself is a security issue and that is compounded because IoT is truly global and therefore is enacted under different regulations in different nations. In addition, IoT relies on different technologies both in the devices and in the networks used to connect them. Some connectivity is fundamentally more secure than others, such as private 5G in comparison to home Wi-Fi, and therefore regulating IoT security is complex and multi-layered. Hunger to get to market first and fast has also weakened prioritisation of security as organisations battle to become market leaders of new sectors To date, securing IoT has relied on wellestablished IT, web and network security but there is an increasing need for IoT-specific solutions and a growing awareness that regulation is required. IT security that works well for protecting servers or PCs in offices only goes some of the way to securing remotely deployed sensors, surveillance cameras or the multitude of endpoints and sensitive data that traverse IoT networks. Systems need to take security more seriously to increase customer confidence in IoT and avoid a wave of breaches that hamper the early phases of the massive IoT market.
IoT Now - Q3 2020
This is well-understood and reflected by predictions of increased spending on IoT security from analyst firms. In Figure 1, IoT Analytics projects a CAGR of 44% in spending on IoT security in the period 2017-2022. Technavio has also been monitoring the IoT security market and predicts it is poised to grow by US$80.94bn during 2020-2024, progressing at a CAGR of almost 37% during the forecast period.
â&#x2013;˛
IoT-specific security regulation is required to establish a framework for IoT security and to clarify what levels of security are needed. This could, ultimately, lead to a certification process in which IoT devices and services could be certified secure. Some are keen to see levels of security defined that reflect the security requirements of different IoT applications, with
certification matched to the business value and security risk profile of the deployment. A sensor that alerts if a bin is empty has a different security priority to a streetlighting system interacting with an autonomous vehicle. Each also will face security constraints in terms of the cost of securing it. The notion of appropriate security that matches and optimises security to the device and its business case needs further exploration and definition to both protect systems adequately and foster user and operator confidence that products are secure.
23
IoT SECURITY REGULATION REPORT
Internet of Things connections are expected to exceed 23 billion across all major IoT markets by 2026, according to new figures from ABI Research. The analyst firm's ‘Device Authentication in IoT Technology’ report reveals almost all those connections will be faced with incessant and constantly evolving cyberthreats, forcing implementers and IoT vendors to embrace new types of security to protect managed fleets and connected assets. Secure device authentication is among the top-tier investment priorities for key IoT markets, the firm reports. It expects that hardware-focused IoT authentication services will reach US$8.4 billion in revenues by 2026. "There are several key technologies revolving around authentication security that currently transform the IoT device value chain,” said Dimitrios Pavlakis, an industry analyst at ABI Research. “Chief elements among them revolve around IoT identity issuance, provisioning, authentication, encryption key lifecycle management, access management and attestation. These are the prime focus of IoT vendors who capitalise on the emerging threat horizon to better position their services and explore new IoT monetisation models." Figure 1: IoT security is being invested in
The regulations Since the first government-mandated IoTspecific security regulation was made with the introduction of security certification criteria for smart meter gateways to support Germany’s roll-out of smart meters, other jurisdictions have worked to create IoT security regulation. The German Federal Office for Security in Information Technology (BSI) set out common criteria for securing smart meters as part of the country’s Smart Meters Operation Act (MsbG), which came into force in September 2016. The Act stipulated that once three certified smart meter gateways are available, national roll-out could begin. Certification guarantees that the smart meter gateway meets the strict technical and security criteria defined by the BSI, making them suitable for installation in intelligent metering systems first outlined in the legal framework for smart metering laid down by the Bundesministerium für Wirtschaft und Energie (BMWi). Germany has not been alone. Governments in both the UK and United States have been working to enhance consumer protections included in IoT devices. In the US, for example, California became the first state to pass an Internet of Things (IoT) security law, which went into effect in January 2020. The state of Oregon is following closely. The legislation, the California Senate Bill 327 (SB-327), requires “reasonable security feature or features that are appropriate to the nature and function of the device.” SB-327, which was first proposed in 2018 and became law in January 2020, has received criticism from the security community, which has complained that, while the bill is a good first step, it does not go far enough in regulating IoT security.
▲
In the UK, the government has also introduced a new draft law that will require certain cybersecurity features to be built into IoT Source: IoT Analytics Research
Figure 2: Pioneering IoT security regulations
Source: Infineon Technologies, 2020
24
IoT Now - Q3 2020
IoT SECURITY REGULATION REPORT
Figure 3: Elements of the UK’s optional code of practice
CODE OF PRACTICE FOR CONSUMER IoT SECURITY 2
1
No default passwords
5
4 Securely store credentials and securitysensitive data
9
Implement a vulnerability disclosure policy
Minimise exposed attack surfaces
Communicate securely
8 Ensure software integrity
Make it easy for consumers to delete personal data
Ensure personal data is protected
13
12
11 Monitor system telemetry data
Keep software updated
7
6
10
Make system resilient to outages
3
Make installation and maintenance of devices easy
Validate input data
Source: UK Department for Digital, Culture, Media and Sport
products and clearly labelled on the packaging. Both of these IoT security laws could become templates for other nations. The UK’s draft law, announced in late-January 2020, comprises three main requirements for IoT manufacturers. All consumer IoT device passwords must be unique and not possible to reset to universal factory settings. IoT device manufacturers must provide a public point of contact so that anyone can report a flaw to be “acted on in a timely manner”. Finally, manufacturers must also explicitly state the minimum length of time for which devices will receive security updates at the point of sale. The UK has been early to address the IoT security challenge and previously introduced its Secure by Design Code of Practice for consumer IoT security, which was launched in 2018. However, this was a guidance rather than legislation and had no penalties for manufacturers who did not comply.
IoT Now - Q3 2020
The Singapore Cybersecurity Act is among the most stringent regulation to be applied to IoT and looks to level up digital security and digital resiliency measures across industry sectors that provide essential services in Singapore. KPMG says the Act provides a framework to Critical Information Infrastructure (CII) owners on their obligations to proactively protect their data and networks from cyberattacks. The defined CII sectors in the Act are energy, water, banking and finance, healthcare, transport (land, maritime, and aviation), info-communications, media, security and emergency services, and government. Organisations in the CII sectors are required to take the following measures: • Prevent, manage and respond to cyber security threats and incidents; • Protect Critical Information Infrastructures (CII) • Share CII information with the Cyber Security Agency of Singapore (CSA) in the event of a cyberattack.
▲
Several other attempts at IoT security regulation do exist globally. In the European Union, ENISA (European Union Agency for Network and Information Security) has published its Baseline Security Recommendations for IoT with a particular focus on critical national infrastructure. Other industry initiatives include the IoT Security Foundation’s Code of Practice, which provides a basis for testing and certification of IoT security.
These initiatives are far from the end of the IoT security regulation journey and, in the EU in particular, these practices are not mandatory. Regulators need to work out how effective standards and practices can be enforced pragmatically. The task for IoT device manufacturers is to ensure that products are secure by design and by default.
25
IoT SECURITY REGULATION REPORT
Figure 4: How current regulations compare programme. It could be as simple as a traffic light system, or a platinum to bronze spectrum of security levels.
Source: Infineon Technologies
From design to default The well-intentioned UK Secure by Design Code of Practice provides an effective framework for securing IoT but its lack of enforcement weakens it to being mere guidance. It’s therefore clear that enforceable legislation like the Singapore Cybersecurity Act are required and these will play an important role of moving security to become a default in IoT as it is in the IT world.
An additional function of this would be that lower security devices may no longer be saleable and therefore the sticker system could provide a generalised uplift to security across all of IoT as users vote with their feet and only buy secure systems. Finland is leading the charge here and has launched a cybersecurity labelling system to inform consumers of IoT products that meet digital safety standards. The labelling initiative, led by the Finnish Transport and Communications Agency, Traficom, began development late last year. It will see a stamp placed on every smart device that adheres to Finland’s cybersecurity safety guidelines.
▲
Along this path, IoT security must become visible and simple to understand for consumers and customer organisations. There will be many different shades of IoT security, as discussed earlier, and an easy means to demonstrate the security credentials of a device or solution is through an independent certification
Some have put forward the concept of an IoT security equivalent to the Energy Star certification for energy efficiency of appliances, electronics, HVAC systems and others. Energy Star is a US government programme, but IoT is global and unlikely to be able to wait for government action. Instead, the IoT industry could develop its own security certification system. This would make it easy for customers to immediately understand the security capabilities of an IoT device and purchase accordingly.
Figure 5: IoT security best practices post COVID-19
Source: IoT Analytics Research 2000
26
IoT Now - Q3 2020
IoT SECURITY REGULATION REPORT
A website is also available for vendors to become certified with the security badge, and for consumers to make informed purchases. The implementation of the initiative has been led by the National Cyber Security Centre Finland (NCSC-FI) and telecoms operator DNA along with smart device manufacturers Cozify and Polar Electro. The aim is to have stickers on all consumer IoT devices that detail their security status. Such a scheme would be readily extendable to industrial IoT and the businessto-business market.
IoT security in the time of COVID As COVID-19 has led to an increase in
cyberattacks and to changes in hackers’ strategies, companies are taking precautions and revisiting their IoT security setup. In Figure 5, IoT Analytics provides its top five security best practices for COVID-19. The growth in remote working, which is seeing a wide array of devices connecting to corporate networks, is compounded by the rise of IoT devices at home and at work. Most security teams have zero visibility into these and, as consumer IoT devices increasingly share the same – often home Wi-Fi – network as corporate devices, consumer IoT devices effectively expand the organisation’s attack surface.
Conclusion Many IoT devices continue to be released with serious security vulnerabilities which leaves them open to attack. Without a enforced standards governing the security of IoT devices, device manufacturers have been allowed to prioritise time-to-market above security. The lack of regulation has allowed systemic issues such as insecure administrator interfaces, poor authentication schemes and firmware vulnerabilities to persist across brands and types of devices. Once a smart device is hacked, the opportunities for hackers to attack enterprise assets or steal employee credentials greatly increases. Until meaningful legislation is passed, enterprises are, in effect, having to do the job of their IoT device and solution providers. It’s their reputations that are on the line so they are taking responsibility for protecting their assets from the risks of sharing a network with IoT devices. This presents a substantial opportunity for IoT vendors that can provide secure solutions. If they can communicate simply and effectively via a certification that their device meets specific, well-understood criteria the burden of security can shift, at least in part, from the enterprise to the vendor, making procurement decisions easier and ultimately removing insecure systems from the market. As IoT matures, device makers have a responsibility to their customers to ensure their devices are secure. This will also benefit them because customers will prefer to buy secure solutions and if fewer breaches occur, IoT will avoid the bad reputation of being an insecure market. On the upside this will stimulate further growth, foster trust and result in more and more organisations and people engaging in IoT at scale. Ignoring optional codes of practice, seeking out the loopholes and continuing to sell insecure devices may look like a way to save development costs and bring cheaper devices to market but in reality, it’s a way to hamper the development of IoT in its entirety by weakening the reputation of companies, causing mistrust of IoT and enabling the cyber criminals. The new regulations and the direction of travel towards legislation and certification that are outlined in this report show the IoT industry is engaging with the security issues it faces. In future we will see certification schemes such as the Finnish initiative go global and it will be another step towards IoT security completed when devices are sold based on their certified security status. There is, however, a need for speed here. IoT can’t wait for lengthy standards development processes. The industry should take its own lead and find its own way.
IoT Now - Q3 2020
27
“
IT IS NOT THE STRONGEST SPECIES THAT SURVIVE, NOR THE MOST INTELLIGENT, BUT THE ONES MOST RESPONSIVE TO CHANGE
”
YOUR DIGITAL TRANSFORMATION JOURNEY STARTS HERE SUBSCRIBE
www.TheEE.ai
INTERVIEW
Breaking down complexities in IoT connectivity with eSIM Robin Duke-Woolley, CEO Beecham Research, interviews Steve Alder chief business development officer at Truphone and Michael Moorfield, director of product at Truphone
Robin Duke-Woolley: How do you describe what Truphone does?
Robin Duke-Woolley, Beecham Research
Steve Alder: Truphone is a mobile virtual network operator (MVNO) based in nine countries – UK, US, Germany, France, Spain, Netherlands, Poland, Hong Kong and Australia. We have our own global core network that covers over 200 destinations and connects with many different MNOs, providing global or regional roaming. Truphone was originally one of the first VOIP apps. We still have a large enterprise voice business for international use but recognised that the network is also valuable for Internet of Things (IoT) customers. The heart of our offer is simple connectivity, but we are strong believers in the potential of embedded subscriber identity module (eSIM). As a result, we have invested in eSIM and are one of the biggest providers of eSIM in the market. We’ve also recently launched Truphone for Things, our all-encompassing global connectivity solution which breaks down complexities in IoT connectivity by utilising eSIM technology. Truphone for Things enables users to connect devices anywhere in the world in a few simple clicks. RD-W: For an eSIM solution to be effective, it needs to be able to switch between MNOs and find the lowest cost path for each device out there. How does Truphone cater for that?
30
A connected device no longer needs to be tied to a network brand, it can connect remotely to any and all of them. Any device shipped around the globe will have out-of-the-box connectivity, on a network of the user's choosing, from the moment they switch it on. All this can be done with the Truphone SIM. In addition, eSIM technology allows a user to swap the SIM to a new MNO remotely. In IoT you never want to go back to the device to swap the SIM, so with eSIM this can be done over-the-air. It means that you aren’t locked into the same operator for the life of the device, it gives more flexibility and choice in the future. Truphone believes in this open policy as it will be good for the growth of IoT. RD-W: What level of granularity can you provide for different requirements? SA: Within the Truphone service we have the ability to access multiple networks whether that is for high bandwidth, low bandwidth, low power or other customer requirements. Michael Moorfield: The SIM that can switch to
▲
SA: The switching between network operators we deal with is invisible to our customers. The Truphone profile attaches to Orange in France,
to Vodafone in Germany and so on. We have multi-international mobile subscriber identity (IMSI) technology on the SIM that allows the SIM to look for different networks and always look for the best quality and price. This is great for IoT manufacturers and distributors as they can create a single stock keeping unit (SKU) that doesn't need to be programmed to a local network on manufacture.
IoT Now - Q3 2020
Michael Moorfield, Truphone
Steve Alder, Truphone
multiple networks is something Truphone has done for eight or nine years as a Multi-IMSI solution. We do that on the back of our MVNO infrastructure and we have 13 IMSIs on our SIM card that allow us to decide the best route given the specific customer use case. One customer might be deploying an LTE-M tracker globally, so we put IMSIs on that SIM that give access to the most LTE-M networks around the world. Another customer with a tablet to roll out globally will need a different set of IMSIs to make sure it has the best and cheapest possible access to LTE service. The eSIM bit then goes on top of that, in that you can then deliver that profile remotely as well.
MM: Yes – we support the GSMA spec. There are two separate points here. The Multi-IMSI technology we’ve developed in our profile is proprietary Truphone intellectual property. It all runs within a GSMA standard eSIM so all of our SIM cards are GSMA-certified and our provisioning platform in London and Amsterdam is GSMA-certified. We’re a big supporter and part of the GSMA working group.
RD-W: The IMSI profiles that you provide, can they be downloaded over the air or are they inserted into the SIM and that’s what gets installed into the device? MM: Both. Each of our SIMs comes preloaded with our IMSIs but we’re adding new ones all the time, so we push those over the air. If you’re in a country where we have a new agreement, we can push that new one. We have patents in this area around our SIM management capability in order to do this. So you don’t necessarily need to select Truphone at the initial deployment and you can swap away from Truphone if you want to. You can do that all through our platform. RD-W: Do you follow the GSMA spec for eSIM? Multi-IMSI solutions are proprietary, so swapping out may not be as easy.
IoT Now - Q3 2020
RD-W: What kind of services are offered from your platform?
Within the Truphone service we have the ability to access multiple networks whether that is for high bandwidth, low bandwidth, low power or other customer requirements
MM: At its core, we provide a platform for all our customers to manage all their connected devices wherever they are. For each device, you can see its IP address, you can optimise or troubleshoot it, see what’s happening in terms of traffic on each device. Alongside that we support our eSIM management of those devices as well with our own remote SIM provisioning platform. RD-W: When did you start offering IoT eSIMs? SA: September 2018, and we are one of the biggest remote eSIM provisioning companies. It’s been helped by our partnership with Apple. We’ve been partnered with Apple for eSIM for a long time. We then also opened up our platform to other operators. We now have 26 operators using our platform to serve their customers, so we are acting there as a service provider for network operators. This is in addition to Truphone’s own end user service, where most of our customers are product manufacturers looking for international coverage.
31
eSIM DELIVERS GREATER FREEDOM FOR IoT OEMs IoT NOW ANALYST REPORT
SPONSOR
Reproduced from IoT Now Magazine
ANALYST REPORT
Robin Duke-Woolley, Beecham Research
Traditional SIM card restricts IoT growth for OEMs The original SIM card (Subscriber Identity Module) – the plastic card inserted into your mobile phone to determine which network operator (MNO) your phone is assigned to – has essentially not changed much since it first came to the market in 1991. It has been well suited to the sales process in specialist mobile retail stores, where the SIM is inserted into the phone at the point of sale
▼
While it has contributed significantly to the growing success of the mobile handset market for many reasons, it is not ideal for other connected devices which are not purchased through mobile phone retail outlets. For IoT applications, such as those using asset trackers, cars, CCTV cameras, healthcare devices, security alarms and smart meters, matching up a specifically configured SIM card with the device it is configured for is often a logistical nightmare for the product manufacturers (OEMs) involved. This is particularly the case where the devices are manufactured in one country then shipped worldwide, with the SIM cards then often being configured in a different country and also shipped worldwide to be matched up individually with those devices. This all adds cost and when errors are inevitably made, these need to be corrected which adds time as well. It is also highly inflexible to customer service changes and is in any case becoming increasingly untenable as the volumes of manufactured devices requiring to be connected have risen sharply in recent years. In essence, the traditional SIM card has been restricting the growth of cellular IoT device use in global markets.
IoT Now - Q3 2020
33
ANALYST REPORT
As well as all this, there may be a need to change the mobile operator (MNO) during the life of the device. This could be for coverage issues, or because the tariff is now high compared with other alternatives, or even due to a network shutdown as the network technology is upgraded. Changing the MNO means changing the SIM card and that introduces both the same and new logistical issues. It is usually the case that such devices, once installed, cannot be simply disconnected and sent back to base for the swap. Apart from the loss of service the device is providing, the card may be physically difficult to access. It may be up a lamppost. It may be in a small cabinet out of easy reach. On the other hand, if it is easy to access and in a public location, it may then be open to tampering and even theft if not physically secured in some way. Such issues and more all add cost and further logistical challenges in the use of traditional SIM cards for connected devices.
eSIM to the rescue To address these and other challenges posed by the SIM card in this market, a new type of SIM has been introduced that is provisioned over the air. Somewhat confusingly, this is called an embedded universal integrated circuit card (eUICC). The major advantage for OEMs of this approach is that the SIM can be inserted into a device’s circuit board during manufacture like any other component and then provisioned later with the appropriate network operator profile over the air (OTA) for wherever in the world it happens to be. It converts the SIM into a single stock keeping unit (SKU), thereby helping to streamline production processes and reduce costs. This is particularly important for the OEM market where products may be shipped anywhere in the world and considerably eases the issues for OEMs.
▼
This whole solution, incorporating both the eUICC and the means for updating it remotely over the air, is then called the eSIM solution. The introduction of the eSIM Technical Specification by the GSMA in 2014, and continuously updated since then, provides a technical standard for this type of solution and this has considerably enhanced the prospects for eSIM use in the IoT market. It has dramatically opened up the opportunities for OEMs to use cellular connectivity in their products. It has of course already been widely taken up by the auto industry manufacturers, who have pioneered its use for a variety of telematics and in-car entertainment uses, and is relevant for any application where embedded, wide area connectivity is appropriate. Through the way it works, this solution also changes the ownership of the SIM itself. The traditional SIM card has always been the property of an individual MNO. It is supplied by the MNO and to change to another requires a physical change of SIM. With the eUICC, the SIM is owned by the OEM or service provider and has a bootstrap network profile installed in it. Wherever the product is subsequently shipped to, when the eUICC is switched on the bootstrap profile sets up a wireless connection so the correct network profile for that location can be downloaded over the air, with no physical intervention.
34
IoT Now - Q3 2020
Majority of new cellular IoT connections to be eSIM-based Projected eUICC shipments vs Cellular IoT Connections (m) 2500
bandwidth – will be eSIM based in the next few years. Further, since growth of eSIM for low bandwidth NB-IoT and LTE-M is behind and catching up, growth of eSIM for high bandwidth connections is well ahead of that. This means that the majority of new cellular IoT connections will use eSIM and its related developments, such as iSIM (integrated SIM), within the next few years. The IoT market is just at the start of exploring the new ways of working and the new operational flexibilities that eSIM now offers for IoT business users.
2000
1000 500 0 2017
2018
Total Cellular
2019
2020
New Cellular
2021
2022
eUICC shipments
Figure 1: eUICC shipments vs new cellular IoT connections (Source: Beecham Research) Projections for use of eSIM for M2M/IoT applications show strong growth with market expectations high that nearly two thirds of all new cellular IoT connections – both high and low
IoT Now - Q3 2020
One of these flexibilities is that if the business user requires a particular experience for their connected devices in a large number of countries, establishing the best rates for that coverage can be complex. It may therefore seem simpler just to opt for a global SIM provided by one MNO that offers coverage using the roaming agreements that the MNO has worldwide. That is then often provided by means of a locked eSIM that cannot be changed for the life of the product. Yet this approach may not in fact provide the optimum geographic coverage for the data rate required within each country and overall may cost more than an alternative that does provide this. If it is locked, it cannot then be changed. The difference is then between a one-size-fits-all global SIM solution that is not designed for the specific requirement and an open and flexible solution tailored to the specific needs of the business user. The former solution cannot adapt to any changes required by the user that come about over time, whereas the latter remains open and flexible to such changes. ▼
1500
35
ANALYST REPORT
A related issue is permanent roaming. In some countries, a device that is roaming permanently in a country when its home country is elsewhere contravenes local regulations and may be disconnected. This is a changing situation and the number of countries where this is an issue may increase over time. This is easily overcome using an eSIM approach, where a new network profile can be uploaded as required. A further area that may also need to be considered is local country regulations aimed at ensuring that data originating in a country stays in that country. This has implications for choice of carrier in some countries for some applications and this trend is expected to increase over the next few years. There may also be a need for local breakouts, so that data is processed close to where it will be used rather than being sent back to a cloud-based server where latency could be an issue. All of these issues suggest that eSIM solutions will continue to evolve and become more granular and more flexible over time as their use increases.
Truphone for Things As the name suggests, Truphone originally entered the telecoms market with a voice application for enterprise users and has also been partnered with Apple for eSIM for some time. Its entry into the IoT market is more recent, and this has provided the company with the opportunity to utilise its experience of both eSIM and Multi-IMSI to provide a flexible solution for IoT. In doing so, its principle objective is to make life easy for its customers. Although eSIM is intrinsically quite complex to operate, Truphone’s view is that there is no need for its customers – typically not telecoms experts – to be involved in that. Keep it simple.
▼
Figure 2: Remote SIM Provisioning System Architecture (Source: Truphone)
Figure 2 shows Truphone’s version of the GSMA’s Remote SIM Provisioning Architecture, which features the interfaces required (ESxx) for secure transfer of network profiles. As this demonstrates, this is a quite complex process with many interface activities required. It also demonstrates the need for one globally accepted specification or standard to maximise the benefits of eSIM in the IoT market. Proprietary specifications, of which there are a number, effectively lock the customer in to one supplier’s subscription management system.
36
IoT Now - Q3 2020
Figure 3: Key Elements of Truphone’s eSIM Line-up
Truphone has developed this technology – including the SMDS (Subscription Manager-Delivery Server) and SM-DP (Subscription Manager-Data Preparation) – in their own infrastructure, which provides full control over the feature set and being able to integrate it in different ways. At its core, Truphone provides a platform for all of its customers to manage all of their connected devices. Wherever they are in the world, the device will show up. The customer can see what IP address it has, they can control that device in terms of whether it is activated or troubleshoot it and see what is happening in terms of traffic on that device. Alongside that, Truphone supports its own SIM management of those devices as well with its remote SIM provisioning platform, which can be integrated with the eUICC in each device. That could be pushing new profiles to those devices and switching profiles if needed. Figure 3 shows the main elements of Truphone’s eSIM offering. Among others, this includes Entitlement Management, which offers the ability to securely configure devices with the right settings. For example, this may be particularly useful for wearables applications where there is no effective user interface (UI). It can be challenging to configure voice services on a wearable. The integrated Entitlement platform Truphone has developed provides the facility to configure those wearable devices. Truphone is now nearing six million eSIM enabled connections on their platform. They are downloading about 20,000 per day, although this is a total mix of data traffic – not all IoT. For example, it includes iPad traffic. In addition, this is not just Truphone’s own connectivity. The company has 26 other network operators using its platform to serve their own customers.
IoT Now - Q3 2020
The company has established various partnerships across the ecosystem including eSIM partnership with Synopsys in the US and Murata in Japan, who make LTE-M/NB-IoT multi-mode modules that come linked to Truphone’s platform. What differentiates Truphone? In the company’s own words “we have an end to end solution so if you want to have eSIM we can provide the eUICC, the connectivity and the remote SIM provisioning platform to go with it. There are not many who can provide all of these elements and give a global endto-end solution to an IoT player.” In addition, Truphone maintains an open stance towards eSIM. The whole point of eSIM is to provide the flexibility to change the SIM in the future to somebody else. Truphone is quite open and relaxed if its customers want to move away from Truphone and use another service. It will facilitate that to happen. This is not a usual attitude in the telecoms world but necessary for eSIM and the IoT market to thrive.
37
CASE STUDY
Fox Sports used Truphone SIM cards to broadcast from the tournament
Truphone for Things gets Fox Sports ahead of the game From providing our services to 10 of the world's 12 largest banks to being a trusted partner of Apple’s for the last five years as the first Apple eSIM provider, Truphone’s roster of clients is as diverse and influential as our product suite. Whether we’re helping MSA Security scale at the touch of a button or keeping Fox Sports close to the action, our customers can rely on us to provide them with seamless connectivity, on the ground, wherever they are. Truphone’s use-cases cover a breadth of IoT needs, such as high-volume data for a smaller number of devices, as we do for Fox Sports, or lower volumes of data for asset and fleet tracking purposes, as we do for MachineMax. Below, we’ll discuss in more detail how Truphone has helped these two particular customers stay ahead of the game
Rising to the challenge for the Women’s World Cup During the Women’s World Cup in France, Fox Sports needed a flexible solution that would enable them to broadcast live footage for its programming, without having to worry about poor connection or breaks in service.
"We were able to replace all of the SIMs with Truphone SIM cards to enable us to be on the Truphone network everywhere we were with the backpacks in France. This allowed us to have one data plan and no surprises at the end of the tournament," says Kevin Callahan, the vice president of Engineering and Operations at Fox Sports
Transforming connectivity with Truphone for Things Using Truphone for Things – Truphone’s cuttingedge IoT technology – Fox Sports replaced all of its regular SIM cards with Truphone SIMs in its LiveU mobile broadcasting packs. These ▼
As one of the largest sports broadcasters in the world, Fox Sports is on-site at every major sporting event, reporting on the biggest stories as they break. These pre-planned large-scale events are the focal point of the year for broadcasters, with multi-millions invested to ensure the best quality coverage.
SPONSORED CASE STUDIES 38
IoT Now - Q3 2020
broadcasting packs, which the Fox Sports team wear physically like a rucksack, were able to connect to the Truphone network at all times, capturing live footage which was sent, in realtime, back to its HQ in the US.
Sports with a seamless, reliable connection, it also meant that their entire live broadcasting fleet could be managed on one plan with one point of contact.
In switching to Truphone’s SIMs, Fox Sports could transmit live content to a cell tower which was, in turn, received halfway around the world and broadcast directly into the home. Not only did the implementation of Truphone SIMs afford Fox
• Seamless, reliable connectivity anywhere around the globe • One mobile plan, one point of contact – hassle-free
Why Truphone?
Truphone connects MachineMax’s entire fleet in moments London-based MachineMax was selected as one of the Top 50 ConTech Startups in 2019 by CEMEX Ventures and also won the ‘Smart Use of Machinery: Technology for Heavy Plant’ award at NCE TechFest. The company produces sensors designed specifically for off-highway heavy equipment – tractors, dumper trucks, excavators, diggers of any brand and any model – and ships them globally. Its customers use the sensors to track their machines and receive efficiency, productivity and fuel-cost insights to help them maximise profitability and reduce emissions. But while MachineMax could offer revolutionary wireless telematics to its customers, it didn’t have a way to simplify connectivity for their vehicle fleets. That was, until it partnered with Truphone.
How eSIM has changed the MachineMax offer Truphone’s commitment to eSIM (embedded SIM) technology has given MachineMax a huge competitive advantage, and its customers a simple solution for getting their off-highway vehicles connected. By implementing Truphone’s state-of-the-art eSIM technology in its devices – and thanks to Truphone’s network which supports 2G, 3G, 4G and CAT-M1/LTE-M networks worldwide – MachineMax is now able to offer connectivity straight out of the box, wherever in the world the device is deployed. What’s more, every eSIM profile in customers’ fleets can now be updated and connected remotely and at scale from the Truphone for Things platform. Users have the ability to deploy and manage connectivity for thousands of devices via a simple-yet-powerful interface, at their fingertips.
IoT Now - Q3 2020
MachineMax’s connected-device offer provides the company’s customers with complete confidence that their fleet of devices can be tracked, 24/7, no matter the site size or manufacturer.
MachineMax relies on Truphone eSIMs for its wireless telematics
But it also provides MachineMax’s CEO, Amit Rai, with belief. “With the support of Truphone, we are confident we can continue our rapid global expansion whilst providing seamless global connectivity,” he says.
A one-stop-shop for IoT connectivity Truphone for Things joins together previously fragmented elements of the Internet of Things (IoT) ecosystem to provide a ‘one-stop-shop’ for IoT connectivity. The company’s global mobile network is used to connect devices anywhere – via a range of lowand high-power networks – and full control is provided via an easy-to-use management platform. So it’s little wonder new partnerships such as the one with MachineMax are forming continually as manufacturers seek to unlock the potential of the Internet of Things for their customers.
www.truphone.com
39
INTERVIEW
Developers go to component-level to optimise expenditure As IoT matures, many use cases depend on cost efficiencies in order to make the business case work. This extends across all aspects of an IoT application or service but, where specific hardware is required, the costs of individual components need to be carefully considered in order to ensure optimised expenditure. In addition to this, factors such as maintenance, development costs and whether to buy-in components or bundles and sub-assemblies needs to be made. Josh Mickolio, the supplier business development manager for wireless products at Digi-Key Electronics, tells IoT Now how organisations are assessing their approaches to component specification for IoT devices IoT Now: What are the complexities of balancing the need for bespoke IoT devices with the need to get to market quickly? Is it really necessary to go down to the individual component level for every deployment and device? Josh Mickolio: Designing a solution from the ground up involves so many critical design components that the time-to-market is greatly underestimated in most cases. Budget overruns, certification delays, security concerns and even the death of the project are often results of underestimating these complexities.
IoT Now: Aside from accelerating device development, are organisations looking to simplify their supply chains by utilising fewer individual components and buying building blocks of functionality much like sub-assemblies in the automotive industry, for example?
â&#x2013;˛
Itâ&#x20AC;&#x2122;s absolutely not necessary to build a solution by designing each component. Unless a company has design resources with
experience in IoT solutions, itâ&#x20AC;&#x2122;s highly recommended to utilise finished components, those that have been previously fullydeveloped by other specialists, as often as possible. This may include benefits such as being able to specify pre-certified hardware, hardware-software solutions that work immediately out of the box or require little engineering effort to optimise. In addition, organisations can benefit from using a turnkey solution to prove out their concept and to assess its return on investment potential.
SPONSORED INTERVIEW 40
IoT Now - Q3 2020
JM: This situation is increasingly common. These building blocks didnâ&#x20AC;&#x2122;t exist just a few years ago so there is still a large learning curve on how to integrate it all and what a solution needs to include. The hardware and software providers know that, for their customers to be successful, they have to work closely with partners or provide a solution themselves that is more functional or design-ready. The aim is to remove as much customer risk as they can. IoT Now: What components does it make most sense to bring together into a productised bundle or part for integration into a device? Are there some functionalities that fit logically together that you have identified and can share? JM: Hardware is a slow follower as markets develop and grow, and integration here makes the most sense for hardware designers. Size efficiencies, system cost and integration, and expanding interoperability of a hardware platform are always benefits to designers. Bringing processing capabilities to the radio, adding sensor interfaces to microcontroller unit (MCU) or lower-level processing to the sensor have helped define edge intelligence as we know it today. Without being able to significantly lower the costs and having additional security integrated into the hardware, a simple smart device would be too expensive for most business cases. IoT Now: Does the idea of using a smaller number of preintegrated components need to be considered from the first phase of design or can organisations retrospectively look to adopt this approach? JM: It should be considered from the start of the project or, at the very least, as a reference design for what the final solution is expected to be. Itâ&#x20AC;&#x2122;s much easier to design cost out of a solution when you have one that works. If a discrete component design is the first approach itâ&#x20AC;&#x2122;s wise to look at integrated boards, break-out boards and other hardware that brings together your target components list, these devices are helpful to identify components that can be used in a lower-level design. IoT Now: Are there cost saving implications as well - can this approach bring together faster time-to-market, greater simplicity and lower cost and therefore change the economics of IoT solution deployment? JM: Very much so. Costs add up significantly during design, though the economics over the life of the project can be
Josh Mickolio Digi-Key Electronics
impacted as well. Certification savings, costs of re-design - and re-certification - when components are end of life as well as maintenance are often overlooked areas. IoT Now: How does Digi-Key help and how do you see the company's role? JM: We can see the world of IoT evolving in real-time. We have more than 1,000 suppliers and most of them have a significant interest or offering in IoT. Where suppliers need guidance with identifying target devices, integrations or partners, we help fill those gaps with data and customer feedback. Our role is presenting the right product to a customer quickly and accurately, while ensuring the highest capability for our customers to be able to design, test and deploy with that product.
www.digikey.com/iot
IoT Now - Q3 2020
41
IoT DEVICE COMPONENTS REPORT SIMPLIFICATION DEMANDS SOLUTIONS NOT JUST COMPONENTS
SPONSOR
REPORT
Simplified device design demands solutions not individual components IoT lives and dies on the success of the applications it enables. The first two decades have seen enormous efforts made to understand how all the complex and inter-related technologies can work together and interoperate to create the devices needed to enable the applications but now, as deployments hit significant scale, we're entering a competitive market place in which trialling and pilots are taking a backseat to speed of deployment. This means device designers are increasingly looking for a simplified and accelerated approach in which building blocks of functionality can be rapidly integrated into devices This simplification will be vital to enable economies of scale as device volumes rise to the tens of billions originally predicted to have happened by now. It also plays a critical part in the success or failure of organisationsâ&#x20AC;&#x2122; IoT initiatives. Complex devices, developed in isolation, will result in delay to time-to-market as integration work and compliance with regulations slow the device creation process. This in itself will cost money but, of more concern, could also cost the opportunity to lead a new market segment because of delay allowing competitors to win customers.
Figure 1: IoT sensors have continued to reduce in price
In this report IoT Now managing editor, George Malim, assesses how approaches to IoT device components are being simplified and examines the trend towards utilising a smaller number of pre-integrated sub-assemblies to both save cost and accelerate time-to-market.
IoT Now - Q3 2020
The question of cost Cost is still the key determining factor regarding whether an IoT service gets the green light and the cost of the device accounts for around onethird of that decision-making equation, as detailed in Figure 2. This means that device cost can easily make or break an IoT business case and therefore every cent on every component counts â&#x20AC;&#x201C; especially for deployments likely to involve large numbers of devices. Yet cost of components in raw dollar terms cannot be the only consideration. Software developer, Allerin, has modelled a home automation project in which a company is building sophisticated connected home solutions. The solution includes cameras, motion sensors, smart
â&#x2013;˛
There is a lot of good news available to organisations looking to create IoT devices. Costs for many of the key components are on a downward trend. Everything from cameras to chips and sensors to displays is reducing in price and larger volume IoT deployments will see greater purchasing power and access to economies of scale become a reality. As illustrated in Figure 1 the average cost of IoT sensors was US$1.30 in 2004 and is expected to have come down to 38 cents this year. That figure is perhaps weighted towards the bottom end of the market but we are also seeing increased commoditisation of other key components that is substantially reducing the bill of materials (BOM) cost associated with IoT devices.
43
REPORT
locks and hubs that orchestrate various home appliances. The firm estimates the hardware development may cost as much as US$4-5 million for this type of service. This contrasts with the $15,000 estimated cost of a data visualisation application for a customised IoT gadget that helps detect the electrical signal of a human body and presents the data in a graphic form. The components therefore represent a substantial part of the cost of the overall solution even though costs for many items have been steadily reducing during the lifetime of IoT. Parallels can be drawn between the commoditisation of IoT connectivity, which for low bandwidth applications can be less than a dollar a month, and many IoT components which are similarly low-priced. This is proving to be a compelling driver for many lower-value IoT applications which suddenly make business sense because the device, application and connectivity can all be put together at a cost that enables a service to generate profit. Figure 2: Cost division for investment in IoT technologies 3% 3% 7%
15%
37%
35%
Application Development
Data Storage
Device Hardware
Security
System Integration
Connectivity
Source: BUSINESS INSIDER - How the internet of things will explode by 2020
44
BOM-proof specification The bill of materials is traditionally seen as the means to control device costs and consumer electronics companies have been devoted in their efforts to shave a few cents of each component in order to hit attractive retail price points. However, while the BOM provides easy to understand insight into the cost of device components, there is a less direct link between the BOM, the price point of the product or service and the likelihood of user uptake when it comes to enterprise IoT. Selecting cheaper, lower performance microcontrollers might reduce the BOM expense but it could also mean the deployment lacks flexibility, can’t support future features or is unattractive to higher value customers. Industrial end-customers, for example, seldom buy equipment without a service plan and customers in IoT often pay for a service with the devices bundled in to a service fee. This separates the cost of the device from the cost of the service and puts less emphasis on the BOM cost than for a sell-and-forget consumer electronics device. In addition, IoT devices, especially in industrial IoT, have a longer lifespan so spending more to achieve greater levels of future-proofing can be the more efficient decision – even though it might appear on paper to be a BOM-busting move. Organisations should therefore be less fixated on the overall BOM cost and focus on understanding more about the future capabilities of each line item on the BOM before deciding whether the component represents good value. Don’t forget that a cheap component that needs replacing during a ten or 15 year deployment will cause a truck roll that could cost a few hundred dollars, far outstripping a small incremental component cost increase for one with additional capabilities.
Uncertain certification costs Beyond the limitations of the BOM, other factors significantly influence overall hardware costs. Certification and compliance with regulations, whether for electronic device regulation or for communications regulatory compliance, are all required and, for those constructing hardware
▲
Cheaper components are not available for all IoT devices. Many still are premium products and lack of market scale, the newness of the innovation and the high cost of the materials involved will conspire to keep costs at a level that constrains their addressable market. Advanced functionalities and components are therefore likely to remain the preserve of higher-value IoT applications while commodity functions will continue to widen the number of viable IoT business cases. A 5G module, for example, is currently at a price point, north of US$150, that precludes it from inclusion in cheap computing devices for education applications in developing markets.
Of course, volume will come to many market segments, production efficiencies will be made and competition will grow, all of which will contribute to reducing today’s cost for these types of components. However, don’t mistake the commoditisation of some IoT sensors and some IoT connectivity as a signal that all IoT components are – or will soon be - at the bottom of the pricing curve.
IoT Now - Q3 2020
REPORT
Conclusion
themselves, this often is necessary at the component or subassembly level. Certification can be a costly process and replicating work done by others can be counter-productive and cause delay. IoT device certifications are obligatory to prove that the IoT device fits the international standards before release and connectivity integrator Axible, points out that this stage has the potential to devour a large part of a budget. The firm reports that the CE verification of a simple Sigfox device in the European Union is around US$10,000. It therefore will make sense for most to use pre-certified units and avoid bespoke development that invalidates certification.
Functional blocks In stark contrast to the traditional approach to IoT device development, which has seen companies or their partners specify components on an individual basis and then go through lengthy and costly integration processes to enable a working device, increasing numbers of developers are adopting the approach of buying blocks of functionality. Such functional blocks, examples of which are listed in Figure 3 enable a suite of capabilities to be acquired, similarly to a sub-assembly, that brings a set of preintegrated components together for an organisation to add to their device. Figure 3: Some functional blocks of IoT components Connectivity
Processor
USB Host
CPU
RJ45/Ethernet
Audio/Video Interfaces HDMI
I/O Interfaces (sensors, actuators, etc.)
3.5mm audio
UART
RCA video SPI
Memory Interfaces
Graphics
NAND/NOR
GPU
Storage Interfaces
MMC DDR1/DDR2/DDR3
12C
SD CAN
SDIO
In addition to rapidly and cost effectively addressing certification requirements, acquiring device capabilities in functional blocks radically simplifies the development of IoT hardware. Specification of the individual components of a device is often not part of the skillset of a typical organisation looking to digitise its business. Traditionally, this would be outsourced to a device development house which would specify the individual components and arrange sourcing of these. However, by adopting blocks of functionality, the process is greatly simplified and islands of pre-assembled components can be brought together. A manufacturer of hair straighteners, for example, does not want to become an expert in the minutiae of microchip, battery and connectivity performance. It just wants to provide its product-as-aservice to its consumers in a secure, reliable, cost efficient and attractive way that allows its customers to have a good experience while enabling headroom for profit. Taking pre-integrated, precertified functional blocks and making these central to device design simplifies, accelerates and can reduce overall device costs.
IoT Now - Q3 2020
With Cisco Systems research estimating that almost three-quarters of IoT projects fail, it’s clear that hardware, which accounts for 35% of IoT technology investment, has a significant role to play in the success or failure of an IoT project. There are extensive variables that hardware design must take into account that go far beyond specifying the best performing component at the lowest possible price. That, of course, is a fundamental and largely unchanged goal but it must be tempered by greater understanding of the nature of each IoT deployment. Long lifespan IoT device deployments must factor in the likely need to upgrade the product so investment in additional components to enable over-the-air (OTA) updates which would initially cost more but ultimately cost less can be justified. Similarly, paying more to install LTE or 5G connectivity now could result in a later saving over being confined to a lower bandwidth technology. Hardware that is expected to ship in very large volumes is also complex to design and component selection will be decided based not only price and performance but also on availability. It’s critical that the supply chain behind such devices is robust and able to handle the expected uplifts in demand. Highly-specialised applications might require sectorspecific components that may cost more than generic sensors but are the only way for this type of high value service to operate. This must be taken into account at the outset and the device designed with the components needed in mind. Component specification is heavily dependent on the nature of the individual IoT device, the applications it enables and its deployment landscape. This is certainly not a one-size-fits-all arena and it is complicated further by fragmentation in geographical regulation, technological standardisation, likely volumes to be shipped and the lifespan of each deployment. What is clear is that a low BOM cost alone is no longer an indicator of optimised component specification. The other factors detailed in this report must also be taken into consideration alongside avoidance of repeating existing development, innovation and certification. Colin Chapman, the founder of racing and sports car maker, Lotus, said his design philosophy was to: “Simplify and add lightness.” This is a good philosophy for developers of IoT hardware but it is also necessary to add speed to the design process. Simplify where possible, take a lighter weight approach by using preexisting blocks of functionality and integrating them into the device, and achieve speed by accessing the development work of others to address certification requirements. By achieving a fine balance between cost, functionality, compliance and time-to-market, IoT hardware can optimally address the requirements of the service it enables but, make no mistake, this a complex calculation that requires in-depth and highly specialised knowledge across several different disciplines.
45
IoT SENSORS
The Internet of Things comes into its own The world of technology is changing faster than ever these days, and the pace of new technology introduction to wireless applications has not subsided. The Internet of Things (IoT) is fuelling innovation in nearly every part of our lives, writes Robbie Paul, the director of IoT Business Development at Digi-Key Electronics There are four legs to the IoT stool. Sensors and Connectivity are two of the four legs of the IoT stool. The other two are intelligent hardware (microcontrollers) and intelligent software (machine learning). With the proliferation of IoT, the need for a greater diversity of sensors has exploded across all industries. At Digi-Key we’ve seen firsthand
▲
Connecting the ‘things’ that were never connected before is leading to new data insights that translate into meaningful change and create business value. IoT is a mega-technology trend that will not only be an endurance test for legacy systems but will also shape the fate of small and big companies in many different industries. Estimates are for 50 billion IoT connected devices by 2020 and 100 billion by 2025.
SPONSORED ARTICLE
46
IoT Now - Q3 2020
Robbie Paul Digi-Key Electronics
Creating a safe environment for customers and employees is essential to doing business
how this demand has skyrocketed. We sell more than 60 million sensors each year, and have over 130,000-part numbers available, and counting. Temperature sensors are by far the most popular, followed by accelerometers, driven by the popularity of activity tracking IoT devices. Environmental sensors are third, focusing on sensors measuring pressure and humidity.
Health and Safety trends The COVID-19 crisis has brought several IoT solutions to the forefront. The overarching goal of these solutions is to assist in preventing the spread of the virus, which can be transmitted by air as well as by touch or on surfaces. IoT solutions can mitigate some of these risks by monitoring and controlling key transmission modalities.
IoT Now - Q3 2020
â&#x2013;˛
The US Environmental Protection Agency (EPA) has reported that Americans are spending 90% of their
47
IoT SENSORS
disrupting productivity can be a challenge. Even a simple system with high-visibility indicators to notify staff to begin scheduled cleaning processes coupled with automatic data recording and collection can go a long way to ensuring compliance. Furthermore, with optical sensors, non-contact switching and activation can be enabled and used to control almost anything. As policies and procedures continue to evolve throughout the COVID crisis, optical sensors will be more important than ever for monitoring and controlling for health and safety.
Trends in Connectivity
time in buildings "where the concentrations of some pollutants are often two to five times higher than typical outdoor concentrations." IoT solutions for air quality monitoring include CO2 and particulate matter sensors in addition to the more common sensors that measure temperature and humidity. Creating a safe environment for customers and employees is essential to doing business. For many businesses, implementing social distancing solutions is now necessary to control the flow of customers through a store. This provides a unique opportunity for sensors as there are several occupancy monitoring solutions available that make it easy to keep a constant, accurate count of the number of people in, say, a retail establishment, and that also provide a notification as full capacity is approached. As public life continues to reopen, optical sensors are a key piece of the occupancy monitoring solution and are being used in a novel way.
48
Other technologies that do not leverage existing cellular networks and must have infrastructures built anew include Sigfox, LoRa/LoRaWAN and NB-Fi to name only a few. The disadvantage to these is requiring an uplink to couple to the broader internet. While these non-cellular network operators provide this uplink as a service, it is yet another computer network system to negotiate. Software Defined Radios (SDRs) allow a developer to experiment with entirely new modulation schemes. Even if you donâ&#x20AC;&#x2122;t have the expertise, experimenting with an SDR can teach you a lot and it is fun. It is simple to do today with off-the-shelf SDRs. One such SDR is the
â&#x2013;˛
Sanitation is also essential to maintaining a safe and health work environment during the pandemic. Establishing a cleaning and sanitising schedule is relatively easy, but maintaining and showing compliance to outside agencies without
Low power wide area network (LPWAN) radio technologies are available on cellular infrastructures and have been around for a few years now. Narrowband Internet of Things (NBIoT) and Long Term Evolution Machine Type Connection (LTE-M) are popular. The advantage of these technologies is their leverage of existing cellular towers that are used for voice and high bandwidth traffic. However, a device that needs only occasional reporting and control does not require a high bandwidth, and since many are battery-operated, there was a need for lower power and lower bandwidth standards that these technology standards enable.
IoT Now - Q3 2020
The ADALM PLUTO off-the-shelf SDR
Analog Devices Advanced Learning Module PLUTO (ADALM-PLUTO) from Analog Devices and available for off-theshelf shipping for less than US$150 as of August 2020. They interface to a personal computer over a USB link, contain an FPGA that is easily reconfigured, have extensive support for the programming language Python, and can transmit and receive signals over a range from 325MHz to 3.8GHz. If you really want to know and use RF, you can start at this level.
give a more complete environmental picture. The bottom line is we’re using sensors and connectivity today in rudimentary ways. We gather all of the data but don’t actively use most of it. Artificial intelligence and machine learning will be integral to helping us make data richer and more useful – and that will make all the difference in the world.
Artificial intelligence and machine learning are starting to play greater roles in sensor deployment
Artificial Intelligence and Machine Learning Artificial intelligence and machine learning are starting to play greater roles in sensor deployment. One example of this is the Google Nest, which sets temperatures based on its surroundings, when people are coming and going, whether it’s a weekday or weekend. The Nest device is continually gathering data, analyzing it, and sending it to a cloud server to notify the user of its findings. Not only does deep data analysis contribute to greater convenience for the user, but it also results in significant cost savings. A great example of this is some of the commercial applications for sensors that we’ve seen in the agriculture industry. Specifically, we’re seeing a lot of farmers use moisture sensors to manage their irrigation systems. These sensors arm the farmers with rich data and automatically turn on the irrigation system if they detect the crops need moisture. As sensors continue to progress, we expect that this intelligence and connectivity will be taken to a higher level. For example, tapping into the Weather Channel data, learning it is going to rain tomorrow, and determining not to activate the sensors. We’ll also see the fusion trend here - combining temperature, humidity and pressure to
IoT Now - Q3 2020
www.digikey.com/iot
49
Global Advisors on IoT, AI and Digital Transformation
Matt Hatton Founding Partner
Jim Morrish Founding Partner Transforma Insights is the leading research firm focused on IoT, AI and Digital Transformation. Led by technology industry analysts Matt Hatton and Jim Morrish, we provide advice, recommendations and decision support tools (including highly granular market forecasts) for organisations seeking to understand the opportunities and threats associated with new disruptive technologies.
Sign up to your free introductory â&#x20AC;&#x2DC;Essentialâ&#x20AC;&#x2122; subscription to explore our research:
transformainsights.com/ signup/essential transformainsights.com
enquiries@transformainsights.com
@transformatweet
INTERVIEW
The importance of building IoT ecosystems As IoT continues to become a mass-market phenomenon, it is becoming apparent that no single company has all the attributes needed to enable, develop, initiate and deploy IoT products and services. Instead an ecosystem of specialists are required to enable the efficient delivery of IoT capabilities. Slawomir Wolf, the chief executive at AVSystem, tells Jeremy Cowan, the editorial director of IoT Now, what an IoT ecosystem should look like
Jeremy Cowan: What do you think constitutes a good IoT ecosystem? Slawomir Wolf: A good IoT ecosystem can usually be broken down into the following key ingredients: connectivity, devices, IoT platforms for device management, application enablement and data processing. I call these the five pillars of a successful IoT project. Of course, in reality, things are often more complicated than this and in practice we tend to look at various co-existing ecosystems.
maritime transport than those designated for monitoring consumer devices or pets. One thing that you always definitely need to consider is making sure that your deployment is as futureproof as possible. At AVSystem, we strongly believe that one way to do this is having a standards-based approach to your key IoT elements. Such as IoT device management or service enablement. Industry standards are a key element to protect your investment and leave space for future optimisations. JC: Why do you advocate Lightweight M2M?
What’s important to remember is that these ecosystems are constantly in motion. They are expanding, evolving or simply changing. This fact makes it especially challenging to ensure that all of these elements work well together and always remain in balance. A properly modelled service will save your money protecting you against vendor and technology lock-in. JC: What factors should you consider when creating a balanced IoT ecosystem? SW: It's important to remember that a one-sizefits-all approach is simply not possible. While planning you should always be taking into account the needs for your particular IoT project – its size, the type of devices you should be using, needs of the industry, the general business model as well as any potential vulnerabilities or threats. Even when taking a single use case such as asset tracking, all of the elements of the IoT ecosystem mentioned above might be drastically different for each scenario.
IoT Now - Q3 2020
The telecoms sector understood this problem very early. At the beginning of this millennium they were the only companies facing a need to manage various devices at large scale. Certainly their motivation was also different: from reducing truck rolls in case the device had broken down to faster service activation or quality of service monitoring. All these use cases were covered by device management systems. The need for remote control over equipment installed at subscriber homes has been increasing over time along with the complexity of the services delivered. As experts in device management, we really know what it's like when our customers come to us with IoT projects that completely dismiss a solid foundation of standards in their scopes. Lack of interoperability, problems with ensuring basic device operations such as remote upgrades
▲
For example, the type of connectivity, devices and platform requirements for tracking containers will be completely different in
SW: We’re basing a lot of our IoT strategy on our 14 years of experience in providing device management solutions for the telecoms industry. If one had to choose one thing that the telecoms world can teach different IoT players it’s the importance and need for standards.
We’re basing a lot of our IoT strategy on our 14 years of experience in providing device management solutions for the telecoms industry
51
INTERVIEW
and monitoring or fixing security issues are often the outcomes. Sometimes these issues arise quite quickly, but frequently they appear when the deployment scales up or there are unforeseen changes in any of the key IoT project components such as devices.
Slawomir Wolf chief executive AVSystem
Without the interoperability provided by standards, the entire IoT ecosystem might easily become out of balance. That’s why we want to help our customers and fellow partners in the industry by making the right choice and starting out their IoT deployment with a standard for device management that is well designed, ensures security and interoperability. What’s especially worth mentioning is that LwM2M provides these key aspects out-of-the-box. Interoperability thanks to a well-defined data model and state-of-the-art security by using datagram transport layer security (DTLS) and transport layer security (TLS). The protocol’s overall design is flexible, lightweight and suitable for a variety of devices such as sensors, microcontrollers or gateways. What’s even better is that adoption is facilitated thanks to the existence of open-source client-side solutions that are free to download and use. Last but not least, industry experts often take message queueing telemetry transport (MQTT) for a device management technology, while it’s just another transport protocol which doesn’t give you any logic, processes nor data definition out of the box. It’s simple to start with, but all aspects delivered by LwM2M out of the box need to be built from the scratch. JC: What risks or failures can be avoided with a good device management system? SW: I like to say that a good device management system is like a good insurance policy. But this is a bit of an old fashioned approach as it refuses the benefits of proactive maintenance, machine learning and all the recent hot technologies. When the system itself is based on data and knowledge, it can cure your network or devices without the need for human action. Then, the ideal scenario is when it helps you without you even knowing what problems could have occurred.
www.avsystem.com
Security is probably the most obvious and clearly defined issue that this can help address and is ensured by standardising the device and security certificates provisioning process. Also, it gives you the tooling for easy upgrading of the
firmware for thousands of devices in the field. Another key risk that can be avoided is vendor lock-in. A good, standards-based device management system will allow you to treat all of your devices in the same way, regardless of the connectivity technology or device manufacturer. This is a key part of the topic of future-proofing your IoT deployment. And finally, there is the integration aspect. A good device management system will minimise the risk of making your device-related operations exist in a silo. It will allow you to easily integrate data from other systems that are key to your operation and make sure that the pieces of your entire IoT project work well together. JC: Has COVID been a useful catalyst to accelerate an inevitable process? SW: Definitely. What is clear for everybody is that COVID is a catalyst for change. From my point of view it is a huge social experiment taken on a global scale. For the first time in human history, it has brought the need for new types of tools and solutions, like our social distancing solution built on our Linkyfi platform. Companies and governments are trying to utilise technologies and collected data to protect people. The concern we all may have is how far we should let them interfere with our daily lives? For our own safety, I believe technology should be utilitarian, it should serve people. For IoT projects it should bring benefits to the companies in the form of improved logistics, better chain management, better understanding of customers’ needs, better analytics and lower operational costs. For many players in the logistics, retail and manufacturing industries, COVID has become the final urge to disruptively challenge the status quo and to not only re-think, but actually act upon the digital transformation. This affects companies’ business models, model of operations or even entire corporate strategy. And then there is also the fact that we are starting to see the development of completely new use cases that are driven by urgent market needs such as the needs for social distancing or making operations even more remote. In a way, the challenges and disruption of COVID have made many businesses move from theory to practice, which should accelerate moving towards industry 4.0 even faster.
SPONSORED INTERVIEW
52
IoT Now - Q3 2020
DEVICE MANAGEMENT FOR IoT DEPLOYMENT HOW TO OPTIMISE FOR SUCCESS
SPONSOR
REPORT
Optimum device management is key to successful IoT deployment Excellent device management is critical to any Internet of Things (IoT) deployment, says Josh Taubenheim, an IoT analyst at the US-based IoT test and research organisation, MachNation. Here he describes the four requirements to consider when choosing an IoT device management vendor
FULLY FEATURED
MachNation IoT Device Management ScoreCard: Capability vs Business TECHNOLOGY READY AVSystem
RUDIMENTARY
SOPHISTICATION OF CAPABILITIES
FIGURE 1
CHALLENGERS Amplia Ayla Networks Blynk IoT
BUSINESS READY Amazon Harman Nokia Particle
NICHE
ESTABLISHED
MARKET READY Arm Bosch Microsoft PTC Software AG
STRATEGY AND BUSINESS
The IoT device management (DM) space is one of the most important and complex technology areas of the Internet of Things. Enterprises realise that support for IoT devices in a heterogeneous environment enables them to launch new services, create revenue opportunities, and minimise solution support costs. MachNation, an IoT test and benchmarking lab, has been asked by our enterprise and service provider (SP) clients to evaluate IoT DM offerings. MachNation published the results of this technology and business evaluation in our fourth annual IoT Device Management ScoreCard. This ScoreCard aids enterprise and SP buyers in their selection processes and provides guidelines for the most important characteristics of IoT device management.
What is an IoT device management platform?
â&#x2013;˛
First, letâ&#x20AC;&#x2122;s start with a definition. An IoT device management platform is an offering that provides functionality associated with the deployment and management of IoT assets. Typical IoT assets include IoT gateways, retrofitted and new industrial equipment, and Linux-based devices like Arduinos or Raspberry Pis. Typical DM functionality includes asset provisioning, firmware upgrades, security patching, alerting, and reporting on specific metrics associated with IoT assets. IoT device management platforms are part of an overall IoT solution architecture.
54
IoT Now - Q3 2020
FULLY FEATURED
MachNation IoT Device Management ScoreCard: Capability vs Deployment FEATURED FOCUSED AWS AVSystem Harman Nokia
RUDIMENTARY
SOPHISTICATION OF CAPABILITIES
FIGURE 2
OVERCOMPLICATED Amplia Ayla Networks
USABILITY FOCUSED Arm Blynk Particle PTC
COMPLEX
SIMPLE
BALANCED Bosch Microsoft Software AG
DEPLOYMENT
MachNation’s ScoreCard includes the following vendors (listed alphabetically): Amazon, Amplia, Arm, AVSystem, Ayla Networks, Blynk IoT, Bosch, Harman, Microsoft, Nokia, Particle, PTC, and Software AG. MachNation selects a group of participating vendors that adequately represent the diversity of approaches and sizes in this burgeoning IoT DM market. No vendor is charged a fee to participate in any MachNation ScoreCard.
Unique findings show vendors’ strengths in technology There are many ways to classify IoT device management vendors. Based on MachNation’s experiences in helping enterprises and SPs pick appropriate IoT DM vendor partners, MachNation has assembled two graphics to visualise the IoT DM vendor ecosystem.
▲
First, MachNation believes it helpful to classify vendors by their relevant business characteristics and IoT DM technology capabilities (see Figure 1). This 2x2 matrix helps decision makers understand vendors’ positions from a business perspective and the strengths of their DM technology offering. MachNation classifies IoT DM platforms into four buckets: market ready, business ready, technology ready, and challengers.
IoT Now - Q3 2020
55
REPORT
Device management platforms are a key IoT enabler and a critically important component in IoT deployments today
FIGURE 3
Requirements categories
Excellent lifecycle management capabilities Cogent and robust architecture and security model Easy and efficient integration approach Forward-thinking business strategy
Second, we believe it is helpful to classify vendors by their relevant capabilities and the relative ease of platform deployment (see Figure 2). This 2x2 matrix helps decision makers understand the completeness of technology provided by each vendor and the robustness of deployment capabilities. MachNation classifies IoT DM platforms into four buckets: balanced platforms, usability focused, feature focused, and overly complex. Device management platforms are a key IoT enabler and a critically important component in IoT deployments today. Using a DM leads to a faster time to market; ensures a high quality, reliable, secure offering; and enables enterprises to build competitive advantages in their markets. MachNation suggests that enterprises evaluate DM platforms across four categories: excellent lifecycle management capabilities; a cogent and robust architecture and security model; an easy and efficient integration approach; and a forward-thinking business strategy (see Figure 3). Letâ&#x20AC;&#x2122;s discuss each of these four requirement categories a bit more.
Lifecycle management Lifecycle management refers to the ability of a DM solution to provide capabilities for common operational tasks relating to the management of devices or gateways. A leading DM solution must provide capabilities for initial asset rollout such as onboarding or software deployment. It must also provide capabilities for asset configuration and ongoing operational maintenance such as diagnostics, monitoring, and alerting. An efficient and capable operational management layer is key to providing cost-effective support of connected assets over the course of their service life. MachNation evaluates an IoT DM vendorâ&#x20AC;&#x2122;s lifecycle management functionality in five key areas: software and firmware management; monitoring, alerting and dashboards; bulk device management; diagnostics, logging, and troubleshooting; and remote configuration and remote actions.
Architecture and security
56
â&#x2013;˛
The architecture of a DM platform is crucial to ensure a solution functions effectively at the time of initial deployment, scales to production levels, and
IoT Now - Q3 2020
affordably serves the customer over the implementation lifetime. A high-quality technical implementation without an excellent underlying DM architecture is an easily made, but inevitably expensive mistake for a customer. MachNation has identified four evaluation criteria for overall DM architecture: security model, productisation, IoT platform performance and scalability, and flexibility of the multi-tenant and multi-customer offering.
Integration One of the most daunting prospects for any solution provider is choosing an IoT DM platform that integrates efficiently with existing hardware and software assets while also providing a well-defined path for new asset deployments. MachNation believes that an effective DM platform should provide appropriate programmatic and non-programmatic resources to enable integration of managed and unmanaged devices into the platform and to provide the ability to make sensor and machine data available to external systems.
MachNation evaluates an IoT DM vendor’s integration functionality in five key areas: platform application programme interface (API) capability and extensibility; device software development kit (SDK) and API integration; connectivity management; data-egress capability; and developer usability and IoT UX.
Business strategy There are several business and strategy characteristics of leading DM vendors that maximise their chances of market success. MachNation has identified four areas for successful IoT DM business and strategy: the size of the vendor’s overall business, the vendor’s DM vision, its technology partners, and its business partners. By following these requirements, enterprises can ensure they are selecting a best-in-class platform for management of IoT devices. By choosing the right, high-quality DM platform, enterprises position themselves for long-term deployment success.
The author is Josh Taubenheim, IoT analyst at MachNation.
MachNation and its IoT test lab will continue to benchmark IoT platforms and solutions. For more information on MachNation’s research initiatives and IoT platform testing services, please contact us on our website or send an email to info@machnation.com.
IoT Now - Q3 2020
57
DEVICE MANAGEMENT
IoT management: left to its own devices, it probably wouldn’t Device management (DM) is the foundation upon which any IoT is underpinned so it must be right from the start. Easier said than done, asks Nick Booth? If you are starting a long journey, your initial choice of platform for embarkation is crucial.
58
▲
If you board the wrong machine from the wrong platform, it will take you to the wrong place at the wrong time. In the final indignity some unsympathetic type from Revenue Protection will shake his head and make you pay extra.
It’s an easy mistake to make in an IoT journey because the timetable is confusing, the message on board is inconsistent and the trains of thought all look alike. IoT travellers have it even harder than their rail travelling counterparts because their journeys never run on fixed tracks and there are no standard gauges because they are always breaking new ground.
IoT Now - Q3 2020
Charlene Marini
Slawomir Wolf
Arm
AVSystem
The one certainty in IoT journeys is that device mis-management is a problem that only gets more painful and expensive. If caught in the early stages of growth the problem is salvageable, but it’s best avoided altogether.
The order of events in an IoT makes top down management, starting at app design and moving down through the stack, very inefficient. “No matter how great the app layer, how beautiful the user experience or smoothly the middleware eases data management, all that hard work is undone by bad device management,” says Taubenheim.
Philip Hooker, the vice president of Strategic Programmes at Software AG, describes the IoT to clients as the ‘Peter Pan of technology’. One of the few ways to help it grow and mature is through effective device management. “Device management brings order to the chaos of a massively diverse ecosystem of differing types of sensors, assets and gateways,” says Hooker. Supporting a wide range of IoT devices within a wildly diverse environment makes it easier for businesses to launch new services, make money and cut support costs. Choosing a DM is never easy when there’s over a dozen seemingly reasonable options, each with obvious strengths and weaknesses. Technology analyst Josh Taubenheim at IoT testing specialist MachNation is one of the few people who has walked the full length of the counter in the DM shop. When MachNation consults with companies on their potential, the first job is to match the device management strategy to the full technology stack.
IoT Now - Q3 2020
This is why your stack must not have feet of clay. The architecture is fatally undermined if devices aren't continually monitored, updated, stress tested and maintained. DM systems save time and money by providing one console that manages everything and lets you bulk register devices and manage their entire lifecycle. Software AG’s service offering, for example, promises to plan every detail from onboarding to offloading, taking in all the monitoring and maintenance in the life of a device, regardless of the model or the supplier. “Flexibility in the supply chain is imperative,” says Hooker, “device platforms create resilience by opening-up new hardware sourcing options.” Does that mean IoT pioneers, who might have had to build systems without the wisdom of hindsight, are doomed?
▲
“Too often multiple different IoT services are stitched together by systems integrators,” says Taubenheim.
Once the whole system is running, all IoT data gathered in the field has to be sent north through a connectivity protocol, like LwM2M, MQTT, or ModBus before it’s processed in a normalisation layer and fed to the databases and applications.
Too often multiple different IoT services are stitched together by systems integrators
59
DEVICE MANAGEMENT
If your infrastructure is already laid out and your deployments are in the field, you will need a strong and accommodating DM
Is there ever a way to retrospectively add device management? Possibly. Telecoms operators showed us that it’s never too late for device management, says Slawomir Wolf, the chief executive of DM vendor AVSystem. Before the IoT came along, the big service providers launched projects geared for instant gratification without a thought for subsequent global scaling, says Wolf. They soon found themselves with a range of models and manufacturers, each needing its own management technique. They realised that unified device management could take back control from this chaos and it became apparent that the sooner they nipped the growth in device diversity, the less painful the projects would become. So they began to start every project by choosing their device management system. If your infrastructure is already laid out and your deployments are in the field, you will need a strong and accommodating DM. It must absorb a galaxy of gadgets without diminishing the powers of communication ingrained in each system’s syntaxes, says Wolf. However, the critical importance of DM should not be overlooked, no matter how urgent the deadline. If you rush to create a new service, you’ll never maintain control of it because issuing mass firmware upgrades will be impossible. This is why device management features, such as ‘over the air’ firmware updates and strong data encryption, are an imperative. However, retrospective action is not the best plan. “Without a solid foundation to build on, your IoT project will simply ruin your pocket,” says Wolf. Your choice of DM system should be driven by what you want to achieve. Work out the principles you want for your system. Device management is not a one size fits all system because of the diversity across other parts of the stack, on the comms and the potential edge computing options. “Enterprise-ready IoT calls for the abstraction of the device layer from the application layer,” says Charlene Marini, Arm’s vice president and general manager of devices for its IoT Platform.
60
A DM should keep each device working at an optimum level for itself and its situation. Typically, each one of a million managed devices will not be the same nor will they be used in similar situations. So good device management will recognise the macro-level request and translate that to micro-level instructions for each individual device and situation. Bad device management can lead to knock on problems, such as staff turnover, as support workers get demoralised. This creates a further cost of re-training new people and even altering corporate policies. Factor in other costs too, such as fines for violations of things like GDPR or HIPPA (depending on your industry) and data breaches that lead to lawsuits and government penalties. There are plenty of examples of device security gone wrong in the financial sector, says Taubenheim. What can you do to alleviate risk? Can DM be outsourced? Is there a service provider willing to carry the can if anything goes wrong? There are device management vendors and asset management vendors, says Taubenheim. However, it’s one thing for Bosch or Arm to offer service level agreements promising 99% device connectivity or message delivery on their platform. But going into the field and managing the hardware is something entirely different. “I'm not aware of a company that manages both,” says Taubenheim. Finding skilled DM operators is another challenge to be aware of. There are plenty of user-focused DM platforms out there that are intuitive and easy to use for OT personnel, says Taubenheim. Then there are some in the middle and then there are some that pretty much require a depth of knowledge akin to a dedicated developer to execute certain actions. Some self-service platform promise to help businesses to break down the barriers to IoT adoption without coding. These platforms offer a light at the end of the skills gap tunnel, which can be navigated by the business’s citizen developers, says Software AG’s Hooker. If the systems are sufficiently ‘plug and play’ then IoT initiatives can be carried out in days by the very people who’ll benefit from them on the factory floor. Software AG’s Cumulocity IoT system gives you these ‘no coding’ options. “It cuts through the
▲
This liberates any device, be it ultra-constrained or full-featured, to be managed across a diverse range of topologies, says Marini. The geometry of the IoT could be shaped by any combination of the cloud, on-premise systems or edge computing. It could then deliver data into any application platform. You can only create this abstraction if you have a full-featured turn-key device management system.
That, says Marini, gives enterprises the freedom to focus on the IoT-driven applications that will spur growth.
IoT Now - Q3 2020
complexity and helps businesses bring their IoT visions to life,” says Hooker. The strength is in its open architecture, which allows business to take quick initiatives using their own hardware, tools and components, matching them to their current needs. Ease of use should not compromise the power of the platform, says Hooker. “Cumulocity has one of the strongest user interfaces on the market for managing large device fleets,” says Hooker. This makes mass IoT deployments possible, while dashboards keep it easy when tracking project performance and remotely controlling software updates. Talented developers and data scientists relish these tools too and use them to create more sophisticated systems. This shared coding system means that all developer types can collaborate and use their domain expertise to create something that they all agree will be more fit for purpose. Your choice of a DM system hinges on many questions, says Taubenheim. How complete is the range of features? Do you need them all anyway? Will you need dedicated personnel to manage this? Can your people programme events or will you need developers? What are the upfront time and money commitments? How does it fit in with everything else? Wolf at AVSystem, calls manual device configuration ‘a song of the past’. “If you start with 50 devices you can expect your installation to grow,” says Wolf. “If you rush to create a new service, you will not be able to control and maintain it because issuing firmware upgrades on thousands of devices manually is simply not possible.” If your hardware is outdated it’ll soon be vulnerable to bad actor attempts, says Wolf. Before you know it, any costs that you wanted to avoid, by not investing in an efficient device management system, are doubled. This is why features offered by the device management platform, such as firmware-over-the-air updates and strong data encryption, are a must. If you build from the application layer down and subsequently realise your DM can’t do this, then you are in trouble. “You’re likely to find yourself re-working the entire solution,” says Wolf. On many an occasion Taubenheim has seen evidence of an existing infrastructure into which someone has tried to shoehorn a DM solution to fit what was already there. That can be more effort than building up from a DM base. While it’s never advisable to cut corners, IoT managers always face budget and manpower constraints. “I know it happens and that is more of
IoT Now - Q3 2020
a business decision than a technology decision,” says Taubenheim. If you were programming an AI robot to choose the right DM for each client, what would the variables be? “The evaluation would start with top level decisions, with 18 follow on decisions based on our sub-categories like usability, architecture, integration and security,” says Taubenheim. Some systems will have bullet proof security, but is that always a premium worth paying for? Finance, pharmaceuticals and law are good examples of industries whose regulatory bodies will demand 'bulletproof' systems – though no such thing can ever be guaranteed.
There are plenty of user-focused DM platforms out there that are intuitive and easy to use for OT personnel
However, some IoT DM platforms work with OEMs to forge ‘silicon-level security’. These are encrypted with proprietary security protocols on the factory floor and reach the customer with high levels of security. However, there is a downside. “They also almost guarantee vendor lock-in,” says Taubenheim. Arguably if you have the right DM foundations in place, you will never want to change anyway.
61
IoT DEVICE MANAGEMENT
AVSystem’s Coiote IoT Device Management platform offers a full set of functionalities that will take care of your devices throughout their entire lifecycle
Secure and scalable IoT deployments rely on efficient device management While being, first and foremost, a fundamental element of every IoT system that is necessary to create a secure and scalable IoT deployment, IoT device management can also create opportunities for businesses to launch new services and generate new streams of revenue There are many factors that constitute the best IoT device management system/platform. MachNation, in its report (see page 54), distinguishes four categories of requirements that are crucial for efficient device management: lifecycle management, architecture and security, integration, business and strategy. Software that caters to the needs of all categories, guarantees topclass deployment capabilities for any IoT project. AVSystem has prepared a short overview of its IoT device management offering based on these categories.
Lifecycle management
Coiote IoT Device Management is also ready for any device malfunction. You can run troubleshooting or use easily accessible device diagnostic logs to quickly resolve any issue. Finally, if your business has a lot of devices, you will greatly benefit from the platform's bulk device management capabilities. These allow you to easily
control even millions of devices by creating custom groups or flexible hierarchies within your asset fleet and performing actions in a structured manner.
Architecture and security Another important task for the device management software is to ensure device security. This includes authentication and encryption of the devices and their communications. By offering full support for the Lightweight M2M (LwM2M) protocol, AVSystem’s IoT products apply advanced security mechanisms both to the device-toplatform communication transport layer security/datagram transport layer security (TLS/DTLS), communication between internal system components and stored data. What’s more, the architecture of the device management platform should
▲
Lifecycle management refers to the device management platform’s capabilities for typical device operational tasks – from ensuring initial onboarding and configuration of a device, through to maintenance, monitoring and alerting, to device decommissioning.
AVSystem’s Coiote IoT Device Management platform offers a full set of functionalities that will take care of your devices throughout their entire lifecycle. With a built-in device autodiscovery feature, the platform quickly handles the pre-configuration stage and establishes connection between the device and the server. Once the device is connected, you can start monitoring its health in real-time using configurable dashboards; perform remote configuration; or set up alerts based on the aggregated data or device status.
SPONSORED ARTICLE 62
IoT Now - Q3 2020
AVSystem focuses specifically on IoT device management, which allows them to predict IoT trends and understand future needs of their customers
not only be capable of managing devices in bulk, but should also provide a secure means to do that. Coiote IoT Device Management’s state-of-the-art high availability and auto-scaling ensure you build your IoT device management project on a future-proof foundation. And if you need to provide different levels of access for different organisational units in your company, you can do it with the platform’s advanced multi-tenancy and role-based access control capabilities.
Integration Integration is a must-have capability in any device management software, so that it can fit into larger IoT system networks and add business value. Both AVSystem platforms – Coiote IoT Device Management and Coiote IoT Data Orchestration – provide a rich set of REST application programme infrastructures (APIs) that allow users to easily connect external services and systems with great flexibility. AVSystem also provides an easy way to support LwM2M in your devices by offering Anjay LwM2M SDK, which is an opensource set of tools for the development of the LwM2M client on various types of hardware. AVSystem’s products allow you to create an IoT ecosystem that combines data from operational and billing support systems (OSS/BSS) and other IoT platforms in a clear and easy way.
Business and strategy To support your business endeavours and help you sharpen the technological
edge over your competitors, a device management software vendor should not only have the expertise in the device management area, but also a clear business strategy. AVSystem focuses specifically on IoT device management, which allows it to predict IoT trends and understand future needs of its customers. As an evangelist of Lightweight M2M, AVSystem also made various improvements to accelerate the adoption of LwM2M as an industry standard. With open-sourcing of Anjay LwM2M SDK being just a start, AVSystem has been continuously releasing free integrations of Anjay for various operating systems - mbed OS, Zephyr, Raspberry Pi, FreeRTOS and others. What’s more, AVSystem has recently released a free tool that lets developers test their implementation of the LwM2M client based on Anjay – the Try Anjay tool offers a set of basic management features for validating LwM2M compatibility in a demo LwM2M server environment powered by AVSystem’s Coiote IoT Device Management platform. Last but not least, AVSystem’s LwM2M Interoperability Program provides enterprises, carriers and device vendors with a comprehensive tool for automated testing of the LwM2M protocol support and for certifying compliance with AVSystem’s Coiote IoT Device Management platform. These combined efforts aim to provide customers with a full set of tools and products to successfully
launch their IoT projects on a solid device management foundation.
Coiote IoT Device Management Coiote IoT Device Management is a platform that enables device management and telemetry collection through OMA SpecWorks’ Lightweight M2M standard (LwM2M). Coiote IoT Device Management is able to provide a leading solution for all IoT devices in various verticals – from small and simple sensors to powerful M2M gateways.
Coiote IoT Data Orchestration Coiote IoT Data Orchestration is a platform that makes it possible to collect data from various sources, aggregate it and then visualise and analyse it to get useful insights. The platform is able to process data from such protocols as: LwM2M, MQTT, HTTP and Sigfox, among others. As an integration platform, Coiote IoT Data Orchestration allows users to create new IoT services and develop new IoT projects without involving other service integrators.
Anjay LwM2M SDK Anjay is a free and open-source software development kit (SDK) that can be used to create an LwM2M client to help vendors of Internet of Things equipment implement support for OMA SpecWorks’ Lightweight M2M on their devices and enable remote management over LwM2M. www.avsystem.com
IoT Now - Q3 2020
63
INTERVIEW
How to map out a wild west response to the threat of IoT security To introduce our report on the evolving IoT security challenge, IoT Now's Antony Savvas spoke to Giuseppe Surace, chief product and marketing officer at Eurotech Group, a growing player in the IoT security market
The international company is headquartered in Italy and designs, develops and supplies edge computing and Internet of Things (IoT) solutions, including hardware, software and services. The most common customers of Eurotech are system integrators and enterprises, who want access to IoT building blocks that support edge gateways, high performance edge computers (HPEC) and artificial intelligence (AI) applications for the Industrial Internet of Things (IIoT). With data security a leading factor in successful IoT deployment, Surace told IoT Now: “In the ecosystem in which we operate, to achieve IoT security we need to establish solid solutions for device discovery with secure identity, authentication and encrypted communications. Without this, the underlining protocols are increasingly subject to abuse.”
Surace says: “The global Internet of Things security market value is growing at a compound annual growth rate (CAGR) of about 24% (see report), which is maybe not surprising considering the rising security concerns for critical infrastructure, increasing ransomware attacks on IoT devices and growing IoT security regulations.”
Organisations are also operating in borderless network environments making it increasingly more difficult to protect sensitive data
Welcome to the wild west He says: “One of the problems we face with the growth of IoT is the speed at which connected devices are being developed with a general lack of security standards or protocols. It’s the new wild west for technology – and hackers are already loving it. Security pundits are predicting disastrous security results beyond what we are already experiencing in the market today.” He adds: “The following famous sentence is selfexplanatory: "You call it 'Internet of Things; I call it Internet of Threats," - Eugene Kaspersky.”
▲
With the proliferation of devices that already connect to our networks, says Surace, along with the take up of cloud and big data analytics, cyber-attacks have “blossomed in volume” along with their sophistication. That's confirmed by security vendor SonicWall, which reports that IoT malware attacks are currently up 50% year-on-
year (see the following report). Organisations are also operating in borderless network environments making it increasingly more difficult to protect sensitive data.
SPONSORED INTERVIEW
IoT Now - Q3 2020
65
INTERVIEW
Device level security Security mechanisms are an integral component of Eurotech’s Everyware Software Framework (ESF) which are embedded in its IoT gateways. The ESF architecture is based on different software layers. The OSGi (Open Services Gateway Initiative) layer provides a foundation for securely managing software components (signed bundles). And ESF ensures that strict Java and OSGi security policies are enforced at runtime, and verifies that only software signed by the approved authorities is installed and enabled. The ESF Security layer encapsulates all the security features and it is supplemented by other measures like secure boot, appropriate hardware design and other measures, thereby ensuring proper protection of the solution at the edge. It also maintains a list of industry security guidelines to be followed when hardening a IoT device for a production deployment.
Giuseppe Surace
Common IoT security mistakes:
Eurotech • Use of hardware and software without built-in security features to prevent root access • Transmission of non-encrypted data • Lack of tools to perform remote devices updates • Hard-coded and inflexible credentials • No integrity check of the software and OS installed on edge devices • API tokens not encrypted • No proper authentication and authorisation systems
Security Best practice mechanisms in the “Best practices need to consider the specific cloud ensure that aspects of distributed mobile systems and authorised traffic is devices,” says Surace. “We need a secure execution environment for all devices and the IoT secure and integration platform, as well as secure software authenticated and management distribution. Above all, connected devices and the IoT platform must have a firewalls are used validated identity.” so all ports are To achieve this, companies must: secure – encrypted • Build solutions based on open and industry standards and authenticated.
www.eurotech.com
66
• Utilise proven security technology and partnerships • Include security, scalability and resilience in the design from day one – security by design • Identify each connected node and unique IDs and credentials • Mutually authenticate nodes in the IoT infrastructure • Encrypt all communication to protect data • Implement controls for automatic revocation of certificates • Digitally sign all communications over an encrypted channel • Digitally sign software and configuration to ensure integrity and authenticity of systems
Secure communication “Eurotech supports different protocols for secure communications, but we advocate the use of message queue telemetry transport (MQTT), which is a lightweight protocol optimised for IoT device communications,” says Surace. All MQTT traffic is originated from the gateway and encrypted over an SSL connection. Eurotech's systems also deliver all console access and REST API access over an encrypted HTTPS connection. And robust authentication is enabled by “strong, well-understood technologies” like X.509 certificates and encrypted credentials, Surace added.
Cloud security Everyware Cloud, Eurotech's IoT integration platform unites the operational technology (OT) domain and the information technology (IT) domain, providing all the data, device and embedded application management required to deploy and maintain distributed intelligent systems in the field. Security mechanisms in the cloud ensure that authorised traffic is secure and authenticated and firewalls are used so all ports are secure encrypted and authenticated. In addition, device authentication uses strong username/password credentials or a per-device certificate. Each device can be automatically provisioned during first activation with a secure, randomised, devicespecific password. The device-level security, communication security and cloud security described here illustrate how Eurotech delivers security by design, says Surace. Surace sums up what has to happen in the industry in the future: “Security for IoT needs to see everyone designing and deploying IoT devices, software and infrastructure that inspire confidence and which can be trusted. To do anything less will lead to market failure.”
IoT Now - Q3 2020
IOT NOW REPORT: HOW TO SECURE YOUR IoT DEVICES
SPONSOR
REPORT
How to secure your devices The issue of IoT security has been prevalent since the first things were being connected. This special report by IoT Now's Antony Savvas considers how security technology has evolved and whether it is up to the job The report looks at the market itself and what issues the industry has to address, including expert opinions on common security mistakes when planning and deploying an IoT project, IoT security best practices, IoT security by design, device-level and edge network security, communications security and cloud security. The urgency needed to tackle problems is perhaps illustrated by a report from SonicWall, with the security vendor's Mid-Year Threat Report finding that worldwide IoT malware attacks were up 50% year-on-year in the first six months of 2020.
the increasing adoption of cloud-based services. Industry players in the market are high in number, and range from hardware and software providers to system integrators and providers of professional deployment and security management services. Companies involved include Cisco Systems, IBM, Intel, Infineon, Symantec, Siemens, Gemalto, Fortinet, Zingbox, Mocana, Centri, Armis, Forgerock, Newsky, Cyber X, Eurotech, Icon Labs, Digi International, SecureRF, Altran, CA Technologies, MagicCube, Thales, Qualys, Karamba Security, Claroty, Trustwave, Sectigo, Dragos Security and Broadcom.
The market The global Internet of Things (IoT) security market by value is expected to grow from US$12.5bn in 2020 to US$36.6bn by 2025, at a compound annual growth rate (CAGR) of 23.9%, according to research house MarketsandMarkets. This forecast - from July 2020 - sits somewhere in the middle of a variety of analyst forecasts for the IoT security market. Technavio, in May 2020, said the market will actually grow by a whopping US$80.94bn during the period of 2020-2024, at a CAGR of almost 37%. Technavio said 2020 will see around 33% growth in IoT security spending when compared to 2019.
68
This, in turn, results in inefficient data management and reduced interoperability mechanisms, said the analyst. "The inability of such IoT networks to have a common platform, uniform standards and extensive authentication certificates can result in reduced security." Kevin Restivo, IDC research manager for European enterprise mobility, says: "While IoT is one of the fastest growing markets in ICT. The
â&#x2013;˛
Both analysts say key factors driving IoT security growth are rising security concerns around critical infrastructure, increasing ransomware attacks on IoT devices, increasing data risk in IoT networks, growing IoT security regulations and
The challenges A lack of standardisation for the security of IoT solutions is a major challenge. "Currently, there is no globally accepted set of technical standards for IoT, especially in terms of communications," says MarketsandMarkets. "With heterogeneous IoT networks and their protocols, it becomes difficult for devices connected in one IoT system to communicate with devices in another.â&#x20AC;?
IoT Now - Q3 2020
ecosystem is a complex mix of technologies and services: server, storage, analytics, IT services, security and a range of other technologies." He confirmed that security fears lead when it comes to market inhibitors. Restivo adds: "A lack of coordination between operations and IT is very much an inhibitor to secure deployment. Everyone wants to protect their fiefdoms or they're simply not able or willing to cooperate.
Common deployment mistakes: • Use of hardware and software without built-in security and privacy features • Allowing transmission of unencrypted data • Lack of tools and processes to plan device updates • Hard-coded credentials
"IT is often left behind during the project and security planning, budgeting and piloting. That lack of coordination can really stall the successful deployment of industrial Internet of Things initiatives." On the compliance side there have been governmental initiatives in IoT security, but there are concerns that it is consumers that are being prioritised, not businesses, which doesn't address a joined up problem from past experience. For instance, in July 2020, UK digital infrastructure minister Matt Warman revealed that internetconnected gadgets will have to come pre-set with a unique password, or require the owner to set one before use, as part of plans for tighter UK cyber-security laws. Peter Margaris, head of product marketing at Skybox Security, argues that while it's good to see a government prioritising security, warnings about IoT security risks and best practices should be extended to the business environment. He says: "In 2016, we saw the Mirai botnet take advantage of insecure IoT devices and turn its power against the internet itself. It didn't just affect select consumers, a single business or even a single sector - it disrupted the online world. Therefore, any new law must go beyond the consumer remit. A basic code of practice for all is the very minimum that should be put in place by governments to help prevent a repeat attack." So let's look at the main issues and considerations around IoT security deployments.
Common security mistakes when planning an IoT project
• No integrity check of the software and OS installed • API tokens not encrypted • Lack of proper authentication and authorisation systems
Device-level and edge network security Ben Carr, chief information security officer at Qualys, says: "Organisations and their partners have to ensure device-level security is optimised. At the most basic level it starts with knowing what devices you have in the environment and how they are configured.” "While asset management has been a core component of general IT, in many cases IoT devices have not been well accounted for,” he adds. “For those building IoT devices they need to say clearly what the boundaries are for connectivity and communication from the device itself, and they need to implement security controls from the beginning." There are three areas to consider, says Carr: how the devices behave normally; the security perspective, such as security controls and configuration; and third, the maintenance of the device and how updates can be applied securely and how they will affect the operational nature of the network. By looking at these three elements, we can get a better picture of those IoT devices and how to manage their security. Sadly though, many devices, even today, are designed and deployed without any security planning or management in place.
In the rush to adopt an IoT strategy it is understandable that many organisations can get it wrong, particularly if there is a shortage of experts on the pay roll.
Communications security
Deral Heiland, IoT research lead at cyber-security firm Rapid7, says: "Some of the biggest security issues around IoT are caused by not following manufacturer's guidelines or general security best practices during deployment."
Strong encryption is critical to securing communication between devices, says Jerry Nicolas Ponvelil, director of technology at Altran. Data at rest and in transit should be secured using cryptographic algorithms. This includes the use of key lifecycle management.
This includes not changing administrator default passwords, exposing technology directly to the internet, and using weak account passwords or passwords that are identical to other systems and accounts.
IoT Now - Q3 2020
"Protecting an IoT network includes ensuring port security, disabling port forwarding and never opening ports when not needed; using antimalware, firewalls and intrusion detection/intrusion prevention; blocking unauthorised IP addresses; and ensuring systems are patched and up-to-date," says Ponvelil. "If this is not done properly, it may result in compromised security in the cloud network and applications."
▲
"One of the most common issues is failure to properly segment networks – flat networks where every device can see every other device creates a serious risk to the organisation," said Heiland.
“While it's good to see a government prioritising security, warnings about IoT security risks and best practices should be extended to the business environment”
69
REPORT
“Cloud security threats are continually escalating, with our research recently revealing a 630% increase in external cloud attacks between January and April 2020”
Antony Savvas
Ben Carr
journalist and report author
Qualys
Carolyn Crandall, chief deception officer at threat management and hacker deception vendor Attivo Networks, said: "Using secure communications protocols prevents eavesdropping and interception attacks. Using blockchain to store and validate transactions between devices can increase communications security as well. For organisations using patch management servers, it can be useful to interweave decoys and in-network hacker lures that can alert on attempts to discover or exploit these systems."
ensure that everyone plays their part.”
Cloud security We all know about the proliferation of the cloud and how it is increasingly connected to the edge where the majority of IoT devices are located, so how do we secure this interconnectivity? Cloud security has a number of critical components, including access control; traffic filtering; security configurations; data protection; virus protection; and other incident monitoring, response and prevention elements. Nigel Hawthorn, data privacy expert for cloud security at McAfee, says: "Cloud security threats are continually escalating, with our research recently revealing a 630% increase in external cloud attacks between January and April 2020. Cloud and data security should therefore be front and centre in informing any enterprise's cybersecurity approach - even more so as increasing numbers of organisations adopt IoT devices and accelerate towards cloud only."
70
Security by design On IoT security by design, which has been promoted in the IoT industry for a number of years now, Altran's Ponvelil says: "IoT manufacturers - from product makers to semiconductor companies - should concentrate on building security in from the start, making hardware tamper-proof, ensuring secure upgrades, providing firmware updates/patches and performing dynamic testing. A focus should be on secure software development and secure integration. Hard-coded credentials should never be part of the design process. Organisations should require credentials to be updated by a user before the device functions." He adds that public key infrastructure (PKI) and 509 digital certificates should play critical roles in providing the trust and control needed to secure data exchanges and verify identity. Alan Grau, vice president of IoT/embedded solutions at Sectigo, said: "It is absolutely paramount that properly authenticated device identity is in-built into devices at the point of manufacture. In the absence of a clear legislative agenda, manufacturers have been able to churn out devices lacking authentication, with often only static credentials as a barrier for cybercriminals." Grau says PKI needs to be in-built so it cannot be tampered with further along the supply chain by malicious actors. Only if the chipset is authenticated and protected by certificates from
▲
He adds: "A shared responsibility model of security has a key role to play here - cloud security requires a layered defence where businesses address each part of the stack of responsibility individually, yet they all interact together as a complete framework. From service providers to enterprises and individual users, everyone is accountable in some way, and with the shared responsibility model, businesses can
"A good way to illustrate this is to think about a family renting a car,” he explains. “The manufacturer is responsible for the build quality and the airbags working, the rental company takes ownership of servicing and keeping the car roadworthy, while the driver is ultimately responsible for driving the car safely and carefully. Everyone does their bit."
IoT Now - Q3 2020
Arthur Fontaine
Alan Grau
RSA Security
Sectigo
the foundry stage of manufacture, will it remain secure across the device lifecycle, he says.
adding and removing devices, changes to access policies, the discovery of new vulnerabilities and firmware and software updates applied to devices.
Basic security design guidelines for manufacturers, developers, integrators and users have recently been published by both the US National Institute of Standards and Technology (NIST) and the European Telecommunications Standards Institute (ETSI), and are seen as a big advancement in promoting security by design. The NIST guidelines are the NIST IoT Device Cybersecurity Capability Core Baseline (NISTIR 8259A) and the ETSI effort is ETSI European Standard (EN) 303 645. The IoT Security Foundation, which is a global non-profit supported by the likes of Samsung, Huawei, Vodafone, BT, Centrica and Arm, has also published useful guidelines such as its Secure Design Best Practice Guides and the IoT Security Compliance Framework.
IoT security best practice Arthur Fontaine, solution manager at RSA Security, says he has five rules for best practice: 1) Identification: "You should make sure that each individual endpoint can be discovered, identified and classified," he says. Security teams need to be able to see which endpoints are present at an IP address and then detect specific information about the device, such as where it was manufactured, its model and serial number and what version of firmware it runs. "This can be achieved with modern edge platforms like the EdgeX Foundry, an open-source project hosted by the Linux Foundation," he says. 2) Conduct a thorough risk assessment: "It is not enough to simply get an IoT deployment up and running and then forget about it," says Fontaine. Risk assessments should be carried out continuously. The risk profile of IoT deployments changes over time, affected by activities such as
IoT Now - Q3 2020
Third-party risks may also arise if IoT data needs to be shared between the enterprise and external service providers. 3) Make sure the integrity of data is protected. "Sensitive data such as production information or customer records is often processed via IoT devices," he says. This data is subject to the same privacy controls as other data but may be overlooked or even completely isolated from control systems, causing significant risk for organisations.
"It is not enough to simply get an IoT deployment up and running and then forget about it"
4) Understand who is accessing the devices. "Protecting access to and from devices is an important part of ensuring the overall operational integrity of the connected environment," said Fontaine. Businesses should authenticate all users to ensure they are who they say they are, can only access what they're allowed to, and that their credentials have not been compromised. Emerging standards such as FIDO IoT can be helpful in creating the appropriate IoT identity foundation. 5) Combine monitoring with access policies. Fontaine says: "The magnitude of IoT deployments is often an Achilles heel when it comes to security and risk, but this scale does offer one advantage â&#x20AC;&#x201C; an abundance of operational data and use data about the devices." With this data, security teams can apply analytics and machine learning techniques to profile devices, baseline their normal behaviour, and detect and alert on anomalous activities. It's clear that IoT is getting serious about security but approaches remain immature in contrast to the well-established security practices of mainstream IT. The risks are different in IoT and this is starting to be reflected in the solutions and approaches that are coming to market. These will accelerate over the coming years and IoT security will start to resemble the wild west less.
71
IoT SECURITY
“
The IoT ecosystem is composed of many standards, vendors using different hardware, software and third-party services and APIs
An end-to-end approach to IoT security The IoT ecosystem is composed of many standards, vendors using different hardware, software and third-party services and application programme interfaces (APIs). This huge fragmentation makes the ecosystem very vulnerable to all sorts of attacks, both at the edge and in the cloud. To achieve IoT security, we need to establish solid solutions for device discovery with secure identity, authentication and encrypted communications or the underline protocols are subject to abuse The IoT ecosystem is composed of many standards, vendors using different hardware, software and third-party services and APIs. This huge fragmentation makes the ecosystem very vulnerable to all sorts of attacks, both at the edge and in the cloud.
To achieve IoT security, we need to establish solid solutions for device discovery with secure identity, authentication and encrypted communications or the underline protocols are subject to abuse.
IoT security best practices Common mistakes when planning an IoT project Often companies make important mistakes when planning IoT solutions, for example:
▲
• Use of hardware and software without built-in security features to prevent root access • Transmission of not encrypted data • Lack of tools to perform devices updates (also remotely) • Hard-coded credentials • No integrity check of the software and OS installed on edge devices • API tokens not encrypted • No proper authentication and authorisation systems
Best practices need to consider the specific aspects of distributed mobile systems and devices. We need a secure execution environment for all devices and the IoT integration platform, as well as secure software man-agement distribution. Above all, connected devices and the IoT platform must have a validated identity. To achieve this, we must: • Build solutions based on open and industry standard • Utilise proven security technology and partnerships • Include security, scalability and resilience in the design from day one • Identify each connected node and unique ID and credentials
SPONSORED FEATURE 72
IoT Now - Q3 2020
• Mutually authenticate nodes in the IoT infrastructure • Encrypt all communication to protect data • Implement controls for automatic revocation of certificates • Digitally sign all communications over an encrypted channel • Digitally sign software and configuration to ensure integrity and authenticity of the systems • Adopt Role-Based Access Control (RBAC)
Eurotech: security by design As described earlier, IoT security must be designed from day one. The architecture of an IoT solution can be divided into three layers.
Device-level security Security mechanisms are an integral component of the Everyware Software Framework (ESF), which in turn is embedded in the IoT Gateway. The ESF architecture is based on different software layers. The OSGi (Open Services Gateway Initiative) layer provides a good foundation for securely man aging software components (signed bundles). ESF ensures that strict Java and OSGi security policies are enforced at runtime and verifies that only software signed by the approved authorities is installed and enabled. The ESF Security layer encapsulates all the security features and it is supplemented by other measures like secure boot, appropriate hardware design and other measures, thereby ensuring proper protection of the solution on the Edge. Moreover, maintains a list of security guidelines to be followed when hardening an IoT device for a production deployment. The guidelines are compiled following the recommendation of Industry Standards such the Center of Internet Security (CIS) and the IEC 62443.
Secure communication Eurotech supports different protocols, but we advocate the use of message queue telemetry transport (MQTT), which is a lightweight protocol optmised for IoT device communications: • All MQTT traffic is originated from the gateway and encrypted over an SSL connection • All console accesses are exclusively available over an encrypted HTTPS connection • All REST API accesses are exclusively available over an encrypted HTTPS connection • Robust authentication is enabled by strong, well-understood tech-nologies like X.509 Certificates and encrypted credentials
IoT Now - Q3 2020
• Device management messages published by the IoT platform are signed to guarantee authenticity and message integrity
IoT cloud security Everyware Cloud unites the operational technology (OT) domain and the information technology (IT) domain, which means that it is the single, most important interface. A success attack would enable access to the enterprise environment. Everyware Cloud also functions as an M2M/IoT integration platform that acts like an operating system for the infrastructure.
Best practices need to consider the specific aspects of distributed mobile systems and devices
On the operational technology side it provides all the data, device and embedded application management required to deploy and maintain distributed intelligent systems in the field. • Security mechanisms in the cloud ensure that authorised traffic is secure and authenticated • It employs firewalls, so all in-bound ports other than broker ports are closed and secure (encrypted and authenticated) • Device authentication uses strong username/password credentials or a per device certificate • Security mechanisms in the cloud ensure that authorised traffic is secure and authenticated • It employs firewalls, so all in-bound ports other than broker ports are closed and secure (encrypted and authenticated) • Device authentication uses strong username/password credentials or a perdevice certificate • Each device can be automatically provisioned during first activation with a secure, randomised, device-specific password. In addition, the device credentials can be strongly tied to a specific device so the IoT Integration Platform will refuse authentication requests with the same credentials from a different device. • The device authorisation policy can further restrict the device data communication limiting the MQTT topics that the device can publish to and blocking device to device communication. • Access control is centralised and authenticated via HTTPS/SSL • Role-based access control is employed as well as user management and roles and permissions. A strict segregation of tenants down to a data level is another important element ensuring that other parties cannot access data and infrastructure. • Logins to Everyware Console can be further protected using a Two Factor Authentication (2FA)
www.eurotech.com
73
EVENT DIARY While we have made every effort to ensure the accuracy of this listing, the current COVID-19 pandemic means that many events are changing timing, dates and locations. Therefore please check at the eventsâ&#x20AC;&#x2122; websites to ensure details are up-to-date before travelling.
5G World
Smart Grid Cybersecurity 2020
Virtual Event 1 - 3 September, 2020 https://tmt.knect365.com/5gworldevent/
Virtual Event 7 October, 2020 https://www.smartgrid-forums.com/forums/ smart-grid-cybersecurity/
IoT World Europe Summit Virtual Event 1 - 3 September, 2020 https://tmt.knect365.com/iot-world-europe/
Industrial IoT World Virtual Event 6-8 October, 2020 https://tmt.knect365.com/industrial-iot-world/
Cloud & DevOps
The Smart Cities Summit
Virtual Event 1 - 3 September, 2020 https://tmt.knect365.com/cloud-devops-world/
Virtual Event 6-8 October, 2020 https://tmt.knect365.com/smart-cities/
Blockchain for Business Summit
IoT Security Summit
Virtual Event 1 - 3 September, 2020 https://tmt.knect365.com/blockchainbusiness-summit/
Virtual Event 6-8 October, 2020 https://tmt.knect365.com/iot-security/
AR & VR World Summit
Santa Clara, USA 13 October, 2020 https://iotdevicesecurityconference.com/index.html
Virtual Event 1 - 3 September, 2020 https://tmt.knect365.com/ar-vr-world/
AI & ML for the Smart Grid 2020 Virtual Event 9 September, 2020 https://www.smartgrid-forums.com/forums/ aiml-for-the-smart-grid/
MVNOs World Congress Virtual Event 15-17 September, 2020 https://tmt.knect365.com/mvnos-world-congress/
Utility Cloud 2020 Virtual Event 16 September, 2020 https://www.smartgrid-forums.com/forums/ utility-cloud/
IoT Device Security Conference
Advanced Metering Infrastructure 2020 Virtual Event 13-15 October, 2020 https://www.smartgrid-forums.com/forums/ advanced-metering-infrastructure/
Industrial IoT USA Summit Virtual Event 13-14 October, 2020 https://usa.industrialiotseries.com/
Battery Show Europe 2020 Stuttgart, Germany 14 - 16 October, 2020 https://www.thebatteryshow.eu/en/Home.html
IoT Tech Expo North America 2020 Virtual Event 4-5 November, 2020 https://www.iottechexpo.com/northamerica/
BIG 5G Event 2020 Virtual Event 22-24 September, 2020 https://tmt.knect365.com/big-5g-event/
Internet of Manufacturing US 2020 Virtual Event 28-29 September, 2020 https://iom-mw.internetofbusiness.com/
Grid Asset Management 2020 Virtual Event 30 September, 2020 https://www.smartgrid-forums.com/ forums/grid-asset-management/
74
IoT Tech Expo Europe Amsterdam, Netherlands 24-25 November, 2020 https://www.iottechexpo.com/europe/
5G EXPO 2021 Miami, USA 9-12 February 2021 https://www.5gexpo.com/east/default.aspx
Intertraffic Amsterdam 2021 Amsterdam, Netherlands 23-26 March, 2021 https://www.intertraffic.com/amsterdam/
IoT Now - Q3 2020
How successful was your IoT project? Fully Successful Mostly Successful Mostly Unsuccessful Not Successful
Unique survey of 25,000 IoT adopters reveals that only 12% of IoT projects are seen as fully successful. Digital Transformation can be challenging â&#x20AC;&#x201C; learn from where others have encountered difficulties. This 100+ page report is free to download and includes: Wide ranging research, interviews with solution providers and end-users plus huge survey of enterprise end-users on challenges arising from introducing IoT projects into their organisations. If you are involved in IoT solution development and implementation this is a must read report. Learn from where things have been going wrong in other IoT projects.
Download for FREE at: www.whyiotprojectsfail.com Proud to sponsor this important report that seeks to improve the success rate of IoT projects...
Freedom as a Service
IoT M2M COUNCIL
Eseye-IoT Now Advert-Print Ready.indd 1
18/08/2020 15:21