Why are IoT Business Models Important?

As the Internet of Things (IoT) spreads, the implications for business model innovation are huge. Filling out well-known frameworks and streamlining established business models won’t be enough. To take advantage of new, cloud-based opportunities, today’s companies will need to fundamentally rethink their ideas regarding business models. The industrial players are moving so slowly to evolve their business model designs they risk implementing solution concepts developed in the late 1990’s by about 2020.

Apple, Google, Amazon and others present an interesting case for how B2B companies should be thinking about designing and developing smart services business models.   Players like Apple and Google have developed a business design mode that pulls together technologies from multiple domains and packages that solution in a way that wins buyer acceptance. Add to this the momentum and creativity these players are creating within their communities of users and developers — they are all driving entirely new forms of collaboration, content and peer product development.

Albert Shum, Partner Director of UX Design at Microsoft, notes: “Business models are about creating experiences of value. And with the IoT, you can really look at how the customer looks at an experience—from when I’m walking through a store, buying a product, and using it—and ultimately figure out what more can I do with it and what service can renew the experience and give it new life.” To foster a conversation about the potential implications of connected experiences for designers, technologists, and business people, Albert’s team at Microsoft recently released a short film documentary called “Connecting: Makers.”

Some highlights of the connected business include:

• Business Model Transformation – selling results, outcomes or performance – not equipment;
• New Value-Added Services – providing peer benchmarking, targeted personalization services, predictive systems optimization based on analytics and modeling;
• Product Design and Engineering Insights – collecting machine operating history across an entire generation of machines to determine priorities for future designs;
• Sales, Fulfillment, and Supply Chain Services – developing a better understanding of installed base characteristics and behaviors for predictive modeling of demand for channel partners and ecosystem participants;
• Ecosystem Orchestration – developing brokerage services for multiple, parallel vendors for orchestration of services around machines and systems;
• New User Experience Design – designing more effective machines and/or systems based on a more intimate understanding machine behaviors and how users interact with the system; and,
• Installed Base Support Services – helping customers maintain installed systems and equipment on a collective or systemic basis through careful management of configurations, installed products contracts management and life cycle management.

We know about Internet of Things (IoT). It’s a hot topic now in the Industry but the concept has been from well over a decade. In the early 2000’s Kevin Ashton laid the groundwork for what would become the Internet of Things(IoT) at MIT’s AutoID lab.

In a 1999 article for RFID journal, Ashton wrote: “If we had computers that knew everything there was to know about things—using data they gathered without any help from us — we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best. We need to empower computers with their own means of gathering information, so they can see, hear and smell the world for themselves, in all its random glory. RFID and sensor technology enable computers to observe, identify and understand the world—without the limitations of human-entered data.”

This has been proved to be true now! But, what about security?  The main problem is that as the concept of IoT has been implemented recently, security hasn’t been in the picture. IoT products are often sold with old operating systems or software. It works fine on a personal level but what about an application on an industrial level? For this, an IoT device needs to be connected to the Internet, should be segmented into its own network and have network access restricted.

Image via (http://www.businesswire.com/news/home/20151014005474/en/ISACA-Survey-Wide-Gap-Consumers-Professionals-Internet)

We know about Cyber threats and the next thing in line is IoT. What can be done to prevent it? A lot of concepts and ideas are being shared. A conference also is being held in Cambridge, Massachusetts, United States (The link to the conference https://securityofthings.com/ ).

A generic Internet of Things topology: A typical IoT deployment will consist of sensor-equipped edge devices on a wired or wireless network sending data via a gateway to a public or private cloud. Aspects of the topology will vary broadly from application to application; for example, in some cases, the gateway may be on the device. Devices based on such topologies may be built from the ground up to leverage IoT (greenfield) or may be legacy devices that will have IoT capabilities added post-deployment (brownfield). Image via http://www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf

Some ideas on SECoT were given by Wind River (Wind River is a subsidiary company of Intel providing embedded system software which comprises run-time software, industry-specific software solutions, simulation technology, development tools and middleware.) one of which is

Building In Security From The Bottom Top:

Knowing no one single control is going to adequately protect a device, how do we apply what we have learned over the past 25 years to implement security in a variety of scenarios? We do so through a multi-layered approach to security that starts at the beginning when power is applied, establishes a trusted computing baseline, and anchors that trust in something immutable that cannot be tampered with.

• Secure booting: When power is first introduced to the device, the authenticity and integrity of the software on the device is verified using cryptographically generated digital signatures. In much the same way that a person signs a check or a legal document, a digital signature attached to the software image and verified by the device ensures that only the software that has been authorized to run on that device, and signed by the entity that authorized it, will be loaded.
• Access control: Next, different forms of resource and access control are applied. Mandatory or role-based access controls built into the operating system limit the privileges of device components and applications so they access only the resources they need to do their jobs.
• Device authentication: When the device is plugged into the network, it should authenticate itself prior to receiving or transmitting data
• Firewalling and IPS: The device also needs a firewall or deep packet inspection capability to control traffic that is destined to terminate at the device. Why is a host-based firewall or IPS required if network-based appliances are in place? Deeply embedded devices have unique protocols, distinct from enterprise IT protocols. For instance, the smart energy grid has its own set of protocols governing how devices talk to each other
• Updates and patches: Once the device is in operation, it will start receiving hot patches and software updates. Operators need to roll out patches, and devices need to authenticate them, in a way that does not consume bandwidth or impair the functional safety of the device.

So concluding this post we can say that though how appealing IoT is and the potential it carries, there are some major requirements to fulfill before actually starting to implement it on a major scale.

If you like this blog post and have some suggestions do leave a comment. Also ideas for blog posts on related topics is highly appreciated!