The 5th edition of the biggest IoT congress in the world took place at the end of October, at the Fira in Barcelona. Visiting this congress was a first for me (a big thanks Cisco for inviting me) and boy did I misjudged what I expected to see there! I got blown away by the sheer amount of solutions presented. And there you have it: solutions. Because that’s the key word for any IoT deployment. It all starts with requiring a solution for a problem, challenge or idea.
Guess what. IoT is getting pretty mature. There are loads of sensors, applications, end-to-end IoT solutions and companies available solving very specific problems. Unfortunately, that’s not the way how it’s going to work. Well, it could of course, if you happen to have the exact same problem that such an end-to-end solution seems to solve. But that’s usually not the case. Your environment is most likely not that standard, making an off the shelve solution pretty much useless. I’m not saying such providers shouldn’t be considered at all. But before you make a choice, consider the use case you have. Better yet, think about the deployment of IoT as a complete solution that starts with a very well defined use case. Before anything else, go for the so called low hanging fruit. Make ‘things’ visible. Get insights and work from there. Just getting statistics from data you didn’t even know was there is valuable by itself. Visualizing actual data makes it all a bit more real and tangible. Getting the use case clear helps defining the strategy in reaching the goals of implementing an IoT solution.
OT and IT
Let me be honest here. I’m an old school network engineer and a newbie when it comes to IoT. I’m learning stuff like Profinet, Modbus, MQTT, REP and a whole lot of other things I didn’t know about. However, I do have a long history in networking and started when dialup lines and serial interfaces where the best you could get. Next to that I’ve done a lot of Wi-Fi installations, closely working with the end users (that is: real people!). And that actually helps a great deal as it gives me the unique position to look at things from both the networking and the operational side of an organization. I had my share of Wi-Fi based asset management deployments and learned first hand what it means to work with the people outside of IT. These are the most important people to talk to when working on an operational solution. Because it’s on the factory floor, the hospital ward, the warehouse, etc. where the actual pain points can be discovered. Those are the places you need to visit and talk to the people working there on a daily bases. And most importantly, remember that any IoT solution you are thinking of implementing will have to be adopted by the people on the work floor so getting them involved and enthusiastic about it will make all the difference. If you make it a ‘drop in and walk away’ solution, you can expect it to fail.
You would think IT is well informed about what resides within the company domain when it comes to connectivity, applications and processes. But in most cases there seems to be a significant gap between the people that understand the needs within the Operational Technology (OT) and those that work in the Information Technology (IT) field. Usually IT only comes to play when connectivity is required and is often the last department to get involved in OT solutions. This can create some very unwanted reactions that stand between a successful deployment and a complete insecure IoT solution. So the goal here is to bridge that gap. Bring these worlds together in the early stages of defining IoT use cases and work as a team. IoT should be a commitment from everyone to make it a success.
What the hack
Let’s take the example of a factory. Lots of expensive machines using simple computers running a stable (but very old!) Windows version. Or using a PLC that is designed for one thing: run the machine. Once these devices get connected to the network, security becomes a major problem. The reality is that it’s not a matter of ‘will they get hacked’. It’s WHEN they get hacked. In most cases these machines, sensors, PLC’s, etc. never had security in mind from a networking perspective.
So any IoT related solution should be designed with security in mind. This can be as simple as logically separating the sensors and machines from the rest of the network. But what about communication between machines and sensors? Should that machine even be talking to that other one? Or sending all that data to the cloud? Is that necessary or can I process some data at the edge? As mentioned before, visibility is a great starting point but securing the IoT network from the start is even better. Keep in mind that most security solutions from an IT perspective are securing the network from the outside in, keeping Bibi (Big bad internet) from getting in. However, when working with IoT, the sensors and other devices usually want data to get out on to the cloud. Traditional security focuses on firewalls and these are great at keeping attackers out but inherently bad at keeping things inside. So it is imperative to limit what data is allowed out onto the cloud, what can talk to what and monitor any anomalous behavior.
So now what?
There’s a lot of technology to choose from and lots and lots of sensors you can deploy. Which ones do you choose? And what about all those devices and machines you already have running? What problems will it all solve? How do I integrate it with my processes? What software do I need? Too many questions that cannot be answered all at once. So, get a clear use case and define a strategy. Start with gathering data and make it visible. In other words: go for the low hanging fruit (a graph is very powerful, unlocking data that is already there). Build on that and keep in mind that what you do in an organization can and will have a significant impact on the business and more importantly: the people that have to use it. Get all levels of the organization involved when defining and deploying an IoT solution. It’s the people on the actual floor that will have to use it, so ‘dumping’ a new technology or solution in the company will be resisted greatly. Make everybody part of the solution, making it easier to accept and embrace the new technology.