ROI beats security as biggest challenge for IoT device makers

ROI trumps security for IoT device makers

Manufacturers of connected products need to get their ROI calculations in order if they hope to profit, says new report. 

Despite the barrage of headlines about IoT security – or the lack of it – it isn’t the biggest challenge faced by companies looking to launch connected products, at least to their minds. A far tougher task, in fact, lies in getting a return on investment (ROI), according to a report out this week from Canonical, the company behind the Ubuntu operating system.

The report, which surveyed over 360 IoT professionals including developers, technology suppliers and enterprise users, highlight that over half (53 percent) believe that “quantifying ROI and providing a clear use case” is their most immediate IoT challenge. The need for improved device security comes in second place, cited by 45 percent of respondents, while in third place is a lack of available infrastructure, cited by 40 percent.

Business case complexity

It’s an interesting study, because it looks specifically at the needs of companies that are under competitive pressure to launch connected products and services and the complexity of building a business case that provides an effective launchpad for doing so. Here, there is much complexity to be found.

Much is made, for example, of the falling cost of hardware components to go into these products, which certainly lowers the bill of materials (BOM) associated with creating them and, in theory, should increase profit margins. But the reality is very different, says the report, because commoditization means that the price that end customers are willing to pay for connected products is also falling.

“This leaves hardware vendors with little choice;” says the report. “[They can] either choose more expensive custom components with a price premium and serve less price sensitive, niche markets, or use commoditized components and try to differentiate.”

Read more: No more security through obscurity for IoT device makers

Other revenue streams

As a result, many must look to other areas to make their money, beyond the simple, one-off sale of a piece of kit – and more specifically, at the ongoing revenues that this product might generate once in use by customers. In other words, profits will increasingly be driven by services and software, such as value added service and maintenance, for example.

Similarly, product enhancements, delivered by the manufacturer to the customer, ‘over the air’ from an app store, for example, might be another source of revenues.

There’s also the role of data to be considered: what great new insights about customers might be gleaned from analysis of the data the product generates and how might those insights be turned into cold, hard cash?

Read more: Amazon woos Alexa developers with free AWS services

A major mindshift

All this, of course requires a major mindshift by manufacturers – and that’s a significant stumbling block for many in calculating ROI. Beyond that, there’s the cost of the skills and infrastructure needed to monitor and manage a connected product effectively throughout its lifecycle, as well as the considerable security risks that will need to be mitigated by any responsible provider.

“The early internet of things was something of a gold rush, with vendors and developers jumping in to secure their share of an exciting and rapidly growing new market. Unfortunately, many of these businesses simply didn’t understand or evaluate how the IoT was going to deliver value – and apparently – the majority still don’t,” said Mike Bell, executive vice president of IoT and devices at Canonical.

“As we move towards 2018, businesses are looking for new ways to ensure that their investments in the IoT are driving financial growth and that their business models will remain sustainable in the years to come,” he added.

Read more: IoT Build: hello world, welcome IoT developers

The post ROI beats security as biggest challenge for IoT device makers appeared first on Internet of Business.

Internet of Business

IoT security flaws attract biggest payouts in bug bounty programs

IoT security flaws attract largest bug bounty pay-outs

Identifying security flaws in IoT equipment and letting manufacturers know about them can be a nice little earner for participants in bug bounty programs, say recent reports. 

For computer-savvy individuals with time and skills to spare, bug bounty programmes offer a chance to make some money on side, by scouting out flaws and glitches in IT systems and flagging them up to those companies in return for a reward.

The thinking behind such programmes – run by General Motors, United Airlines, Starbucks, the Pentagon and many others – is that, rather than shoot the messenger, it’s better to give them a fair hearing and, in some cases, a tasty payout for their findings.

Now it turns out that pointing out vulnerabilities in hardware and IoT targets, compared to other targets, earns bug bounty participants an above-average payout.

A recent report, 2017 State of Bug Bounty, released by bug bounty platform BugCrowd, finds that the average payout for vulnerabilities in hardware and IoT targets is around $ 750 per bug, compared with $ 385 for mobile apps. Overall, the average amount paid out across all types of bug is $ 451.

The top five industries embracing bug bounty programs include automotive, leisure/travel, IoT/computer networking, healthcare, and financial services, according to Bugcrowd’s third annual report. Programs in the automotive industry increased four-fold last year and average payouts were around $ 1,500 for each bug discovered and disclosed.

“Bug bounties are challenging traditional ways of thinking about cybersecurity,” said Casey Ellis, founder and CEO of Bugcrowd. “The model addresses the growing complexity and severity of vulnerabilities in software, hardware, and IoT devices – all of which form the foundation for today’s always-on digital economy.”

Read more: Petya or NotPetya, the IoT needs to be secure

Bug bounty programs and prizes on the rise

In a separate report from rival bug bounty company HackerOne, The Hacker-Powered Security Report 2017, 41 percent of new bug bounty programs launched between January 2016 and January 2017 came from industries outside of the technology sector. Within technology, there was an increase in the number of IoT and smart home programs launched, as well as open-source projects.

Payouts for IoT flaws played a significant part in the growth in new bug bounty programs on HackerOne’s platform, up 59 percent from last year.

Customers’ security response efficiency is improving, too, with the average time-to-first-response for security issues down to six days in 2017, compared to seven days in 2016. The average bounty paid to hackers for a critical vulnerability is $ 1,923 in 2017, compared to $ 1,624 in 2015, an increase of 16 percent.

“Hacker-powered security programs are undeniably effective at finding vulnerabilities organizations never knew existed,” said Alex Rice, CTO and founder, HackerOne.

Read more: Industroyer takes spotlight in latest IT scare

The post IoT security flaws attract biggest payouts in bug bounty programs appeared first on Internet of Business.

Internet of Business

Busting the 5 biggest myths around the connected car

Connected cars and autonomous cars concept. 3D rendering image.

The connected car market in recent years has shifted into high gear, with the number of connected cars hitting our roadways growing rapidly.

Analysts estimate that 94 million connected cars will ship in the year 2021, for a compound annual growth rate of 35 percent from the 21 million connected cars that shipped last year. Globally, it’s estimated there will be a total of 380 million connected cars on the roads by 2020.

See also: Are connected cars only as good as your cell network?

Clearly, the connected car market is on the cusp of explosive growth and widespread adoption. Automakers, their partners, and third-party developers all recognize this enormous potential business opportunity and are rolling out new technologies, applications, and services at a rapid pace, further adding to the connected car ecosystem.

The potential benefits to consumers are many, from improved safety to a more efficient and personalized driving experience, to new everyday conveniences. However, as is often the case with emerging technologies, there exist some misconceptions in the marketplace that are causing concern among consumers. In order to showcase the many benefits of the connected car and put those concerns to rest, let’s dispel some of those myths. 

Myth #1: Connected cars can’t be made secure enough to be safe

Fact: Connected cars are extremely complex machines. Higher end vehicles often have 100 or more onboard computers continuously monitoring location, component performance, driving behavior and more, and they can produce up to 4 terabytes of data per day. Fortunately, many of the security best practices developed in enterprise IT throughout other industries can be applied to the connected car, and automakers are working closely with high-tech companies and security experts to do so.

For example, the convergence of disparate networks in the vehicle to an IP over Ethernet backbone is one big step toward holistic connected car security. With in-vehicle networking standardized to IP, proven security technologies from encryption and authentication to firewalling and intrusion detection and prevention systems (IDS / IPS) can be deployed to give the connected car its own defense in depth. 

Artificial intelligence is also being deployed more frequently to help secure connected vehicles by learning and detecting new patterns of malicious behavior (or even non-malicious anomalies that could be early warnings of the need for maintenance). Connectivity management platforms can automate how and when a vehicle connects and what it does with that connection. Through such a platform, automakers can automatically disable connectivity while a vehicle is being shipped, preventing abuse of the connection during transit, and then have it securely resumed once the car has arrived at the dealership. 

By creating a secure network architecture in their vehicles, automakers can ease concerns about these vehicles and help cautious consumers focus on all the benefits a connected car has to offer. 

Myth #2: Automakers are solely responsible for securing connected cars

Fact: In reality, the automaker is just one player in an entire ecosystem of connected car-related technologies. As new vehicle sensors and parts, highway and municipal infrastructure, and applications emerge every day, the responsibility falls on each member of the ecosystem to keep the connected car, its drivers, its passengers and their data safe.

Multiple tiers of suppliers, dealerships, developers of aftermarket devices and services, regulatory bodies and even other industries creating devices and services that interact with connected cars all work together to contribute to the security of the entire ecosystem. It is especially important for third parties that provide after-market applications for connected cars to have secure infrastructures.

By working with high-tech companies and applying many of the security best practices that have been developed in other industries with the rise of the Internet of Things (IoT), all players in the connected car ecosystem will be able to strengthen security throughout the entire lifecycle of these vehicles and among the devices and applications connected to them.   

Myth #3: Privacy concerns about the data connected cars collect are creating a roadblock

Fact: Connected cars collect a lot of data, from driving patterns and biometrics of the driver to video, radar and Lidar imaging of the surroundings. They can even collect data on your shopping habits. However, this doesn’t necessarily need to be a cause for concern. As in-vehicle network architectures become more secure as described above, automakers can address consumers’ privacy concerns at a very granular level, allowing consumers to determine what type of data they’re willing to share and seamlessly manage how it is used. Connected vehicle data can even be anonymized and still provide value for everyone in aggregate.

The benefit of all this data collection is a much improved and more personalized driving experience. For example, based on data about the driver’s past preferences and behavioral patterns, connected cars can offer personalized recommendations such as a hypermiling package that helps drivers get better mileage or a discount at a nearby restaurant based on the time of day and the fact that the driver has dined there before and complimented the venue on social media.

Personalized services can include having your car order ahead at Starbucks so your drink is waiting for you when you pull up or having it offer to start itself in the morning a few minutes before you normally leave for work because the temperature outside turned cold overnight.

Data collection is also used to create a safer, more reliable and more efficient driving experience. By applying analytics to telematics data, the need for maintenance and repair services can be predicted, and by analyzing how drivers and passengers use vehicle features, automotive manufacturers can improve future vehicle design.

Myth #4: The connected car is all about online infotainment

Fact: While many people may be more aware of the “infotainment” features of connected cars, such as the ability to stream music and video or integrate with smartphones, connected vehicles are capable of providing so much more. We’re already beginning to see prototypes of new experiences such as immersive video conferencing and collaboration platforms that allow passengers to conduct business meetings while on the road.

Connected cars can also save manufacturers and dealers time and money, eliminating recalls and streamlining warranty and service contracts. Self-parking, driver-assistance, and highly automated driving are all popular features that we will see more of in the near future and that rely heavily on vehicle connectivity to the cloud, other vehicles, and roadside infrastructure. Vehicle-to-vehicle and vehicle-to-infrastructure communication help connected cars identify safety hazards and avoid collisions, and even enable faster response from emergency responders.

All this is just the beginning. With the evolution toward an IP over Ethernet backbone architecture providing flexibility to connect and orchestrate new in-vehicle sensors and actuators, coupled with cloud-based analytics and artificial intelligence, the range of services that connected cars can deliver will be nearly limitless. 

Myth #5: Automakers are moving quickly toward more advanced connected car capabilities

Fact: While talk in the industry has reached a fever pitch, the reality is that many of the world’s largest car makers are hamstrung by inflexible in-vehicle architectures.  Advanced features like those discussed above require much greater bandwidth for moving data around in the vehicle, more onboard computing power for making the right split-second decisions, and the agility to install new sensors without radically redesigning the vehicle.  The broader attack surface in connected vehicles also calls for a more holistic approach to security. 

Nonetheless, the collection of disparate, siloed heritage networks with restricted bandwidth that exists in the industry today makes it very difficult to integrate new features, let alone secure them. Convergence and migration to Ethernet and IP technologies should not only make integration easier and support virtualization of compute to streamline in-vehicle architecture, but should also give manufacturers the agility they need to accelerate into the connected car era.

The connected car market continues to grow, and the potential benefits are enormous. However, to realize the full potential, a standardized, extensible, secure in-vehicle network is required to make good use of all the information connected cars can generate. Fortunately, proven architectures such as IP over Ethernet should provide automakers the capabilities and agility they need to keep the connected car market in the fast lane for continued growth.

The post Busting the 5 biggest myths around the connected car appeared first on ReadWrite.


SAYME and WISOL Strike a Global Deal to Become the Biggest IoT LPWAN Solutions Manufacturer in the World

SAYME and WISOL Strike a Global Deal to Become the Biggest IoT LPWAN Solutions Manufacturer in the World

The Spanish device maker and solution provider SAYME and the South-Korean module manufacturer Wisol signed the alliance during the Sigfox Operator Days in Paris.

Internet of Things is a complex scenario with high potential of business that will face an exponential market growth in the three following years, predictably having its biggest impact of results in 2020.

In the IoT context, collaboration among companies is more necessary than ever, given the high specialization that solving complex problems requires. Big data, machine learning, mass-scale device manufacturing with very adjusted costs, enclosures customization, hardware and software design and development, IoT transversal software platforms, security and a large, etc.

Collaboration among companies’ success should be solved by means of a concentration of talent, knowledge, abilities, skills, experience and background. Those are now being concentrated in small and medium projects by innovative companies, that will make the way for the big companies of the future.

The Spanish device maker and solution provider SAYME and the South-Korean module manufacturer Wisol signed an alliance during the Sigfox Operator Days in Paris, aiming to become the biggest high-quality LPWAN IoT solution maker with the best cost-benefit ratio of the market. The companies contribute to this union with their wide know-how and experience in their respective expertise areas: SAYME in the design and development of vertical IoT solutions, and WISOL -a worldwide leading manufacturer of electronic components- in the mass-scale high-quality electronic components manufacturing.

Alfonso Murat, President at SAYME, said:
“Thanks to our international partner ecosystem and our strategic alliance with Wisol, our vertical solutions for industry and smart cities are the best option in the IoT market, both for their quality and reliability and for their cost-benefit ratio”.

JinDuk, Kim, VP at Wisol, said:
“Wisol starts to provide Sigfox-enabled modules to Sayme, Spain’s global sensor network solution service provider, and it is very proud of collaboration with Sayme as global Sigfox module provider. Wisol will enforce business partnership with Sayme. As a global module partner of Sigfox, we are very excited about launching the competitive Sigfox module solutions ideal for the limitless IoT opportunity. We definitely sure our module solutions play the key role for lots of global Sigfox device makers adopting Sigfox solution very easily and quickly.”

Tony Francesca, Vice President, Global Ecosystem Partners, said:

“Sigfox keeps focusing on lowering the barriers to IoT mass adoption by working with the entire ecosystem, including all silicon and device partners. We are glad to see companies like Wisol and Sayme leveraging our out-of-the-box connectivity to overcome the cost challenges and make new solutions available that the global market requires.”

The post SAYME and WISOL Strike a Global Deal to Become the Biggest IoT LPWAN Solutions Manufacturer in the World appeared first on IoT Business News.

IoT Business News

Top Industry Analysts Report on the Biggest Needs for Edge Computing in Industrial IoT

Gartner recently forecasted that the Internet of Things is gaining traction in business – specifically, in manufacturing and Industrie 4.0 applications.  If you are not, you should be considering new tools in your DevOps strategy.

The IoT is fostering the creation of an entirely new class of devices, such as gateways, that allow for new points of data aggregation and intelligence.  Today, gateways are one of the faster growing and developing device categories in the embedded market.

Java IoT Edge Device Development

To satisfy the requirements of sophisticated intelligence, faster time-to-market, and over-the-air updates in IoT Edge devices, developers are turning more to the Java language, runtime, and ecosystem. A survey of 800 engineers conducted by VDC Research (sponsored by Oracle) shows an increase in the use of Java in their current project from 12% in 2008 to 27.4% in 2015. Java improves upon C or C++ as a high-level object-oriented language with automatic garbage collection, robust exception handling, built-in threading model, and extensive libraries for doing all the things an IoT Edge device requires. Programming in Java is safer and more reliable by avoiding common coding errors, such as dereferencing stale pointers and trampling memory. The VDC report also shows that for a typical ARM-based project shipping 1M units, using Java would save 40% in software development costs compared to C.

Your industrial environment probably requires connectivity to real-time embedded applications

Something traditional Java cannot handle well is real-time. Real-time systems have to guarantee that they will respond to an event or input within a deadline. Most Java programmers have experienced the unexpected delays that can occur when a “stop-the-world” garbage collection cycle runs. Depending on the size of heap memory and the fragmentation of live objects, Garbage Collector (GC) pauses can last hundreds of milliseconds up to several seconds. But GC pauses are just one of the many traditional Java real-time shortcomings. For example, the Just-in-Time (JIT) compiler may delay execution of a critical piece of code. Java thread priority is treated as little more than a hint to the operating system scheduler, which may unpredictably favor low-priority threads over high-priority threads. Worse yet, a priority inversion can occur, blocking a high priority thread from running indefinitely. Add to this the effects of page faults, random preemption by other processes, and the lack of precise timing APIs and you might be convinced that Java could never guarantee a program will ever finish, let alone meet a deadline.

Real-time Development with PTC Perc

PTC Perc is a real-time development tool chain and virtual machine that addresses all of these real-time execution concerns.  The PTC Perc product has been deployed in real-world, real-time systems since 1998 and is used in telecommunications, industrial control, aerospace, automotive, and defense applications. IoT/IIoT is now demanding that embedded real-time systems evolve with new expectations for device connectivity. Rising to meet that demand, PTC Perc is now taking on the Internet of Things as a key technology for edge devices that need to react within milliseconds to critical events.

Learn where the IoT Edge Device market is headed

VDC’s whitepaper titled, “The Real Need for Real-Time Java Gateway Solutions” highlights how IoT has accelerated the evolution of traditional embedded device classes.

According to VDC Research, the need for gateway solutions in IoT are:

  • Increasingly intelligent edge devices
  • The rapidly growing amount of data being created by IoT devices
  • Standardization of fragmented and evolving wire/wireless Technology
  • And the growing experience developing with Java in embedded engineering organizations

The post Top Industry Analysts Report on the Biggest Needs for Edge Computing in Industrial IoT appeared first on ThingWorx.

Thingworx Blog – ThingWorx