IoT for the Management Consultant

Timothy Chou on the intricacies of explaining emerging technologies to clients

As a management consultant, you’ll already be hearing such buzzwords as the Internet of Things (IoT), Industrial Internet and Industry 4.0. But what incremental staff resources do businesses need in order to implement an IoT solution? How do you deal with the client’s security fears? And, maybe more fundamentally, who in the organisation actually owns IoT? We’ll answer each of these in turn, and hopefully leave you a lot more enlightened. . .

Let’s start with who the client is by dividing the world into enterprises that build ‘Things’ and businesses that use them. So AGCO builds combine harvesters but August Farms uses them. GE builds MRI scanners but the Children’s Hospital of Orange County uses them. Goldwind builds wind turbines but Sempra uses them to generate electricity. You get the idea. . .

To businesses that build Things, the benefit of the IoT is that a connected Thing will give a higher quality of service. A combine harvester must be ready to work round-the-clock during harvest time, so one that can self analyse to predict failure and correct defects during its lengthy down time is an obvious win. A global company that rents construction equipment can easily spend $1bn on maintenance so again, using data to improve maintenance has massive implications on their operating costs.

This is interesting to the executives on the product or the service side of the business. But CEOs of leading manufacturers are beginning to understand that the internet has the potential to change their business models too. There are at least three business models that will allow for additional sources of revenue and product differentiation. They follow a path pioneered by the enterprise software companies. If you realise that increasingly the value of the machines will be in the software this should be no surprise.

The internet has enabled the ‘as-a-service’ model for IT infrastructure and software. The IoT enables machines-as-a-service or equipment-as-a-service business models for all kinds of other products, potentially letting many types of company to shift from selling products to selling services based on their products. This model can transform large capital expenditures into a pay-by-usage operating expense. Examples of this trend that are emerging include selling tires by the number of miles driven, compressors by the amount of usage and industrial coal mining machines supplied based on the volume of coal mined. Selling such services will often be more profitable than selling the products they are based on. In your industry, while you may not want to take the risk of being the first to move into offering product-as-a-service, you certainly won’t want to be the last.

Reducing Consumables
Let’s move on to the enterprises that use Things: hospitals, farms, airlines, manufacturers or utilities. Why should they care about web enabled precision technology? There are at least four reasons: lower consumable costs, higher quality service, healthier products and safer services.

Most machines require consumables to operate – planes need fuel, printers need ink, gene sequencers need chemical reagents and so on. Anyone who’s ever run an inkjet printer knows that the machine itself rarely costs more than the toner used over its lifetime and generally, consumables are so integral that they often form a large portion of the operational cost structure. It follows then, that any reduction in consumables can be a significant benefit.

Precision farming can lower the cost of consumables such as fuel, fertiliser and pesticides. Let’s take Nick August, owner of August Farms, as an example. He estimates that with precision agricultural machines, he can reduce fuel consumption from 60 to 5.9 litres per hectare for crop establishment. Now that’s a huge saving to him but of course, he also uses fertilisers and pesticides. Reduced consumption not only reduces his costs, it also creates a healthier product that’s having less of an environmental impact.

So what technologies and skills does a business need in order to implement an IoT solution? Such applications can be very complex because they cross so many different domains. In the recently published Precision: Principals, Practices and Solutions for the Internet of Things we simplify the domain into a five-layer framework: Things, Connect, Collect, Learn, Do. . .

Things are becoming smarter. Driven by the widespread use of sensors in cell phones, costs have plummeted, allowing next-gen machines to include numerous sensors – a recent oil drilling platform in the Gulf of Mexico has over 40,000. The continuing reduction in computing and data storage costs allows any Thing – a crop sprayer, blood analyser or solar grid – to be driven by increasingly more sophisticated software. As any Tesla owner can tell you, they tend to get new features much more frequently than the rest of us.

Connecting Things require a diverse set of technologies based on the amount of data that needs to be transmitted, how far it needs to go and how much power you have. You also have many choices on how to manage the connection and how that’s protected and secured.

Collecting this huge volume of IoT data will be a challenge. Currently, data might typically be collected and stored using SQL, NoSQL and traditional time-series from companies such as IBM, SAP, Oracle and Teradata. Your data architect will be dealing with a different kind of data than a traditional transaction processing system. Learning and analysis products will be required to make sense of this flood of data. It will include query technology as well as both supervised and unsupervised machine-learning technologies. Because, until now, we have mostly focused on IoP (Internet of People) applications, most of the technology applied to learning from data streams has been applied to learning from data about people. As with all parts of the stack, there is machine learning innovation being driven by large companies such as IBM and the Watson technology as well as companies as small as Lecida, a stealth startup from Stanford.

As it was with IoP applications, there will be both packaged applications such as ERP and CRM. Oomnitza, a San Francisco company, is building a Thing management application on the assumption that Things can be programmed. Like the IoP world, there will be many more custom applications than packaged applications. Many companies are starting to provide middleware, from large companies like GE with Predix down to young companies like Atomiton with their unique Thing Query Language (TQL). As many in the software industry already know, the movement to delivering software as a service has revolutionised the enterprise software industry. It promises to be no different for enterprises that build machines and those who use machines.

A Matter of Security
No matter which part of the five layers you’ll have to make sure you’re considering the issues of security. Some of these will be unique to IoT, for example, the difference between machine data and nomic data. Data from agricultural equipment, compressors or gene sequencers will consist of two kinds: machine data and what I’m going to call nomic data.

What’s the difference? A gene sequencer has machine data such as the power level of the laser, or the amount of chemical reagents. While that’s machine data, there is also ge-nomic data, the actual gene sequence, also available from the machine. On the farm there are seed spreaders and fertilizer sprayers. Again there is machine data like speed, oil pressure or location, but also there is also agro-nomic data like the nitrogen level of the soil or the moisture level of the grain.

Should all machine data be available to the builders of machines? Large car manufactures might not want to share the robot data from the robots used to make the cars, as you might be able to forecast the car company’s quarterly results. Semiconductor manufacturers might not want sensitive process data outside of their four walls. Or Chinese wind turbine companies might not want energy data in a foreign country. This is going to be an ongoing debate since clearly the machine manufacturer can only build a more reliable, secure, performance product if the data is shared.

As someone who’s worked in the area of cloud computing for years I’m often asked, “is the cloud secure?” Just like the word cloud computing, or IoT we need a more sophisticated understanding what the word “secure” means. Security is a complex topic, but as a management consultant it’s useful to simplify the subject and bring it to a higher level: Any IoT application is secure if and only if it meets feature specifications in five key areas: hardening, identity and access management, auditing, testing, and compliance.

The security of any IoT application depends on not only the integrity of the application itself but also all the supporting software and hardware. So at the basic level you must make sure the latest security patches have been applied and there are no viruses or malware. A well-documented vulnerability in an IoT application is the story of the StuxNet virus. If the application down to the network is not hardened then all bets are off. A security feature for an IoT application might be: From the time a security patch is issued from these ten suppliers, 433 tests are applied and the patch is placed into production in 32 minutes +/- 15 seconds.

The implementation of any security policy is dependent on knowing the identity of an individual. Once authenticated, access management is deciding what data or operations the individual can do. Just like the speakeasies during Prohibition, someone has to know who you are and then what rooms you can enter. Thing or machine authentication might be able to skip ahead and move to schemes which require no passwords.

A key principle in building secure systems is auditing. Auditing is the recording of all the changes that happen to the application and the underlying technology. Largely because any system built by people will have flaws you want to be able to study the audit trail and perhaps identify the source. Intrusion detection solutions use real time auditing to sound the alarm when a security fault occurs. Maybe one day like the characters in the movie Minority Report, we’ll be able to discover a security fault before it happens, which brings us to security testing.

There are a wide variety of security tests, which can be run to determine whether the security of the application and underlying technology can be compromised. This class of operations management cloud services is available from a number of companies. And finally while there are compliance standards for financial systems like PCI and healthcare systems like HIPPA, it will remain to be seen what standards emerge for IoT.

We’re only at the beginning of this wave of technology, what I think of as the third generation of enterprise software. As a management consultant consider becoming a student of the area. As I tell my Stanford students, our industry has only really affected the virtual world. We’ve made it easier to pay for things, find a restaurant or plan a trip; but we stand at the beginning of being able to use software to change the physical world. And unless we all move to Mars, we’re going to need to build a more precision planet.

Timothy Chou is the former president of Oracle On Demand, Lecturer at Stanford University and chairman of Lecida, an industrial machine learning company, and recently authored the book – Precision: Principles, Practices and Solutions for the Internet of Things – Available HERE

This article originally appeared in DISRUPTIONHUB magazine