The Internet of Things (IoT) offers the potential to introduce new capabilities in areas such as way-finding, geo-fencing, inventory control (including asset management), access and security management, healthcare monitoring and energy management systems as described previously. These capabilities are being applied across a diverse range of uses; transport logistics, healthcare, building and home automation, energy and environmental monitoring and many specific industrial applications.
The breadth of this topic and the rapid development of the related emerging technologies make it difficult to understand current adoption rates and specific opportunities. There are some common reasons that people are getting stuck and ultimately deferring IoT deployments. We refer to these as ‘hurdles’ and although the five discussed below are not an exhaustive list for all IoT solutions, it is helpful to identify the types of issues within each hurdle.
In this article we are specifically looking at one class of IoT solutions relevant to international companies today. For many of these companies their business processes define them, internally and externally, and most commonly these processes are tightly integrated with ICT (information and communications technology) systems. IoT solutions potentially offer these companies a new wave of process improvements and new capabilities that may transform their operations.
To simplify the following discussion, consider the class of multi-national company IoT solutions that tend to be very pervasive in character, and can be described by:
- integrated solution elements with third parties, e.g. business partners
- incorporating different data types including regulated data (e.g. customer data, personal health data)
- involving massive numbers of connected end-points, e.g. tagged products, assets
- typically deployed across multiple networking technologies, with large numbers of access points
- utilising regulated telemetry products (e.g. RF products, mobile phones)
- operating across national borders and therefore touching multiple regulatory regimes.
International asset management, supply chain solutions, industrial process monitoring are examples that fit within this class of IoT solutions.
1. Corporate Readiness for Change
In recent years, external drivers have been shaping or even prioritising company ICT initiatives with the IT department responding to a raft of disparate issues relating to cloud, big data, mobility and online channels. This new responsiveness to external drivers has created constant change within many corporate IT departments, and significant business transformational change, a marked shift from earlier decades where IT was focused on internal process and systems improvements and less frequent transformational change.
Unfortunately most companies continue to struggle with transformational change, and as discussed in a previous article regarding the findings of Strategy&, the biggest hurdles to transformational change are:
- change fatigue
- limited skills at driving transformation
- limited staff engagement in transformation activities.
IoT solutions are almost always transformational, as they usually require significant changes to existing procedures and practices as well. For example, in a recent GFI Software survey 0f 202 IT decision makers, over three-quarters (78.6 percent) of IT administrators expect their security practices to change as IoT is adopted.
Given the ongoing challenge of deploying transformational projects successfully, organisational readiness for change is definitely a significant consideration when planning IoT solution deployments. This type of transformational project is well suited to detailed benefits identification and business case development, and may become a central plank to your company’s strategic ICT plan.
2. Compliance Concerns
In recent years, at a time when many companies are entering new markets, many countries have introduced new regulatory compliance requirements, so companies should seek regular advice on regulatory changes in the countries in which they operate. For example, data protection is becoming a more significant compliance burden for international companies to deal with, as many more countries introduce their own regulations. Setting aside financial industry reforms that are increasingly global in nature, consider three particularly active areas of regulation where there are often conflicting requirements in different jurisdictions:
- process specific regulations (e.g. supply chain traceability and recall processes (see below), pharmaceutical industry outsourcing)
- personal data protection regulations (e.g. personal data privacy, personal healthcare data) which may invoke data sovereignty issues at a country level (or even at a state level)
- regulatory reporting (e.g. in a survey of 200 asset management industry executives across the Asia Pacific region, conducted by State Street in partnership with Longitude Research in 2013, fifty-two percent of respondents said they need to make significant changes to systems and processes to meet the diverse reporting requirements of multiple jurisdictions. Fragmented and evolving regulation in these different jurisdictions had 38 percent of managers concerned about their firm’s ability to assure compliance.)
In some cases, regulatory requirements are emerging which create an opportunity to adopt IoT type solutions. As mentioned in our recent article, new stringent compliance requirement for item level traceability and recall have been recently introduced for the selling of powdered infant milk in China as reported by the China Daily. It has been recently reported that fewer than 100 imported brands will be registered as compliant with new regulations, compared to over 1000 previously.
In the above example transforming existing practices to improve control and compliance is required for each company to continue supplying its traditional markets. We recommend that you look at changing compliance requirements as an opportunity for market differentiation rather than as an additional burden.
3. Security Concerns
There are legitimate concerns relating to increased company exposure to the internet, with potentially new vulnerabilities being exposed by IoT solutions. Today these solutions may have vulnerabilities in some of their current components (tags, devices, access points, hardware and software platforms) and this threat is leading to the development of new standards (e.g. IEFT IoT working group, and SG1). Another common concern of IoT solutions is that the large numbers of devices deployed present more points of potential attack.
Some of the main consequences of security failures include:
- unauthorised access to corporate networks, through devices such as network access points or corporate firewalls. Internet originated exploitation is a real threat, recall the experiences in 2011 and 2012 when the Stuxnet worm and Duqu malware attacked power and industrial systems through their computer control systems, as noted by Gail Dutton writing for Forbes
- process execution prevention or time-delay vulnerabilities, such as internet based denial-of-service attacks that have prevented companies from executing transactions in a timely manner or brought down networks for hours and even days at a time
- data theft vulnerabilities: e.g. regulated personal or commercially sensitive data
In reality, the consequences of inadequate security for IoT solutions are similar to other ICT projects. Therefore the usual identification and mitigation strategies must be developed at the solution design stage and before final project approval. There is no doubt that emerging technologies, often without a full suite of standards, should raise higher security concerns, so take the time to get the right advice from very good security designers early into this process.
4. Lack of Technology Standards
The development of IoT standards will drive increased interoperability and almost certainly hasten the uptake of IoT solutions by companies. Currently there are standards relating to different types of components, although industry recognised standard architectures are a work in progress, which could be a cause of concern in some applications. For example, work is underway to standardise security solutions for the IoT ecosystem by Datagram Transport Layer Security (DTLS) being adapted and enhanced to support IoT as reported by S.L. Keogh as part of the Internet Engineering Task Force (IETF) working group.
Today’s IoT platform architectures are vendor-driven with some vendors offering their platform to support devices from other manufacturers. Some vendors will provide open application programming interfaces (APIs) and this will assist in achieving interoperability between components.
Each different type of IoT solution will have different componentry, however some of the issues to consider in any project include:
- open architectures and interoperability of technology components through published APIs and common industry protocols
- standards compliance, e.g. any applicable short range radio frequency license or regulatory compliance documentation for transmitting or receiving devices in each relevant jurisdiction
- technology and energy usage specifications of components, to assist in product selection, solution design, as well as for comparisons between vendor offerings
In the absence of technology standards more work is left to project team designers and greater reliance is placed on the selected vendor’s solution capabilities. This is a hurdle where for your particular application you may decide to wait for some specific standard-compliant solution to be available before your deployment.
5. Scarce Resources and Experience
In these early days of large IoT solution deployments, the IoT technologies may be quite different to those currently in-place, so particular care must be taken to build an understanding of the technologies and train existing staff to improve the likelihood of project success.
Limited skills availability is a common issue in deploying new technologies, and this gap is normally filled by a combination of consultants and training in-house staff. As many vendors of IoT technologies are small companies, or add-ons to older more established companies, getting vendors with local experience in your country, or even just in your industry may be difficult. As successful vendors’ solutions rise to prominence, consultancies would be expected to bridge the resourcing gap in key skills.
At this early stage of IOT adoption there may be limited experience in IOT solutions in your proposed area of application, so it will be particularly important to call out these application-specific risks early on.
One interesting application which illustrates particular teething issues with their deployment is J.C. Penney’s 2013 implementation of a RFID tag solution for jeans, shoes and bras. J.P. Penney introduced RFID tagging of goods to create a better shopping experience by improving inventory accuracy and on-shelf availability. In implementing RFID they took the opportunity to remove the Electronic Article Surveillance (EAS) tags. It has been reported (see Jeff Macke, Mark Roberti) that their implementation resulted in an increase in shop lifting, by more than $300,000 for the three month period (Jeff Macke). J.P. Penney did not replace the AES gate readers at exits with RFID units – so no alarm went off if unpaid goods were walked out of the store. RFID tags did not provide a visual deterrent that bulky AES tags provide, and finally the company introduced a more lenient returns policy, and unscrupulous people took items without AES tags to the return counter and requested a refund (Mark Roberti).
Look for lessons from previous deployments in your industry and carefully select the initial key staff for your team and build your project plan taking realistic resource constraints into account.
The potential return from your IoT project may be huge and even transform the nature of your business, however you may feel that many hurdles remain. If this is the case, consider the infant milk regulation example where inaction means the companies can no longer meet the improved regulations and therefore cannot serve their traditional markets.
So as a first step it is best to get on the front foot and build a business case for your IoT deployment, and identify the hurdles relevant to your application. Remember that the specific five hurdles identified here are not an exhaustive list, and you will discover more hurdles in the development process for your specific application.
Once you have an understanding of the hurdles that you need to overcome and the value of the opportunity, you can incorporate these into your business plans, and be ready to address the issues and deploy or solution when the time is right.