CIO Review: The Hidden Risks of Enterprise IoT

[This article was originally published at CIO Review.]

The debate is over. Enterprises that successfully embrace IoT can provide their customers more value than those who do not. Think of a laboratory focused on curing deadly diseases. Prerequisites for their work include reliable pumps, pure fluids, and rock-steady environmental controls. In today’s world, they fulfill these needs by purchasing expensive equipment from commodity “thing” makers – who sell pumps, filters, and other equipment – adding the burden of “thing” operation and maintenance to their mission of saving lives. Neither side receives maximum value from this relationship.

In tomorrow’s world of connected products, these “thing” makers are transforming themselves to become service providers. They will stop selling pumps, filters, and controls. They will instead provide specified amounts of well-circulated, pure fluids at the required temperatures. Not a transactional sales receipt, but a long-term SLA.

In tomorrow’s world, labs can focus on research rather than when to change the filters in their equipment. Transportation companies can optimize logistics, not wonder how long an engine will last. Each company can focus on their core business, not the distractions of creating and maintaining the conditions necessary for its pursuit.

The inevitability of Enterprise IoT, however, does not imply the transformation will be simple or easy. Development teams create prototypes that executives in charge of “digital transformation” approve to be to scaled up for production. Too late they learn that except for the smallest and most static applications, production Industrial and Enterprise IoT systems require architectural elements that these initial apps don’t even begin to address. Data from sensors on a thing are received in the cloud, and a nice-looking UI issues commands back down and displays the results. This serves well to show the overall vision, much like a napkin drawing of a new corporate headquarters – and with a similar gap in addressing the real challenges to be overcome before it can be of service to actual customers.

Let’s take a quick look at just three of the central tenets that comprise Enterprise Class production systems – identity, time, and chain of custody.

The surprising challenge of identity

If we walk through a ‘simple’ use case – the remote monitoring of refrigerated trucks in a distribution center, it becomes obvious how complex industrial IoT really is.

Inside each truck is a refrigeration unit and a temperature monitor. Inside each refrigeration unit are various components. Same for the the monitor. Inside each component are sensors. Within these components are also receivers and transmitters. Some have logic to enable processing and decision-making. Many of these have firmware or software that is periodically updated with new versions. You see where this is going…

What happens when a component in the refrigeration unit breaks and is a replaced with a new one, with a different serial number? Or a software update changes how a sensor in the monitor is recognized on the network?

Imagine that one day, a truck on a mountain pass blows a tire and smashes the trailer into a tree. The driver and the refrigeration unit are okay, but the trailer and a load of cabbages do not survive. This unit is later installed inside a new truck whose own refrigerator has a defective motor. But during installation a pump in the working unit is damaged, and replaced with a part from the unit with the bad motor. And then the truck is sold to another fleet owner…

Unless your system is architected to enable flexible tracking, reliable history, and current state of the identity of every “thing” in the system, the continuous stream of data coming from your devices will become a toxic sludge feeding into expensive analytics engines that will produce reliably unreliable results. Garbage in, garbage out. Forget about machine learning and predictive maintenance. After a few cycles the system operators won’t even be able to tell if the blueberries in Truck #16 are still frozen.

Do you have the time?

A second unexpected challenge in production systems is the handling of time. When exactly did an event occur, and when was the data received by various parts of the system?

Most large-scale production systems are comprised of devices and networks with consistently inconsistent time formats. Some timestamps will include offsets, others will be in their local time, and some will have no time zone at all. Many events take place when devices are powered down or without connectivity, and sent much later than when they occurred. There are classes of devices that don’t have clocks at all, just ticks and boot counts. To achieve a global unified timeline of all system events – a prerequisite for useful long term data mining – the system must handle all of these variations and reassemble them in the correct order after the fact.

An unbroken chain

The last topic we will address is the importance of chain of custody. Where did each bit of data come from and who handled it? Who altered it, and what was changed? Were they authorized to do so? When did all of this happen? The ability to query for and get clear answers to these questions is critical to know which data can be trusted and which may be corrupted or even malicious. Without a reliable chain of custody for each event, the trustworthiness of all data becomes suspect. Insights gained through analytics could be misleading or trigger dangerous activities. And when things do go wrong, forensic investigations can be costly or even impossible if your system lacks the information required to find the offending device, software version, or intruder on your network.
How are you feeling about your prototype now?

A critical question

What organizational leaders need to ask themselves right now is whether or not the team assigned to transform their business have the experience and IoT-specific knowledge necessary to design and build successful Enterprise Class production systems. The often under-appreciated concepts of time, identity, and chain of custody are good test cases for evaluating whether you are constructing the future of your business on a solid foundation or atop an attractive house of cards.

Getting to Production

Organization leaders should look for IoT-focused system integrators with references and credibility for getting similar scale and scope projects to production. At Bright Wolf, we’ve helped our Fortune 1000 clients across a wide range of industries create and deploy scalable, secure, and maintainable IoT systems. We’d be happy to chat about how we could help you too.

Related posts