/internet_of_things

s a management
consultant, youll already
be familiar with such
buzzwords as the Internet
of Things (IoT), Industrial Internet and
Industry 4.0. But what staff resources
do businesses need to implement an
IoT solution? How do you deal with the
clients security fears? And, maybe more
fundamentally, who in the organisation
actually owns IoT? Well answer each of
these in turn and hopefully leave you a lot
more enlightened
Lets start with who the client is by
dividing the world into enterprises that
build Things and businesses that use
them. So AGCO builds combine harvesters
but August Farms uses them. GE builds
MRI scanners but the Childrens Hospital
of Orange County uses them. Goldwind
builds wind turbines but Sempra uses
them to generate electricity. And so on.

IoT for the

management
consultant
Internet of Things investor Timothy Chou explains the value of
web-enabled machines to both manufacturers and users

38

To businesses that build Things, the

benefit of the IoT is that a connected
Thing will give a higher quality of service.
A combine harvester must be ready to
work round-the-clock during harvest
time, so one that can self analyse to
predict failure during its lengthy down
time is an obvious win. A company that
rents construction equipment globally
can spend $1bn on maintenance so again,
using data to improve maintenance has
massive implications on operating costs.
This is interesting to executives on the
product or service side of the business.
But CEOs of leading manufacturers are
also beginning to understand that the
internet has the potential to change
their business models. There are at least
three business models that will allow
for additional sources of revenue and
product differentiation. They follow

a path pioneered by the enterprise

software companies. If you realise that
increasingly, the value of the machines is
in the software, then this should come as
no surprise to you.

As-a-service model
The internet has enabled the as-aservice model for IT infrastructure and
software. The IoT enables machines-asa-service or equipment-as-a-service
business models for all kinds of products,
potentially allowing many types of
company to shift from selling products to
selling services based on these products.
This model can transform large capital

technology? There are at least four

reasons: lower consumable costs, higher
quality service, healthier products and
safer services.
Most machines require consumables
to operate. Planes need fuel, gene
sequencers need chemical reagents and
so on. Anyone whos ever run an inkjet
printer knows that the machine rarely
costs more than the toner used over its
lifetime and generally, consumables are
so integral that they form a large portion
of any operational cost structure. It
follow that any reduction in consumables
can be a significant benefit.

CEOs of leading manufacturers are

beginning to understand that the
internet has the potential to change
their business models
expenditures into a pay-by-usage
operating expense. Emerging examples
of this trend include selling tyres by the
number of miles driven, compressors
by the amount of usage and industrial
coal mining machines supplied based on
the volume of coal mined. Selling such
services will often be more profitable
than selling the products they are based
on. In your industry, while you may not
want to take the risk of being the first to
move into offering product-as-a-service,
you certainly wont want to be the last.

Reducing consumables
Lets move on to the enterprises that
use Things: hospitals, farms, airlines,
manufacturers and utilities. Why should
they care about web-enabled precision

Lets take Nick August, owner of August

Farms, as an example. Precision farming
can lower the cost of consumables
such as fuel, fertiliser and pesticides
and Nick estimates that with precision
agricultural machines, he can reduce fuel
consumption from 60 to 5.9 litres per
hectare for crop establishment. Thats
a huge saving to him but of course, he
also uses fertilisers and pesticides and
a reduced consumption of those not
only reduces his costs, it also creates a
healthier product thats having less of an
environmental impact.

Application
So what technologies and skills does
a business need in order to implement
an IoT solution? Such applications can

39

/internet_of_things
be very complex because they cross so
many different domains. In my recently
published book, Precision: Principals,
Practices and Solutions for the Internet
of Things, we simplify the domain into a
five-layer framework: Things, Connect,
Collect, Learn, Do
Things are becoming smarter. Driven
by the widespread use of sensors in cell
phones, costs have plummeted, allowing
next-gen machines to include numerous
sensors a recent oil drilling platform
in the Gulf of Mexico has over 40,000.
The continuing reduction in computing
and data storage costs allows any Thing
a crop sprayer, blood analyser or solar
grid to be driven by increasingly more
sophisticated software. As any Tesla
owner can tell you, they tend to get new
features more often than the rest of us.
Connecting Things require a diverse set
of technologies based on the amount of
data that needs to be transmitted, how
far it needs to go and how much power
you have. You also have many choices on
how to manage the connection and how it
is protected and secured.
Collecting this huge volume of IoT data
will be a challenge. Currently, data might
typically collected and stored using
SQL, NoSQL and traditional time-series
from companies such as IBM, SAP, Oracle
and Teradata. Your data architect will
be dealing with a different kind of data
than a traditional transaction processing
systems. Learning and analysis products
will also be required to make sense of
this flood of data. Each product will
include query technology as well as both
supervised and unsupervised machinelearning technologies. Because, until
now, we have mostly focused on IoP
(Internet of People) applications, most of

40

the technology applied to learning from

data streams has been applied to learning
from data about people. Machinelearning innovation is being driven by
large companies such as IBM and their
well-known Watson technology as well as
companies as small as Lecida, a stealth
startup from Stanford.
In IoP there is a set of horizontal
packaged application for ERP, CRM,
Purchasing and HR. The same will be true
of IoT. An example of an IoT management
application comes from a company called
Oomnitza. Traditional asset management
assumes things are dumb, so a person
needs to scan a bar code or type an
identifier into an IoP app. Furthermore if
the Thing needs to be serviced, a person
issues the service order. But in the
new world, Things are smart and can be
programmed. So potentially, each Thing
can now identify itself and issue its own
service request.
Like the IoP world, there will be many
more custom applications than packaged
applications. Many companies are
starting to provide middleware, from
large companies such as GE with Predix
down to young companies such as
Atomiton with their unique Thing Query
Language (TQL). As many in the software
industry already know, the movement
to delivering software as a service has
revolutionised the enterprise software
industry. It promises to be no different
for enterprises that build machines and
those who use them.

As someone whos worked in the area

of cloud computing for years Im often
asked, Is the cloud secure?
machines as different as agricultural
equipment, compressors or gene
sequencer will consist of two kinds of
data: machine data and what Im going to
call nomic data.
Whats the difference? Well, a gene
sequencer has machine data such as the
power level of the laser or the amount of
chemical reagents. But it also generates
ge-nomic data, the actual gene sequence.
On the farm, seed spreaders and fertiliser
sprayers generate machine data such
as speed, oil pressure and location,
alongside agro-nomic data such as the
nitrogen level of the soil or the moisture
level of the grain.

A matter of security

Should all of this data be available to the

builders of machines? Car manufactures
might not want to share the data from
their construction robots as this might be
used to forecast the companys quarterly
results. Semiconductor manufacturers
might not want sensitive process data
outside of their four walls for similar
reasons while Chinese wind turbine
companies might not want energy data
going to foreign countries. This is going
to be an ongoing debate since clearly the
machine manufacturer can only build a
more reliable, secure, performant product
if this data is shared.

No matter which part of the five layers

youre designing on or using, youll have
to make sure youre considering issues
relating to security. Some of these will
be unique to IoT. For example, data from

As someone whos worked in the area

of cloud computing for years Im often
asked, Is the cloud secure? I tell them
that we need a more sophisticated

understanding what the word secure

actually means. Security is a complex
topic but as a management consultant,
its useful to simplify the subject.
Any IoT application is secure only if it
meets feature specifications in five key
areas: hardening, identity and access
management, auditing, testing and,
finally, compliance.
The security of any IoT application
depends on not only the integrity of
the application itself but also all the
supporting software and hardware. So at
the basic level, you must make sure the
latest security patches have been applied
and there are no viruses or malware. A
well-documented vulnerability in an IoT
application is the story of the StuxNet
virus. If everything from the application
down to the network is not hardened,
all bets are off. A specific example of a
security feature for an IoT application
might be that from the time a security
patch is issued from ten suppliers, 433
tests are applied and the patch is placed
into production within 32 minutes, plus
or minus 15 seconds.
The implementation of any such
security policy is dependent on knowing
the identity of an individual. Once
authenticated, access management
is deciding what data or operations
an individual can do. Just like the
speakeasies during the Prohibition era,
someone inside has to know who you
before you can enter. Thing or machine

authentication might be able to skip

ahead and move to schemes which
require no passwords.
A key principle in building secure systems
is auditing the recording of all the
changes that happen to an application
and its underlying technology. Because
any system built by people will have
flaws, you want to be able to study the
audit trail in order to identify the source.
Intrusion detection solutions use real
time auditing to sound the alarm when
a security fault occurs. Maybe one day
like the characters in the movie Minority
Report, well be able to discover a security
fault before it happens. Which brings us
neatly to security testing
There is a wide variety of security
tests which can be run to determine
whether the security of the application
and underlying technology can be
compromised. Since this class of
operations management cloud services
is available from a number of companies,
it still remains to be seen what universal
standards will emerge for IoT.
Were only at the beginning of this wave
of technology, what I think of as the third
generation of enterprise software. As
a management consultant, you should
consider becoming a student of this
area. As I tell my Stanford students, our
industry has so far only really affected the
virtual world. Weve made it easier to pay
for things or plan a trip but as we start
being able to use software to change the
physical world, were going to need to
build a more precision planet.
Timothy Chou is the former President of
Oracle On Demand, a lecturer at Stanford
University, Chairman of the Alchemist IoT
Accelerator and an IoT company investor.

41