Standardization: How to Build a Business-Ready Internet of Things
This is Part Three of PCMag’s trend overview, breaking down the enterprise IoT landscape through the lens of this year’s Mobile World Congress. Check out Part One on enterprise use cases here and Part Two on IoT security here.
By Rob Marvin
The Internet of Things (IoT) was one of the top-billed themes at Mobile World Congress this year, but the enterprise side of the space was one of the quieter, more interwoven trends revealed at the show. The shiny consumer IoT devices — smart home, wearables, connected cars, cute little robots — they were the IoT front men, lining the sensory-overloaded aisles of the Fira Gran Via in Barcelona. But if you walked past an enterprise tech giant on the show floor, the odds were good you’d pass a wall-sized poster or infographic about Intel, SAP, VMware, or HP Enterprise’s “IoT cloud” or “IoT services solution.” In fact, the odds were good you’d hear about any product capitalizing on the back-end cloud, infrastructure, security, and ecosystem-full of related services sprouting up around the new ecosystem of business and consumer devices.
There are three big boxes to check off if you’re going to call your company’s IoT solution enterprise-ready: security, interoperability, and a good enough value proposition. The tech you deploy should feed you back data and analytics, or be able to produce a tangible business advantage that actually makes a difference to your bottom line.
Part One of this feature broke down some of the biggest IoT applications we’re seeing in business tech right now. Part Two delved into how companies are working to solve all of the different levels of the IoT security equation. The final piece of the story digs into some of most prominent IoT standardization efforts available, and how blockchain (another technology we’ve been watching closely lately) might be the answer to some of the toughest IoT execution riddles: interoperability, identity, authentication, and security, all wrapped up in a distributed, immutable ledger.
The Interoperability Factor
The concept of interoperability is key to one of the biggest selling points for the IoT: millions of connected devices talking to one another. To pull off that kind of seamless interoperability between machines, manufacturers need to sync up hardware and software across industries and on a massive scale. That’s where standardization comes in.
In enterprise-focused IoT, interoperability often means machine-to-machine (M2M) communication. On this end of IoT standardization, you’ve got players such as the Industrial Internet Consortium (IIC) and the oneM2M specification. There are also newer initiatives involved, including the Open Trust Protocol (OTrP) developed by ARM, Intercede, Solacia, and Symantec.
At Mobile World Congress, I talked to Intercede CEO Richard Parris about the OTrP. I also spoke with Chris Drake, Chief Technology Officer at iconectiv (a oneM2M member company and subsidiary of Ericsson), about it. The executives discussed the challenges of interoperability and IoT standardization, and how to manage M2M data access and sharing.
“In IoT, there are software applications within these devices that talk to the cloud over complicated network configurations,” said Drake. “These connections should be governed by a highly interoperable framework. Right now, the race to win the mindshare of IoT and deploy sensors is a very bespoke, point-to-point process. The sensors talk to this cloud application but won’t talk to another and won’t share data between them.”
Making Sense of IoT Standards
The IoT is still in its early stages of development. At the moment, the standards landscape is fragmented and can be a bit confusing. Here’s a quick breakdown of some of the more prominent standardization efforts out there.
In recent news, two of the biggest open-source, tech industry consortiums — the AllSeen Alliance and Qualcomm’s open-source Alljoyn framework — joined forces with the Intel-backed Open Interconnect Consortium (OIC) under the newly renamed Open Connectivity Foundation (OCF). The Open Connectivity Foundation changed its name from Open Internet Consortium back in February 2016 and merged with AllSeen Alliance in October 2016. The two organizations now operate as one under the OCF name and bylines. AllJoyn is AllSeen Alliance’s open source framework and IoTivity is OCF’s, but the two frameworks are completely interoperable.
IoTivity is hosted by the Linux Foundation, which has also partnered with Thread (backed by Google’s Nest) to ensure compatibility of OCF’s application layer with Thread’s wireless mesh network to provide all members with a joint solution that enables companies to more easily develop solutions for the connected home. The OCF’s Board of Directors includes executives from Canon, Cisco, GE, Intel, LG, Microsoft, Qualcomm, and Samsung. Confused yet? That’s just one collective standards effort.
Nonprofit standards organizations such as the IEEE and W3C have their own IoT standards. Apple has HomeKit. And IFTTT and Zapier are tools designed to connect internet-connected apps, services, and devices. There’s even a whole other category of standards for IoT networking communications protocols. Then, in addition to all of those, you’ve got enterprise IoT standards designed for industrial scale.
Time for a brief tech history lesson. Telcordia Technologies, which has done business under the iconectiv brand since 2013, has roots that go all the way back to the 1984 antitrust suit that broke up the American Telephone and Telegraph Company (AT&T) monopoly for good. One of the resulting entities — along with what is today Alcatel Lucent, AT&T, Verizon, and dozens of other companies — was Bell Communications Research, Inc. or Bellcore. The company was renamed Telcordia Technologies in 1999 and acquired by Ericsson in 2012. All these years later, iconectiv is Bellcore, just by a different name. There’s your fun fact for the story.
All that history was given to provide some context into iconectiv’s background in the current IoT landscape. The company has evolved from its roots in telecommunications and carrier interoperability to mobile fraud detection and identity management for enterprises (and now into IoT interoperability). It’s from that perspective that Drake described how iconectiv handles IoT security and how oneM2M works to enable enterprise-grade interoperability.
“The oneM2M architecture fosters interoperability at the application layer,” said Drake. “It’s not a connection layer thing where, after you secure the connection, the application can still run amok. Security at the connection level is not the answer.”
“Let’s dive into what a standard service layer looks like for IoT,” Drake continued. “At the device level, you need to secure the connections. Above that, you want to secure the application layer, and do so through middleware that understands ingestion of the dataset from the device and knows where it’s going. Interoperability means a scalable management scheme for securing the privacy of that data as it flows to multiple cloud apps, not just one. Our directory manages authentication and identification of those streams.”
The oneM2M standard currently has 230 member companies, including big names such as Amazon, Cisco, Huawei, Intel, NEC, Qualcomm, Samsung, and many others. The organization is currently at work on releasing three of its specification frameworks, designed to enable IoT interoperability by working with legacy and proprietary technology across industries through a “service layer” that connects embedded hardware and M2M apps.
“OneM2M facilitates interoperability through a routing framework for industrial and field-level data,” explained Drake. “The framework understands the places the data can and can’t go, and can talk to neighboring middleware in another network depending on where the IoT device is located.”
Another recent standardization effort in enterprise IoT is the Open Trust Protocol. Developed by chip maker ARM, Korean tech company Solacia, and cybersecurity company Intercede, this newer IoT standard was announced in 2016. It combines secure architecture with “trusted” code management tools to overcome the difficulties of IoT interoperability in a fragmented IoT device landscape. Intercede CEO Richard Parris explained the protocol in the context of one of the most well-known classes of IoT devices: connected cars.
“A car is a great microcosm of the same IoT problem you see across medical devices, smart homes or airplanes, or what have you. When a Mercedes S Class leaves the factory, it probably has 150 ECUs [engineering control units] built into the vehicle, and they all need to trust each other,” said Parris. “That car is also going to go through maintenance cycles. Components will be swapped out. Firmware will be upgraded at different times. The car will go through multiple owners. Safety and security over time in a connected device like that is a huge, vastly complicated problem. Maintaining digital trust and identity in those components over 15 years of a smart car and doing that in a sensible way.”
The OTrP’s objective is to create an open protocol that defines how devices trust each other in a connected environment. Essentially, the protocol ensures that identity information is never exposed between apps, and provides a flexible standard by which you can connect firmware and apps through scalable public key infrastructure (PKI) without locking into specific vendors (to reduce fragmentation).
Intercede works with enterprises, governments, service providers, and app developers across industries. While the various standardization efforts across the IoT and M2M landscapes are vital for long-term enterprise viability, there are also — as we’ve now shown — a metric ton of them. Ultimately, Parris said government regulation may have to come into play as well, particularly in the wake of catastrophic IoT-based attacks such as the Mirai botnet DDoS.
“Another dimension we’ve seen is the potential weaponization of devices in the home and car, which means we’re going to start to see the ecosystems become government-regulated,” said Parris. “But government regulation of all this technology will only be effective if you can get down to the crypto strength in the silicon, eliminate the use of passwords to protect things, have cloud-based certificates at volume securely injected into things, and then have an ecosystem in which you manage the lifecycle of ownership and the keys of associate ownership.”
That’s what all these standards aim to do.
How Blockchain and the IoT Fit Together
The IoT industry is beset by big questions. Security, interoperability, identity management, and the like are formidable challenges to be overcome before the promise of the IoT will ever be fully embraced by the business world. On a number of these fronts, blockchain may serve as a possible solution.
Blockchain’s applicability in IoT management isn’t a one-off experimental use case. Several of the companies I spoke to for this feature — Accenture, Aricent, iconectiv, and others — discussed why blockchain’s distributed ledger makes sense for the IoT. They also explained the technology’s potential to solve for the complex identity management and authentication problems that the IoT presents.
Intercede’s Parris discussed the challenge of enforcing IoT policies in connected cars as the device changes owners. Craig McNeil, Global Managing Director for IoT at Accenture, mentioned how blockchain-based smart contracts could track IoT device ownership and data rights in exactly that type of environment.
“Think about an automaker today: Who has access to all the data coming from a connected car? Even tires have sensors in them,” said McNeil. “So I buy a car with all these sensors and then think I own the data my car is collecting. But let’s say the manufacturer also thinks it’s their data. A distributed digital ledger could track of IoT ownership of that car, and automatically-executed smart contracts [could] handle the ownership rights.”
That’s one simplified application of blockchain in the IoT. Global design and engineering firm Aricent is working to build blockchain solutions into its development process for enterprise clients, baking it into the mechanisms for managing IoT security and identity within a company’s existing infrastructure.
Aricent is working primarily with private blockchain distributions (the company has cloud partnerships with IBM and others) to develop distributed IoT software that keeps the chain of trust intact. That idea of trusted data connections is core to the IoT, as experts have explained throughout this story. Prakasha Ramchandra, Assistant Vice President of Technology and Innovation at Aricent, walked us through the firm’s thinking on blockchain and IoT.
“We are talking about the chain of trust to establish product development across hardware and software. Federated identity is part of IoT device identification,” said Ramchandra. “Blockchain is a fabric to tie all that together. There are unique challenges to solve at every level of IoT compared to traditional enterprise, and blockchain can be useful in validating and authenticating within the IoT environment, the network, the application layer. There are use cases from devices up to data security, and we’re trying to evolve that in terms of how it all gels.”
Aricent isn’t at the point where they can stitch a distributed blockchain ledger throughout the entire end-to-end IoT development ecosystem. Blockchain, as a technology, is still in its early stages and blockchain in the IoT is even more novel. The company is starting small, by establishing blockchain-based identity verification to tie IoT device, network, and app security together. Aricent CTO Walid Negm expanded on the DevOps angle.
“We’re using blockchain to establish this chain of trust for source code. Checking on test code, using private keys to sign, making sure nobody tampers with it, and working on applying the blockchain ledger to that in a transparent and frictionless way,” said Negm. “We’re trying to make it as easy as possible for the IoT developer. The idea is to overlay blockchain onto a DevOps environment to help streamline product development. So, every time a developer commits code, it’s automatically tested and validated by other nodes in the system.”
Aricent takes a code-level view but there are vast applications beyond that of how blockchain and the IoT fit together. Chain of Things is a think tank exploring blockchain to solve for IoT security, identity, and interoperability. Filament is a blockchain startup building IoT hardware and software for industrial applications such as agriculture, manufacturing, and the oil and gas industries. IBM has a whole Watson IoT platform built on blockchain. The list goes on and on.
A global IoT isn’t an easy concept to wrap your head around. Building an IoT that can stand up to the needs of enterprises is even more difficult to grasp when you factor in security, identity, interoperability, and technology such as blockchain thrown into the mix. But, when you put all of that together into a network of devices and data streams completely redefining the way you do business, it’s easy to see the appeal. Most enterprise companies aren’t big fans of the “IoT” as the name for this new category of connective technology. But, at this point, they’re stuck with it.
Read more: Blockchain: “The Invisible Technology That’s Changing the World”
Originally published at www.pcmag.com.