Search Results

201 items found

Blog Posts (72)

  • 3 Tactics to Accelerate a Digital Transformation

    How do you encourage and enable distributed groups of people to get the most out of new digital technologies? Nothing changes unless people’s behavior changes. Sure, digital transformation requires that companies upgrade systems and make sure people have the right tools and know how to use them. But those investments only lead to transformation if they are coupled with serious work helping people adopt and use that technology in meaningfully different ways. Otherwise, you replace fax machines with email, email with Slack, Slack with neurologically transmitted messages (someday!), but still find past problems perpetuating. by Scott D. Anthony and Paul Cobban (Harvard Business Review, November 25, 2021) How do you encourage and enable distributed groups of people to get the most out of new digital technologies? Let’s consider a case study of how DBS Bank in Singapore managed the transition to more distributed, remote work over the past two years. [Disclosure: Scott’s firm, Innosight, has provided advisory services to DBS in the past. And Paul is currently an Advisor to DBS.] This case suggests three key tactics to enable successful digital transformation: use technology to make technology disappear, actively shape day-to-day behavior, and systematically reinforce desired behavior changes. 1) Use technology to make technology disappear. Paul served as the Chief Data and Transformation Officer for DBS Bank in Singapore for more than a decade. He led a team called “Future of Work” that helps to accelerate innovation and drive technology adoption across the workforce. The team seeks to use technology to create friction-free, human experiences, where the technology itself disappears into the background. Like most banks, DBS is very security-conscious. The rise of people working from home in the wake of the Covid-19 pandemic has brought new security risks, such as the possibility of bad actors more easily taking photos of screens, to use one example. Due to these concerns, DBS did not allow most employees to access sensitive systems from home prior to the pandemic. But with the increased need for remote work, DBS now uses new techniques — some of which were originally created to combat credit card fraud — to enhance the security of remote work, without compromising the user experience. For example, DBS now places a “digital watermark,” or a unique pattern, on each user’s screen. It uses sophisticated artificial intelligence to detect unusual employee behavior and has dramatically simplified the two-factor authentication experience required to access internal systems. These largely invisible background technologies allow employees to enjoy the same access to enabling tools and sensitive information, wherever they happen to be. Another challenge brought about by the increase in remote work is getting a handle on employee sentiment without as much face-to-face interaction. To address this issue, the Future of Work team has built a model using natural language processing algorithms to spot weak signals of employee dissatisfaction in qualitative comments in regular experience surveys. The model assesses employee sentiment and categorizes and highlights patterns in qualitative comments. It features a dashboard so that any department or team can view sentiment analysis and trends across categories or drill down into word-for-word comments. This approach enables leaders to have a fine-grain view on what needs the most attention. A final example involves using technology to pinpoint internal tools that aren’t delivering against employee expectations. As employees work in a more hybrid fashion, they need a wider range of digital tools to help do basic work tasks. DBS has more than 200 applications that employees can use to do common tasks ranging from processing credit card applications to completing online performance reviews. Just as consumers rate games and productivity tools in Apple’s popular App Store, DBS employees rate their internal applications. For any application that has more than 100 users and less than a four-star rating (out of five stars), the app owner must address the identified challenges. For example, one app tracks the number of times employees open official corporate communications to measure their effectiveness. A low app store rating surfaced significant usability issues, such as frequent crashes and a confusing interface. The team upgraded the app and introduced training, boosting the score well above 4 stars. 2) Actively shape day-to-day behavior. In our book Eat, Sleep, Innovate (also co-authored by Scott’s Innosight colleagues Natalie Painchaud and Andy Parker), we noted that a significant barrier to behavior change in organizations is the inertia of old ways of doing things. Past processes designed for an analog world can conflict with digital technologies, leading to duplication of effort and significant employee frustration. DBS has a mechanism to deal with this problem called the Kiasu Committee. Kiasu is local slang in Singapore, akin to the idea of the fear of missing out (when people stormed supermarkets early on in the pandemic to hoard toiler papers, locals would say, “Why so kiasu?”). The head of Legal and Compliance chairs the Kiasu Committee, which takes the form of a mock courtroom where any employee can “sue” the owner of a policy or process that they feel is getting in the way of getting work done. A mix of employees from a range of levels serve as the “jury,” collectively deliberating over whether a change should be made. One of the first decisions was to remove the need for physical signatures to approve a proposal. The approach caused quite a ripple through the company and gave DBS employees confidence that their issues would be heard and addressed. The Future of Work team has also focused on addressing new problems that arose with the rise in remote work, such as the “cultural decay” that comes when connectivity and community fray due to factors ranging from obvious ones (the lack of the ability to hold informal gatherings) to more subtle ones (the lack of buffers between meetings inhibiting informal human connection). Digital dislocation can drive cultural decay by limiting opportunities to teach norms to new members formally, or, even more importantly, to reinforce shared beliefs and assumptions in subtle ways. For example, newcomers can’t watch longstanding, unstated rituals, like how people array around tables during meetings, or observe which topics of conversation flow naturally in the hallway, and which are avoided. DBS has developed specific rituals to address cultural decay. For example, it now offers a formal multimedia onboarding experience for new employees. The idea is to be very intentional about how DBS teaches key elements of its cultural transformation to new employees. The ritual builds off of a physical “wall of transformation” that DBS had in its headquarters providing a visual overview with year-by-year highlights of its transformation. The onboarding journey combines a digital version of this story with a set of curated discussions with DBS leaders. Not only does that provide a more complete picture of DBS’s transformation, it lets new employees quickly “meet” a range of leaders in the bank. Another example is “meeting check-in.” Borrowing from agile development principles, at the start of meetings, DBS asks people to pick a number from 1 to 10 describing their state of mind. Anyone who doesn’t give a 7 or 8 has to explain why. Another approach is to ask people at the start of meetings what percent present they are in the meeting or to ask, “Is there anything that will prevent you being fully present at this meeting?” creating opportunities for people to share humanizing factors that build team empathy. Some departments augment the in-meeting ritual with simple apps to regularly track and calibrate data. The Kiasu Committee, the virtual onboarding ceremony, and the meeting check-in are all examples of what we call BEANs, shorthand for behavior enablers, artifacts, and nudges. They combine a formal behavior enabler (like a checklist or a ritual) and informal artifacts and nudges (like a visual reminder) to drive behavior change. Our article “Breaking the Barriers to Innovation” provides a step-by-step guide for how to create BEANs. 3) Systematically reinforce desired behavior change. Like any data-driven improvement program, the Future of Work team has faced its challenge. For example, it was natural for app owners to respond to low ratings by getting defensive, challenging the validity of the data, trying to hide bad news, or even gaming the system by submitting anonymous positive reviews. Approaches that have the potential to give a louder voice to broader groups of employees only work if there are reinforcing mechanisms to hear those voices clearly and act based on what they are saying. More broadly, managing the human side of digital transformation requires work to systematically reinforce desired behavior change. For the Future of Work effort, that starts with connecting to an overall effort at DBS to have a balanced scorecard that measures and manages its transformation efforts. DBS also modified incentives to support its overall digital transformation efforts. For example, the usage and rating of a particular digital app directly impacts the performance rating and bonus of the DBS leader responsible for that app. Additionally, DBS created a new governance system specifically related to the employee experience. The “Employee Journey Council,” chaired by key senior executives, discusses issues identified by employees such as the responsiveness of the internal IT team and the burden of remote working. The council then intervenes to improve the employee experience. For applications that are missing their target threshold, for example, the council scrutinizes progress against an identified improvement plan. DBS plans to drive this governance mechanism lower in the organization to further increase accountability. DBS carefully tracks and measures progress in its digital transformations. The percentage of employees who said that they strongly agreed with the statement that digital tools enhanced their productivity increased from 78% in 2019 to 84% in 2021. Positive sentiment measured with the dashboard mentioned above has increased by 35%. And, specific to hybrid work, a September 2021 dipstick survey found that 92% of employees said they were satisfied with the technology that helps them work remotely. While the journey hasn’t been easy for DBS, rapid advances in artificial intelligence and the availability of open-source solutions have significantly simplified the ability to create models and back-end tools to reduce the barriers to digital transformation. Following the tactics in this article have smoothed DBS’s transition to hybrid work and helped DBS continue to win regular accolades. Leaders at other organizations can similarly accelerate their own digital transformation efforts by using technology to make technology disappear, actively shaping day-to-day behavior, and systematically reinforcing behavior change. The payoff in the forms of higher engagement and improved productivity is well worth it.

  • What IIoT Means for Manufacturing

    How the Internet of Things Enhances Efficiencies throughout the Factory IIoT is perhaps the biggest buzzword in factory automation today, and it is a key aspect of Industry 4.0. But IIoT is more than just the way of the future. IIoT already impacts the way factories operate today, and it will increasingly impact businesses in the future. Therefore, it is essential to understand the terms being used, recognize how IIoT technologies are already being implemented in manufacturing facilities, and prepare your business for the future. Terms Defined: Industry 4.0, IoT, and IIoT The term Industry 4.0 broadly describes the current wave of technological innovation as an era in history characterized by interconnectivity enabled by the internet and wirelessly-connected devices. By way of background, Industry 1.0 refers to the era of water and steam power and Industry 2.0, the era of electric power. Industry 4.0 follows closely on the heels of the digital era (Industry 3.0), and many manufacturing facilities still operate using digital technologies. While digital technologies have enabled the collection of large amounts of valuable data, this data primarily exists in silos that are not easily accessible for analysis and actionable insights. The technologies of Industry 4.0 take data collection to the next level by making data readily available and by automating the communication between industrial automation equipment and systems. This allows businesses to leverage data in more meaningful ways, including enabling predictive analysis for machines as well as process optimization across the factory floor. While Industry 4.0 refers to a period of advancements in technology, the Internet of Things (IoT) describes the technologies that connect objects—from consumer electronics to industrial components—to the internet. The Industrial Internet of Things (or IIoT) refers specifically to the impact of this innovation on industrial applications. IoT/IIoT technologies together create “smart” networks. For example, the wireless technologies of a smart home connect homeowners to almost anything in the house—from their home security system to their refrigerator—and allow remote accessibility via smart phone. Similarly, a smart factory provides plant managers with visibility, analytics, and remote access to wirelessly connected machines. The key benefits of IIoT technologies for factory automation include: Visibility and Remote Access to the operational status of machine components (both historically and in realtime) allows plant managers to monitor and diagnose systems quickly as well as identify and resolve problems before the impact on machine availability and productivity compounds. Predictive Analytics allows for more accurate planning of machine maintenance, which can help reduce machine downtime, increase mean time between failure (MTBF), and reduce costs of unnecessary preventative maintenance and spare parts inventory.  Interconnectivity enables seamless communication among machines, components, and people. Interconnectivity increases efficiency by allowing for more autonomous machine performance and streamlined manual processes. Overall, the increased visibility, analytics, and interconnectivity afforded by IIoT mean that these technologies are not just short-term investments or solutions to immediate problems; rather, they enable continuous improvement by providing companies with the capabilities necessary to solve new problems as they arise—compounding the value of the investment over time. What Does IIoT Mean For Factories? IIoT technologies allow businesses to access and leverage factory-wide data in more meaningful ways compared to digital technologies, but what does that look like in practice? Following are three practical examples of how visibility, predictive analytics, and interconnectivity are impacting factories today. Visibility and Remote Access Increase Efficiency In order to ensure efficient processes throughout the factory, machine operators must quickly and easily determine the status of machines. The greater the visibility, the easier it is to identify and resolve problems and keep operations running smoothly. Traditional tower lights provide visibility wherever they can be physically seen. However, tower lights equipped with wireless communication capabilities take visibility to the next level by both displaying a visual indication of an event and transmitting wireless alerts. This helps ensure that operational problems are identified and addressed immediately, regardless of whether machine operator is physically present to see the visual indicator. For example, tower lights with wireless communication allow operators to remotely monitor machine performance without lengthy and expensive cable runs. The lights indicate machine status visually while updates are also transmitted over a secure wireless network to a remote device, triggering an action or prompting a response from an operator at a workstation away from the machine. An additional benefit of wireless indicators is data logging for use in OEE (Overall Equipment Effectiveness) calculations. Not only can operators respond to alerts quickly as they occur, but a history of alerts can also be stored and analyzed offline. This historical data can be used to track machine uptime, production volume, rejected parts, and other key metrics in order to make more informed decisions over time. Predictive Maintenance Increases Machine Uptime and Availability In addition to real-time status monitoring, IIoT technologies can also be used to help avoid machine failures thanks to predictive maintenance. The traditional approach to machine maintenance is to follow a prescribed regimen of preventative maintenance. This involves regularly replacing machine components based on the manufacturer’s suggested timeline rather than data from the actual machine. This means that you might be paying too much for unnecessary preventative maintenance plans and replacement parts; or you might experience unexpected downtime if something goes wrong between scheduled maintenance visits. With predictive maintenance, much of the guesswork is removed because maintenance decisions can be made based on the historical and real-time data from the machine itself. For example, wireless vibration and temperature sensors can detect signs of misaligned, loose or worn parts on a machine. The wireless sensors then transmit that information to a wireless controller that makes data available immediately (via text or email alerts) and for long term analysis. By monitoring machine components in real-time for increases in vibration and temperature, problems can be detected and resolved before they become too severe and cause additional damage or result in unplanned downtime. Over time, the historical data creates a valuable machine performance log that can be used to make more informed maintenance decisions down the line. Interconnectivity Streamlines Factory Communications IIoT technologies are not just useful for optimizing machines. In fact, wireless technologies enable seamless interaction among human workers as well, and can have a significant impact on the efficiency of manual production lines. For example, instead of requiring machine operators to walk over to the manager area for assistance with a technical issue, a wireless system utilizing connected pushbuttons or switches and tower lights can be used to alert managers when assistance is needed on the line. For example, a notification system might be set up so that an operator pushes a button or flips a switch to alert the manager or technician that he or she is needed on the production line. A tower light connected to the gateway’s outputs would then indicate which production line needs a manager’s attention, and colors could be assigned to indicate the need for a technician (red) or manager (yellow). Wireless pushbuttons equipped with LED status lights can also facilitate 2-way communication by configuring the LED to change color when the manager or technician indicates that he or she is on their way. Using a wireless tower light notification system reduces the need for technicians and managers to constantly check each production line and for workers to leave their workstations when they need assistance. By utilizing a wireless network of connected devices to streamline communications, managers, technicians, and line workers are able to use their time more efficiently and productively. Conclusion: Is Your Business IIoT-Ready? From keeping machines running smoothly to enabling seamless communication between machines, components, and people, the benefits of IIoT technologies are tangible. However, it can be challenging knowing where to start and how to use these technologies to their fullest advantage. Below are three questions to help manufacturers prepare for a move from digital to IIoT: What are the inefficiencies in your operations? What kind of data would help you overcome these inefficiencies? What communication processes need to be in place in order to utilize data in a meaningful way? Answering these questions can help manufacturing facilities identify the best technologies to meet their immediate business needs and start taking advantage of the long-term benefits of IIoT. For more information, visit!

  • Best Practices to Build a Pragmatic Security Strategy for Industrial IoT

    Technology has always been a step ahead of the culture that develops it. Cars existed long before roads, safety standards, and laws governing driving came into being. Similarly, Internet of Things (IoT) security continues to make technological improvements in leaps and bounds, while the culture critical to successful (and secure) usage lags behind. At the same time, IoT has spread beyond relatively benign consumer products and into large industrials. Introduction The insight, conveniences, and power of the industrial Internet has drawn in thousands of mission-critical assets and systems. With the increased power comes the increased risk associated with Internet-connecting multi-million dollar equipment capable of causing harm to personnel and other systems. IoT companies now have to consider security as synonymous with safety when dealing with industrial equipment where device-state changes can have devastating impacts to systems and people. As industrial applications continue to see high rates of IoT adoption, the human element will play an increasingly important role in security alongside technology. The management of users, permissions, relationships, data breaches, and insider adversaries present a special and unique risk to systems even when they implement the most secure device-level communication. In reality, any system can and will be compromised. As bleak as this may sound, this understanding can help organizations develop an approach to IoT security that seeks to protect against, deter, detect, contain, and minimize the impact of hacking attempts. A modern, pragmatic approach to IoT security must involve strategies that pull from both technology and culture equally to be effective. This white paper discusses how a comprehensive security strategy first begins with an in-depth understanding of the technology concepts that are key to IoT security. Next, it provides examples of how proven technology approaches can be used together to provide defense in depth. Finally, this white paper identifies the core cultural values that must be in place to support technology components to develop a well-rounded, effective approach to IoT security. The Core Technology Concepts of IoT Security One of the first steps in developing a comprehensive security strategy is understanding the core technology concepts in the realm of IoT security—data, control, and hardware. Developing an understanding of these concepts can help organizations learn how to better prevent attacks, mitigate impacts, and recover from attacks on IoT systems. This section will explain these concepts in more depth and provide insight to consider when contemplating security for each. Data Data is the currency of IoT solutions—it is the thing we collect, process, analyze, and use to identify and control users, behaviors, and environments. To secure data, it is useful to think about it in three contexts: data at rest, data in motion, and data in use. Data at Rest Data at rest is data that is stored on a hard drive, in a database, in flash memory, or in RAM. Data that is customer-private should always be encrypted so that if attackers gain access to a database, they cannot understand the information. Other data, like analog sensor data, may or may not be important to encrypt depending on the application. Of particular importance is the embedded system that may or may not have encrypted flash. Some microcontrollers also allow a fuse to be blown at manufacturing time to disable another user from reading the contents of flash or re-programming it with their own software. These are all mechanisms to protect data at rest. Data in Motion Data in motion is data sent from a sensing device over a wired or wireless network, like Wi-Fi, public Internet, or cellular. For this context, it is important to make sure an attacker is not able to listen in on communications and understand what data is being sent. This is especially important for private customer data, but it is also important for machine data in many use cases. Each delivery mode should be carefully analyzed for any IoT solution. Data in Use Data in use is data accessed by a user, machine, or web service with particular permissions that others do not have. For instance, a facilities engineer responsible for keeping an HVAC system up and running may have access to see data for their facility, but may not have permission to see another facility. Even more importantly, non-authorized personnel must not have access. Control Control refers to a special piece of data designed to change the state of a device. Control plays an important role in IoT security, as it bridges the gap between the abstract Internet and reality, where a connected device can have physical impact on the world around it. However, simply connecting a device to the Internet does not make it vulnerable. Devices have firmware that hard-codes the intended functions and cannot be easily changed by hackers. Similarly, the Internet cannot interfere with physical readouts of gauges on IoT-enabled industrial components. However, an industrial component that can be controlled through the Internet must be treated as special and unique. All aspects of data, network, and hardware along the path of control to an industrial device must be scrutinized constantly. A healthy questioning attitude regarding any work done on systems connected to industrial components is important, and maintaining configuration control within a system must take higher priority than making device-state changes easy. As such, a properly designed system will limit user permissions for control of a component only to critical users. Hardware End-user hardware, customer hardware, network hardware, and third-party hardware all play a role in the IoT game, and each have similar impact when considering IoT security. As a result, no cloud company truly exists free of hardware. The employees who code, provide support, and work for the company, the users that connect to the platform, and the servers that host their content all exist in real, physical ways. No matter what kind of computer system an IoT company uses, people will always interact with it in some physical way. The technology to secure hardware continues to mature, to prevent more attacks, and to provide more secure connections between systems; however, the people connected to these advanced machines continue to present the biggest vulnerabilities. A healthy security culture—a concept that is addressed in greater depth in Section 4—encourages individuals to both understand the capacity they have to make components of a system vulnerable to attack and the sense of responsibility they should have in ensuring the security of that system. Defense in Depth Another consideration when developing a pragmatic IoT security strategy is to layer proven security technologies to create a depth that yields better results and deters more hackers. The concept of defense in depth comes into play when considering how hackers typically begin—not by suddenly gaining access to critical data and control, but instead through incremental steps in which they throw the widest net possible to find the most vulnerable systems. For example, the Verizon 2016 Data Breach Investigations Report found that the average attack took days, not minutes. In response to this known behavior, a series of strategies can be used to respond to attackers at each step of their process to minimize the impact of hacking events: engaging in proactive activities to facilitate prevention, architecting systems for risk mitigation, leveraging the best technology to secure identities, and establishing processes to protect data and control in its many forms. The sections below discuss these strategies that are designed to address some of the most common vectors of attack. Proactive Response Innovative, proactive strategies have been devised to deal with the inevitability of successful intrusion. Some methods use social engineering against hackers that attempt to access sensitive data and control devices. One method involves creating a sandboxed, controlled environment that mirrors a real one. A fake employee is created that clicks on all phishing links, appears to have maximum authorization in the system, and has fake sensitive information. Hackers will take the bait of a completely valid-looking and vulnerable account, but will only be able to access the sandboxed, controlled environment. As a result, an organization can monitor and develop a better understanding of hacking behavior, methods, and motives. Another method leverages the fact that hackers often look for API vulnerabilities and rely on successful malware to gain access to servers. Technology has been developed to create fake, insecure endpoints that lead hackers again into a controlled environment where malware can be run with no risk to the actual servers. Showing vulnerability and hosting malware can lower the chance a hacker will end up on a real system. The most proactive response to an attack relies on early detection. When malware is detected quickly, it can be isolated or deleted to prevent attackers from scanning networks for other credentials, spreading malware to other computers, or finding sensitive information. If a hacker gets by the traps, a network must be in place that is configured to monitor unusual network activity and frequently scan hardware for malware. Accurate logging of information within an IoT application can also make it easier to track strange behavior—without logging, it becomes impossible to know what happens within a system and makes early detection more difficult. A strong questioning attitude is also a key part of a proactive response—workers and users should feel empowered to ask questions and report odd behavior from applications and hardware. New applications suddenly installed, strange emails from unknown persons, and login records at incorrect times all hint at activity that is outside the norm that should be reported and investigated. Security by Design When considering IoT security, there are several methods that can be used in the design of a system to prevent and deter hacking events. A surefire method to prevent an intruder from controlling critical assets is to structure an architecture that does not allow for control functionality. A one-way street allows an organization to benefit from the data collected without the risk of loss of control. A flexible IoT platform should allow device configurations that support both control and data-production-only capabilities. This type of flexibility allows an organization to tune the level of security to their IoT application, minimizing risk and maximizing the benefit. User and permission management forms another critical pillar in securing IoT applications. It should be assumed that one or more user accounts will be hacked. Distributing and isolating permissions as much as possible lowers the risk profile of an attacker gaining access to critical assets. Some organizations have gone as far as to have no single user with root access to control over accounts. Of course, this makes it more difficult to give permissions, change them, and manage them, so the drawbacks have to be weighed against the level of risk associated with an attacker gaining access. Virtualization of an application can also be used to make it significantly more difficult to cripple a network. Hosting applications in virtual environments distributes the risk of a platform to many instances of a single program. This means that even if hackers can cripple or gain access to a single virtual machine (VM), the functionality of the system at large is not compromised. Similarly, VMs can be destroyed without significant ramifications. The destruction of a VM that does not persist data can essentially reset the system to a known configuration. Virtualization and distributions of functionality complicate the options available to attackers and assists in deterrence. Securing Identities Taking steps to secure the identities of system users is a critical step in IoT security. Implementing a properly managed two-factor authentication system requiring a U2F key, or other technology, can create a solid technical barrier in front of would-be hackers looking to control a device or gain access to data through phishing and other social engineering scams. Passwords and authentication can seem abstract to those unfamiliar with technology, but the concept of a U2F key compares closely to the idea of house and car keys in protecting your most important assets. It is important to keep in mind, however, that good security does not always equate to a good user experience. Although requiring two-factor authentication for every application would be more secure, it can be cumbersome for users. Again, this balance must be considered based on the level of risk associated with the device connected to the platform. Flexible options for a two-factor authentication application can enable users to succeed without being too prescriptive in risk evaluation. The authentication can be cached and recognized on a single device or there could be a timeout for the authentication. Of course, these options increase the opportunity for a hacker to gain access, but the risk of having an unusable application could outweigh the risk of the connected device. Two-factor authentication also does not solve all issues, as the manner of implementation can have a significant impact on the level of security this method provides. The demands of a good user experience can require that a security token is valid for as long as 12 hours, which gives attackers a rather long window of opportunity if they gain access to user credentials and a temporary key. And, answers to question verifications like “What was the name of your first pet?” or “Where was your first job?” can often be looked up by a motivated attacker. Depending on the level of risk associated with a solution, it may be useful to consider other options like text verifications and phone-based authentication apps that provide significantly better protection than security questions. Governance, Risk Management, and Compliance Governance, risk management, and compliance (GRC) represent the components of process control within an organization that can play an important role in IoT security. Process should dictate the activities of workers within an organization, and workers should have governance to ensure compliance with company and regulatory processes. Processes specific to IoT security must be developed and applied within an organization according to the level of risk associated with the connected product and the process itself. For example, issuing permissions for the control of important assets should have higher governance than issuing permissions for access to view data. A well-defined process, that undergoes constant improvement and users are trained adequately on, gives people the best opportunity to perform tasks successfully and securely with the intended outcome. Organizations implementing IoT should focus on process for all security-critical functionality within the organization. The quality assurance process, the reviewing of security, and the hiring process should all be subject to constant scrutiny. The review of and improvement of processes leads to better outcomes overall. As such, process control and improvement should be a central focus. Core Cultural Concepts of IoT Security The previous sections covered some of the core technology principles of an IoT-security-focused organization. This section will focus on an equally important, yet often overlooked, aspect of a comprehensive IoT security strategy—the company culture and values that must be in place to support the technology components of IoT security. Principles for a Strong IoT Security Culture This section outlines the principles of a strong IoT security culture, which owe their inspiration to an industry that has successfully put safety and configuration management at the center of its focus for more than 40 years—nuclear power. The Institute of Nuclear Power Operations (INPO) nuclear safety culture principles, which have been field tested in real-world conditions, provide a close parallel to the importance of control in industrial IoT applications and helped guide the creation of the seven principles that follow. Everyone is personally responsible for IoT security: Workers, users, and coders feel personally responsible for the safety and security of devices connected to a network. Every stakeholder takes the time to evaluate their impact on the security of the system and, those who can, design in safeguards when possible to protect against and minimize the potential impact of attackers. Leaders demonstrate commitment to IoT security: Leaders within organizations frequently mention security, sometimes as a stand-alone topic. They make time to train users and workers about the importance of security and the potential impacts of being an organization that is connected to an IoT platform. Leaders show, both verbally and by action, that security is a top priority. Decision-making reflects IoT security first: Security should be central to the delivery of an IoT product. All decisions made in regard to the IoT platform should prioritize security over the delivery of feature requests. When necessary, security should take priority over usability based on the level of risk associated with a data or control breach of the IoT application. IoT is recognized as special and unique: Companies that work with IoT should understand the seriousness of the devices and systems attached to the network. Identities, permissions, and user management should be treated with the utmost care and scrutiny. State changes of a device attached to an IoT application should be treated with the highest level of security possible. A questioning attitude is cultivated: Workers should feel empowered to ask questions of any aspect of a system they work with. They should feel encouraged to report any instance of abnormality and get a timely response to concerns. A questioning attitude cultivates a culture in which people are more cognizant of daily activities and, as a result, are more aware of irregularities that may give early indications of a breach. Organizational learning is embraced: All individuals connected to an IoT platform should understand their potential impact and have a thorough understanding of the components of an IoT system. Organizations should take time to educate and train their workers to better understand the common vectors of attack used by hackers, the role they play in prevention, and the appropriate processes in the event of a breach. IoT security undergoes constant examination: Improving security technology, spreading secure cultural ideals, and testing security should be a constant effort. A healthy security program consistently seeks opportunities to improve, test systems, and patch often. Workers should be encouraged to provide feedback for improvement and to take proactive security measures to keep ahead of attackers at every opportunity. Conclusion As IoT continues to mature as an industry, the technology and culture surrounding it must constantly adapt to address the realities of hacker behavior, mistake-prone humans, and the seriousness of the equipment in play. By understanding the core technology concepts of IoT security, creating layers of technology-based security methods, and fostering a culture committed to security, organizations can implement IoT in a way that deters attackers, keeps assets and people safe, and minimizes risk.

View All

Pages (15)


    Transparenz schaffen. Innovationen gestalten. Wachstum steuern. II Aktuelles Hier ist immer etwas los: Innovationen, neue Projekte und Informationen zu Märkten und Technologien. Erfahren Sie mehr über Lean.IQ! Alle Beiträge (74) 74 Beiträge Produktion (33) 33 Beiträge Logistik (24) 24 Beiträge Aftermarket Service (22) 22 Beiträge Strategie (55) 55 Beiträge 7 Min. 3 Tactics to Accelerate a Digital Transformation How do you encourage and enable distributed groups of people to get the most out of new digital technologies? Nothing changes unless... 5 Min. What IIoT Means for Manufacturing How the Internet of Things Enhances Efficiencies throughout the Factory IIoT is perhaps the biggest buzzword in factory automation today,... 12 Min. Best Practices to Build a Pragmatic Security Strategy for Industrial IoT Technology has always been a step ahead of the culture that develops it. Cars existed long before roads, safety standards, and laws... 5 Min. DSGVO und die Bedeutung für das Industrial Internet of Things (IIoT) Smarte Geräte und Installationen erobern den Markt. Gemeint sind Geräte, die am Internet angeschlossen sind, also IoT-Geräte, und dem... 5 Min. Exosite: more than a software company— but your partner for IoT success. Low-Code/No-Code (LCNC) technologies are igniting an explosion of user-generated innovation. This innovation in LCNC can empower and... 5 Min. Was genau steckt eigentlich hinter der Digitalisierung? Das sogenannte Lean.IQ kombiniert Business Intelligence mit Innovationen in den Bereichen Produktion, Logistik und Aftermarket-Service.... 1 2 3 4 5 Exklusive Branchen-Insights & Inhalte erhalten > Vielen Dank!

  • ABOUT | Lean-IQ

    Transparenz schaffen. Innovationen gestalten. Wachstum steuern. II Partner Open Innovation: Durch die gezielte Einbindung unserer Technologie-Partner nutzen wir kreatives Potenzial bei der Produktentwicklung und schaffen gemeinsame Werte. Zusammen entwickeln wir innovative Ideen, die Sinn stiften und Mehrwerte erschließen. Dabei handeln wir agil und digital, mit dem Ziel erstklassige Produkte in Rekordzeit aus der Taufe zu heben. Hier geht es zum Marktplatz IoT software platform that allows businesses to strategically leverage the revolutionary world of connected devices. Quickly build and deploy solutions that accelerate the IoT. Partner for highly engineered connectivity and sensing products that make a connected world possible. Turning ideas into technology with reliability and durability. Unsupervised machine learning leader provides breakthrough technology solutions never thought possible. Predictive Maintenance in Machine Learning. The world’s leading IoT service provider. One global 0G network to connect your physical world with the digital universe and power industry transformation with complementary technology. Trusted IoT Edge components to simplifying your digital project transformation. The open edge software environment accelerates product development without vendor lock-in Strategic, digital, networked: Solutions for business critical operations with in-depth industry knowledge. Optimizing your value creation porcess from lean to digital in 14 days. Leading industrial networking and gateway hardware provider. Rugged Arm-based cellular IIoT gateways for uninterrupted connectivity for remote or distributed outdoor applications. Functioning logistics and production systems involve the perfect coordination of many different areas. A true partner from the first analysis to the final implementation. Partner in research and development of production strategies in international company networks. Delivering solutions for planning and control strategies. IPL supports individuals and companies on their way to understand connections and achieve success. You decide at which level you want to get in and where you want to get out. The Fraunhofer Institute for Digital Media Technology IDMT is one of over 70 institutes of the Fraunhofer-Gesellschaft, the world's leading organization for applied research in Germany. Network which pools the expertise of bavarian sensory companies – in their capacity as outstanding technology partners, they drive the development of intelligent sensor systems. Committed to supporting small and medium-sized companies on their way to digital transformation. An initiative of the Chamber of Commerce and Industry in Bavaria Partner werden Bewerben Sie sich für die Lean.IQ Alliance und lassen sie uns gemeinsam die Welt neu gestalten. Sprechen sie uns an!


    Erfahren sie mehr über unser Lösungen Optimieren sie ihre Gewinne und sparen sie Zeit bei der Auswahl der besten Netzwerkpartner und Konzepte für Ihre Wertschöpfungsprozesse. Machen sie ihre Prozesse effizienter, nachhaltiger & resilienter. Werden sie auch Teil des Business Netzwerks für Lean Professionals! Sign up now Sie wollen ein Device- oder Solution- Partner werden? Get started Schnellansicht Applikationslösung für die smarte Hydraulik Schnellansicht Applikationslösung Produktionslogistik, FIFO Kanban Regal Schnellansicht Applikationslösung Biogas Performance Schnellansicht Applikationslösung OEE (Overall Equipment Effectiveness) Monitoring II Lean.IQ Marktplatz The Digital Delivery Plattform: Strukturiertes Innovationsmanagement kombiniert mit nachhaltiger Strategie-Entwicklung auf einer digitalen Plattform. Umfassende Branchenkenntnisse, maßgeschneiderten Beratungskonzepte und sofort einsatzbereite Applikationslösungen beschleunigen Ihren Wandel zum Innovationstreiber. Mit Lean.IQ schaffen sie Transparenz in ihrem Wertschöpfungsprozessen und erkennen ihre Potentiale. So starten sie durch: Entdecken sie unser umfangreiches Angebot an Leistungen in den Produktkategorien Exchange, Analyse und Connect. Wir bieten Beratung und Optimierung auf Augenhöhe und orientieren uns an konkreten praxisnahen Bedarfen. Treffen sie ganz unverbindlich eine Auswahl der Themen die sie interessieren: in drei einfachen Schritten kommen sie ihrer Lösung näher! 1 Auswahl treffen Durchsuchen Sie die kontinuierlich wachsende Anzahl an Lösungen & Optionen auf unserem Marktplatz . Entscheiden sie dann ganz unverbindlich und ohne Risiko was am besten zu ihren Herausforderungen passt. 2 Potenziale entdecken Wählen sie eine Lösung aus und platzieren sie diese in ihren Warenkorb. Nach ihrer Bestätigung werden wir sie dann in Kürze zu einem kurzen Abstimmungsgespräch einladen um Potentiale genau zu definieren. 3 Optimierung starten Nun können wir ihnen auch ein konkretes Angebot unterbreiten, dass sie dann nochmal in Ruhe prüfen können. Mit dem Erhalt ihrer Auftragsbestätigung starten wir sofort mit der Umsetzung. Filtern nach Kategorie Alle E-Learning Hardware Lean Akademie Beratung Seminar Software Anbieter Eurotech Exosite Advantech TE Connectivity Moxa Phoenix Contact IPL Institut IPL Beratung Lean.IQ Use Case Energie Management Instandhaltung Infrastruktur Monitoring Produktion Landwirtschaft Telematik Logistik Aftermarket Service Erneuerbare Energien Sortieren nach Schnellansicht Fachkundige Beratung Preis ab 120,00 € Schnellansicht Interaktives Industrie 4.0 Demo Preis ab 500,00 € Schnellansicht Training - Industrie 4.0 Preis 85,00 € Schnellansicht Simulation - Design Thinking in 4 Stunden Preis 590,00 € Schnellansicht Simulation - LEGO® Serious Play®‐Anwendung zur Gruppenideenfindung Preis 590,00 € Schnellansicht Simulation - Lean KATA Preis 590,00 € Schnellansicht Simulation - Kanban (Verdeutlichung eines Pull Systems), Erweitert Preis 590,00 € Schnellansicht Simulation - Kanban (Verdeutlichung eines Pull Systems) Preis 590,00 € Schnellansicht Simulation - Training Within Industry (TWI) Job Instruction Preis 590,00 € Mehr laden Erhalten sie eine Start-Gutschrift von € 500 , wenn sie sich für ein IIoT Onboarding Paket entscheiden! Get on Board now!

View All