Exploring The IoT Attack Surface

Jeff Pollard

Merritt Maxim and I just published our research on the IoT Attack Surface. This report gives a realistic, but not sensationalized, view of how enterprises need to think about IoT. Three factors motivated our research for this topic - attacks on IoT will transcend the digital-physical divide, the sheer scale of IoT will challenge security teams, and IoT devices collect massive amounts of data.

The following methodology allowed us to hone in on concrete enterprise scenarios:

  • We went for offense first. We started by interviewing prominent security researchers that spend their days thinking about how to attack IoT devices and systems. Our outside in approach allowed us to develop a threat model for intrusions, as well as identify weak points in the defenses of IoT makers, users, and operators.
  • We explored the ramifications of an attack. We wanted to understand what an attacker would - or could - do when successful. We also wanted to understand the amount of friction that existed for whatever came next - credential harvesting, persistence, or disrupting operations.
  • We examined existing security practices to understand what works, and what doesn't when defending IoT devices. This step highlighted that while IoT is different, defending IoT looks similar to other security problems S&R pros have dealt with. You can bring security lessons forward and apply them to IoT without having to learn them all over again.
Read more

Nokia “Connects” Network Services To Customer Experience

Dan Bieler

Nokia’s services division recently hosted an analyst event where it elaborated on the interlinkage between network services and network infrastructure. Of course, network services matter to businesses and telcos because they help technology managers to better manage infrastructure complexity and to modernize network infrastructure with the goal of making networks faster and more reliable. However, there are more fundamental implications:

  • Network services add value to products and open new business areas. Customers want features and services that are relevant to them in the immediate context of their needs and desires. As more products become connected, network services will play a critical role in developing and enhancing such features. Moreover, network services play a central role in driving augmented and virtual-reality solutions in outdoor conditions, such as those already used in manufacturing by Caterpillar or in construction by BAM Group.
Read more

Bosch And SAP Agree A Strategic Internet Of Things (IoT) Partnership To Facilitate Data Orchestration

Dan Bieler

I recently attended an event at which Bosch and SAP announced a major partnership to more closely align their respective cloud and software expertise around the industrial internet of things. This partnership underlines the fact that SAP and Bosch are prepared to significantly transform their respective business models to generate new value for their customers. The SAP and Bosch partnership focuses on two main items:

  • SAP will add SAP Hana database to Bosch IoT Cloud. Bosch customers will be able to access SAP Hana in the Bosch IoT Cloud with the goal of processing large quantities of data in near-real time. This makes it easier for Bosch’s customers to run analytics of IoT sensor data in the SAP Hana environment.
  • Bosch will make its IoT microservices available to SAP on SAP Hana Cloud Platform. This move will facilitate the safe connection of different devices and components, including vehicles, manufacturing machinery, and smart tools, with open platforms. Customers will benefit from a broad range of emerging services to support their business processes.
Read more

Verizon’s Acquisition Of Fleetmatics Group Boosts IoT Momentum In The Telco Space

Dan Bieler

Verizon’s acquisition of Fleetmatics Group isn’t the first deal that involves a telco pushing into new internet-of-things (IoT) territory in the vehicle management space. In 2015, Orange acquired fleet management provider Ocean to strengthen its vehicle fleet management activities.

However, at $2.4 billion, the Fleetmatics deal is much bigger than most telcos have been willing to contemplate to date, underlining Verizon's commitment to the IoT space. But this deal won’t transform Verizon’s enterprise revenue composition overnight. While it will help improve Verizon's position in terms of IoT revenues, Fleetmatics had revenues of $285 million in 2015 – compared to Verizon’s $132 billion.

The price it is prepared to pay for Fleetmatics shows that Verizon expects to see impressive long-term benefits from the deal. Forrester expects that Verizon will ultimately extend Fleetmatics’ business model beyond global fleet and mobile workforce management solutions to more general tracking and tracing solutions for nonpowered objects like skips, agricultural equipment, machinery, and other connected assets.

Verizon has its work cut out: The acquisition is the easy part. But successful integration will be much harder, as this deal is about supporting customers with their business processes rather than just selling them new products.

Big Data Vendors See The Internet Of Things (IoT) Opportunity, Pivot Tech And Message To Compete

Paul Miller

Picture of a stream flowing over boulders.

(Source: http://www.publicdomainpictures.net/pictures/90000/velka/waterfall-stream-over-boulders.jpg)

Open source big data technologies like Hadoop have done much to begin the transformation of analytics. We're moving from expensive and specialist analytics teams towards an environment in which processes, workflows, and decision-making throughout an organisation can - in theory at least - become usefully data-driven. Established providers of analytics, BI and data warehouse technologies liberally sprinkle Hadoop, Spark and other cool project names throughout their products, delivering real advantages and real cost-savings, as well as grabbing some of the Hadoop glow for themselves. Startups, often closely associated with shepherding one of the newer open source projects, also compete for mindshare and custom.

And the opportunity is big. Hortonworks, for example, has described the global big data market as a $50 billion opportunity. But that pales into insignificance next to what Hortonworks (again) describes as a $1.7 trillion opportunity. Other companies and analysts have their own numbers, which do differ, but the step-change is clear and significant. Hadoop, and the vendors gravitating to that community, mostly address 'data at rest'; data that has already been collected from some process or interaction or query. The bigger opportunity relates to 'data in motion,' and to the internet of things that will be responsible for generating so much of this.

Read more

Mobile Edge Computing Will Be Critical For Internet-Of-Things And Distributed Computing

Dan Bieler

Computing at the edge of the mobile network will frame your IoT-enabled customer experiences in the age of the customer. As products and services based on the internet of things (IoT) continue to thrive, so does the reliance on the underlying network infrastructures to drive business success. Most IoT assets will be connected via mobile infrastructure, and cloud services are central to many IoT initiatives to deliver real-time and context-based services.

However, data transmission costs and the latency limitations of mobile connectivity pose challenges to many of these IoT installations that rely on cloud computing. Mobile edge computing (MEC) is an important technology that enables businesses to deliver real-time and context-based mobile moments to users of IoT solutions, while managing the cost base for mobile infrastructure.

  • Cloud and IoT solutions are increasingly intertwined and improve IoT experiences. IoT solutions gain functionality through cloud services, which in turn open access to third-party expertise and up-to-date information.
  • Mobile connectivity can create challenges for cloud-enabled IoT environments. Latency affects user experiences, so poor mobile connectivity can limit cloud computing deployments in the IoT context.
  • MEC provides real-time network and context information, including location. MEC gives application developers and business leaders access to cloud computing capabilities and a cloud service environment that’s closer to their actual users.
Read more

US Government: Huawei Should Be Your Digital Business Partner, Not Your Enemy

Charlie Dai

Huawei Technologies started out nearly 30 years ago as a small private company with 14 employees and 140,000 yuan in capital. By 2015, its total revenue exceeded $60 billion. Huawei is already a global company, but its globalization journey has been a difficult one since the very beginning. Despite its continuous business growth in other regions, Huawei has faced critical censorship in the US since Day One — and last week the US government put Huawei under the microscope yet again.

National security is important, but using “national security” as an excuse for allowing unfair competition will only harm customers. It’s time for the governments of both countries to trust each other more. I’ve recently published a report focusing on Huawei’s continuous progress toward becoming a key enabler of digital transformation in the telco and enterprise spaces. Some of the key takeaways:

  • Huawei has holistic strategies for digital transformation. Huawei’s broad vision of digital strategy — which focuses on cloud enablement and readiness, partner enablement, and open source co-creation — has helped the firm sustain strong business growth in the telco and enterprise markets. For example, its partnerships with T-Systems on the Open Telekom Cloud in Germany and with Telefónica on public cloud in the Americas have helped carriers in local markets give cloud users on-demand, all-online, self-service experiences.
Read more

Linux vs Unix Hot Patching – Have We Reached The Tipping Point?

Richard Fichera

The Background – Linux as a Fast Follower and the Need for Hot Patching

No doubt about it, Linux has made impressive strides in the last 15 years, gaining many features previously associated with high-end proprietary Unix as it made the transition from small system plaything to core enterprise processing resource and the engine of the extended web as we know it. Along the way it gained reliable and highly scalable schedulers, a multiplicity of efficient and scalable file systems, advanced RAS features, its own embedded virtualization and efficient thread support.

As Linux grew, so did supporting hardware, particularly the capabilities of the ubiquitous x86 CPU upon which the vast majority of Linux runs today. But the debate has always been about how close Linux could get to "the real OS", the core proprietary Unix variants that for two decades defined the limits of non-mainframe scalability and reliability. But "the times they are a changing", and the new narrative may be "when will Unix catch up to Linux on critical RAS features like hot patching".

Hot patching, the ability to apply updates to the OS kernel while it is running, is a long sought-after but elusive feature of a production OS. Long sought after because both developers and operations teams recognize that bringing down an OS instance that is doing critical high-volume work is at best disruptive and worst a logistical nightmare, and elusive because it is incredibly difficult. There have been several failed attempts, and several implementations that "almost worked" but were so fraught with exceptions that they were not really useful in production.[i]

Read more

Mobilize The Internet Of Things

Dan Bieler

Businesses can obtain major benefits — including better customer experiences and operational excellence — from the internet of things (IoT) by extracting insights from connected objects and delivering feature-rich connected products.

The mobile mind shift requires businesses to proactively support these IoT benefits for nonstationary connected objects that exist as part of IoT solutions. In particular, the IoT forces businesses to acquaint themselves with the implications of mobility in the IoT context for connectivity, security, compliance with privacy and other regulations, and data management for mobility. This means that:

  • Mobile technologies are central to most IoT solutions. To date, technology managers have mostly focused on enterprise mobility management (EMM) as part of their mobile activities. This narrow focus is insufficient for IoT solutions.
  • Mobile IoT is not a technology revolution but a fundamental business process transformation. Mobility requires managers not only to deploy mobile technologies but also to exploit them to support specific business process requirements.
  • Mobile technologies set the framework for IoT solutions. Mobile has distinct implications for aspects like broadband availability, data management, security, and local data compliance. Ignoring these will undermine your IoT initiatives and return on investment.

My new report, Mobilize The Internet Of Things, provides advice and insights for businesses on addressing these mobile challenges in the context of planning for and implementing IoT solutions.

Innovation Took Center Stage at Microsoft’s Analyst Summit Asia 2016

Travis Wu

This year’s Microsoft Analyst Summit took place at the St. Regis hotel in Singapore, a prestigious place that hosted more than 90 analysts from the entire region. The Forrester team was impressed by Microsoft’s strategies in cloud, digital transformation and partnerships, and in particular, the main takeaway for us throughout the 2-day event was Microsoft’s innovation capabilities and ambition, especially in the APAC region.

  • HoloLens puts the spotlight on Mixed Reality.  Unlike Augmented Reality, which is lightweight but has limited views and functionality, or Virtual Reality, which is very powerful but comes with bulkiness and dependence on a PC, Mixed Reality blends holograms with the real world to marry agility and powerfulness. HoloLens brings this concept to life, it is light enough for users to move around safely, and it is very powerful because it is a self-contained computer that doesn’t require tethering to another PC. There is even an emulator that allows developers to develop holographic apps for HoleLens without a device. HoloLens could drastically change the way people work, live or even think, we are all very eager to see if the first wave of HoleLens products will successfully establish an ecosystem that can sustain mass market deployments and future growth.
Read more