Insight Tech

Christina Cardoza: Hello and welcome to the IoT Chat, where we explore the latest development in the Internet of Things. I’m your host, Christina Cardoza, Associate Editorial Director of insight.tech. And today we’re going to be looking at our crystal balls, and talking about IoT and technology trends we can expect over the next year and beyond with Martin Garner and Bola Rotibi from CCS Insight. But before we jump into this conversation, I want to get to know our guests a little bit more. Martin, I’ll start with you. Welcome back to the show. But for anybody who hasn’t listened to our past podcasts or webinars, please tell us more about yourself and the predictions we’re going to be talking about today.

Martin Garner: Sure. Thank you, Christina. So, I’m Martin Garner. I work at CCS Insight, and I do two things. One is I lead the work we do in IoT. And I focus mostly on the industrial and enterprise sides of that. The other is that I’m COO of CCS Insight.

Christina Cardoza: Great. And, Bola, nice to meet you, and welcome to the show. Also from CCS Insight, tell us more about yourself and what you do there.

Bola Rotibi: Hi, Christina. I’m the Chief of Enterprise Research at CCS Insight. I always say my center of gravity is software development and delivery, which is a good thing. But I oversee the analysts who cover workplace transformation, and also cloud and infrastructure.

Christina Cardoza: Great. Well, excited to dig a little bit more into those topics. Martin, I’ll start with you, since we had this conversation about a year ago, really surrounding the trends that CCS insight is seeing throughout the year. And I want to talk about your technology predictions, because I know this is an annual thing that the firm does. And I want to get to know a little bit more about what’s driving the ideas or themes for 2023.

Martin Garner: Sure, of course. And, like many analyst firms, we do predictions, and we do an event actually around them, which we hold each year. I think we’ve now done it 16 years running. So we’ve had a bit of practice. And we try in our work always to take a joined-up view across technology domains, and that’s because we really believe they’re not islands. You need to think about them together rather than separately. And our predictions are one way we do this. It’s a really big piece of work. We typically start in April and then have the event in October.

Now, for this podcast and report we pulled out all of the predictions that are in some way relevant for IoT, and that’s quite a broad set. So we found, I think, 57 of the 100 or so were relevant, and they encompassed lots of fields and lots of technologies. And that’s because IoT is a stack from the low-level sensors up through connectivity, edge software, cloud computing, and artificial intelligence. But it also affects many different types of people, from management, operations, engineers, developers, users, consumers, regulators, financiers—really quite a long list of people. Also, both consumer and industrial sides are relevant. So that’s how we put it all together. The report is available as a download from insight.tech off the back of this podcast.

Now, for this year, for 2023 and beyond, what we were hoping for after COVID was a period of stability so that we could all recover socially, economically, etc., from the pandemic. That didn’t happen. Instead, we got the war in Ukraine, we got political instability in lots of places. We had the energy price and supply shorts. We had rising inflation. It’s been a turbulent year. And so, for our predictions normally we try to take a big, long-term view of where everything’s going. Some of that is in our predictions this time round: developments in 6G, AI, and so on.

But actually to focus more what is on the shorter term, coping with the current economic conditions, just looking briefly at IoT there—so, IoT got a big boost during the pandemic, because really it was part of how we coped with COVID. That has kept going, in fact, at an accelerated rate. It’s because people want more resilience, and are still finishing off some of the projects they started. So we think that IoT should still face good market conditions because you can get economic gains, and so on—lots of savings you can make. But we know that a lot of customers may be kind of worried about their CapEx, and so on. So IoT, we think, should be all right, with a few caveats. But I know Bola has a rather wider view across enterprise tech.

Bola Rotibi: Yes. Well, I actually think, despite the uncertainty for everyone, I think there’s a moment of opportunity. And I think when there’s opportunity, there’s gain. And one of the things that we did look into—and in fact was one of our predictions, one of our top predictions—was, are people still going to invest? And one of the things we thought was that, postpandemic, there will be a re-collaboration of enterprise strategies. But, however, this will drive something like 15% growth in IT investment in 2023 and 2024.

So I think, despite all the uncertainty, and maybe people thinking about, “Oh, there’s going to be a cap on things,” I think actually what will happen and what will shift people to think is to be a bit more nuanced in their spend and targeted in their spend. And I think as we go forward IoT will play a very big part in that—as people look to efficiency savings, connectivity, how they expect people who are working from home, hybrid environments, and all of these great things. I could mention loads of things. But I think we’re going to talk about this throughout the whole podcast conversation. So let’s get onto the next things. So, it’s a good sign.

Christina Cardoza: Yeah, absolutely. And excited to learn more all about that. I want to go back to something Martin said. I love this idea of looking at the short-term benefits rather than all the long terms. Because if these past couple of years have taught us anything, it’s you can’t necessarily predict or plan for everything. But I know last year, when we did talk, we had a lot of conversations about the evolving role of cloud providers, 5G use cases, hybrid work environments—like Bola just mentioned. And then there was this big focus on intelligence with the Internet of Things. And I’m wondering how you saw those predictions play out over the last year, especially with all of these new events that we weren’t expecting. And do you think any of those are going to still continue throughout 2023?

Martin Garner: Yeah, sure. And we do try to look back and see how our predictions—how did they do. And I think, in those areas, they basically did play out as we thought. So we knew from the pandemic that the cloud providers had become indispensable. And they’ve always done a lot with IoT, and they did even more over the last year or so. They’ve also become very involved in the telecom sector with 5G. But it’s not them on their own. IoT, as we all know, is a team sport. And so the cloud providers need help with system development, application development, supply and support and systems integration—all those good things. And now, although various parts of the cloud providers are under stress and they’re in some cases letting people go, actually we think the IoT area seems to be continuing to go okay for them. Not just for them, for others too. And part of that is 5G.

And, as you say, we talked about the use cases; we have seen these grow. I think in the industrial world, in particular, private 5G networks have become real; and they’re one of the hot areas at the moment. I think we’re going to talk a bit more about those. And the intelligence side is also very interesting. So there is much more worry about the intelligence—how we use machine learning, and so on, in a prepackaged way—just how we make it easier to use for people in the IoT world.

But, also, I think there’s a bit less focus on IoT for the sake of IoT. And it’s because the only point of IoT is to give you the data. And, really, the value is in what you do with the data; that is digital transformation. So we sense that the term “IoT” is starting to fade a bit. And we’ve seen Google and IBM close down their IoT platforms just recently. Intel^® has absorbed its IoT group into the Networks and Edge Group. We don’t expect IoT to disappear as a term, but we think it’s just sort of fading. And people are worrying more about what you do with all the intelligence side.

Christina Cardoza: Yeah, I love that. And I could certainly see how the term “IoT” may be moving to a different meaning. We have all of these terms in the industry, “digital transformation,” that we use over and over again. And we lose, really, what’s behind that, and focus too much on the industry terms around that.

But one thing I did find really interesting from the report—and I think maybe this has to do with why you’re looking more towards short-term benefits rather than the long-term benefits—is that organizations are still struggling to realize the full benefits of these IoT, big, digital transformations. And so I’m curious—because we’ve been talking about this for a long time—what the struggle is there, why they continue to struggle. And how, with this new focus on short-term goals, it’ll be easier in 2023. Martin, I’ll start with you.

Martin Garner: Yeah, sure. So, I think sometimes the benefits of digital transformation can be hard to measure. Actually, they’re often quite easy to measure. And a lot of IoT projects—you can see where we’re saving X percent of materials by monitoring this machine. So that is really good. And what we’ve found in the research over the last year or two, in fact, is that as you increase the scope and the role of your IoT system those savings typically get bigger. If you’re monitoring one machine, that’s good; you can get significant—. If you’re doing a whole factory, that’s just better; if you’re doing a whole supply chain, it’s even better. And, similarly, if you’re just monitoring it, that’s good. But if you are also controlling and optimizing these things, it’s even better.

So, one of the things we find is that if you’ve started on this, people should take the time and investment to keep going and realize these further benefits. Because, normally, there are more benefits available if you just keep going. Now, against that, I think a lot of digital transformation is all about changing work practices and processes—things that people are involved in. I think that’s perhaps where it gets a bit harder. And, Bola, I wonder if you want to pick up on that.

Bola Rotibi: Yes, actually. Because I think the challenge with digital transformation, as we hear about it—I mean, I think everyone’s bought into its possibilities and what it can deliver. I think if we actually have to think about it, it’s then how we go about that. What does it really mean when we actually think about the organizations? And what do we need to do?

And I think one of the things that comes out of this is that when we start thinking about reimagining—because actually the whole point about digital transformation is greater sense of connectivity, digitization, all of these important things, and personalization, and, in fact, actually, as we think about those we start to think about, “Well, what’s that mean for our existing processes? Do we reimagine new processes?” Which is what it’s all about. How do we use connected products?

And connectivity is a big feature inside of digital transformation. So, we start to think about how do we—like Martin talked about efficiency savings—what does that actually mean? How can we connect things so that we can start to see how we can measure those efficiency savers? How more people—whether they’re clients, customers, or employees—are part of the process. And they’re actually interactive, real time, all of these capabilities. So I think that’s one of the things about digital transformation—we’re looking about, how does this mean to the organization, and how do we execute it? And I think that’s one of the things that we are seeing as sometimes the challenge: it’s not the promise; it’s actually execution. And I think that’s really key.

Christina Cardoza: Yeah, I love that. And you mentioned a couple of things in passing earlier in the conversation—when we were talking about the opportunities and gains, and what enterprises should be looking at—so, I’m curious if you can expand a little bit more on what really are the trends or technologies that enterprises should focus on in 2023 and beyond.

Bola Rotibi: Well, I mean, I can expand upon that. Because one of the things that I did talk about was the hybrid. We’ve come out the pandemic, so people are now going back into the office; people are out onsite. But, at the same time, people are still also wanting to work remotely. And what we’ve learned as recourse is that that is possible.

So, one of the things that we were really big on in our predictions is what kind of things are going to really come out of this? What needs to come out of this? And I think one of the things that we’re going to start seeing is a lot more remote support operations—allowing people to feel that they can work remotely or they can work in the office, but the experience is similar. Because that is really key. And that means both the connectivity experience—whether they’re at home or in the office—as well as the fact that if they’re working with their colleagues that they are actually collaborating in a way as if they were actually in the office.

So one of the things, one of our—one big side of it, we thought by 2024 enterprise-collaboration tools add immersive spaces to help replicate the in-office experience. And I think that’s going to be quite a big thing actually. Because there’s nothing more like being stuck at home and not feeling that you’re part of the group while your colleagues are in the office talking. So I think that’s one of the things.

And we start to see headsets also change to bring that immersive experience. In fact, one of the announcements of—a lot of the HoloLenses, or the ones from Meta and their Quest Pro, is actually connecting with a lot of the collaboration tools and the video-streaming tools so that we can actually have that more immersive experience.

The other thing, I would say, is that people recognize that employee experience is really important. And it’s actually really equally as important to driving customer experience. And I think that’s one of the things that we will see a lot more of, is the connectivity between employee experience and customer experience. And that’s one of our predictions for next year, which is demand for software that measures and tracks the link between employee experience and customer experience. We’ll start to see more of that. And I think that will also have a connectivity story and an IoT capability, because they drive both in many respects. So that’s one of the things.

And, from a development point of view, I think one of the things that is really key is that we’ve actually tried to bring people together—whether we talk about operational to OT guys and IT guys. And it’s the same within the development environment. So, whether it’s developing applications, operating applications, connecting to applications.

Martin talked about edge. That’s really important. So, we’re starting to see—we talked about DevOps, bringing in of development and operations, but even that has its challenges. Because sometimes, are we communicating in the same way? Same with IoT, OT—are we communicating? So we see—one of my predictions I said was the role of software delivery orchestration rises in prominence by 2024. And we’ll start to see specific roles. Now, they may already exist, but their functionality will be as mediators, moderators, to be able to help the communication between those building applications and those operating or implementing them. So I think that’s actually going to be really important.

And then I think those roles which will have to take on new technologies or old technologies, like connectivity, and have a much better knowledge so that they can help everybody build the application together.

Martin Garner: I was just going to add one very specific trend to watch out for on the IoT side, which is it’s very easy to think about IoT as just worrying about the things. And I think more and more we’re going to see things happen where the IoT system needs properly to integrate with the way that people behave in the workplace and in society.

And we have one prediction which highlighted that, which is that an external system to communicate autonomous vehicles’ intentions undergoes road testing by 2026. And this is all about the fact that there’s a real diversity of road users, not just autonomous vehicles. And there are lots of subtle signals between them about how they give way, how they acknowledge each other’s presence, and so on. And autonomous vehicles just don’t have those at the moment. There are some early tests: I think Nissan, Volvo, and Mercedes are all having a go at some of these things. But we can already see that it shouldn’t be proprietary to a manufacturer, because society needs it. It’s more about national road use. But it’s a start. And I think that sort of integration of IoT with people and the way they do things, that’s going to be a trend to watch.

Christina Cardoza: Yeah, I agree. And I think a lot of people will be happy to hear this idea of the hybrid work environment is here to stay, but I can definitely see how working from home you sort of feel like you’re on your own island, or your own silos. So I think, like Bola said, software is going to be particularly important to bridging that gap, and also the connectivity piece about that.

Martin, we’ve had lots of conversations over the last year about connectivity—5G being the big network technology out there. And I invite our listeners to also listen to a webinar me and Martin did about 5G in industrial factories. And a lot of the conversation we’ve had is that it’s still early stages—that 5G in certain industries—throughout the whole last year. And so I’m wondering, you talked about it a little bit before, but where do you think 5G adoption still has to go in 2023? And people are already talking about 6G. So, how will these two merge together? Or what do we need to be thinking about in the next year?

Martin Garner: Well, thank you, Christina. And I won’t recap the whole of our previous webcast. But I would just say, “6G, whoa, hang on a minute. It doesn’t quite exist yet.” If you’re thinking about this and you’re thinking about 4G or 5G, don’t wait for 6G, because that’s some years away, really. But one thing we have seen since we did that webinar is that 5G is one of the main, strong interest areas in connectivity, especially private 5G networks. And the reason is that 5G is the first G that’s been designed with industrial usage in mind. And we are seeing that come through: recent software releases are bringing low latency, location, and system. All the things that make it now an industrial system are coming through and being realized.

We have a slightly unique view on that. As it happens, just over a year ago we became the research partner for the Global Mobile Suppliers Association, which is all the equipment suppliers: Ericsson, Nokia, Mavenir, Celona—the equipment and software who serve the private networks market. And so they report their data into us. And we have probably the best data in the world on private-network adoption and where it’s being used. And so we track it very carefully, and we’re just releasing a big report on that. So we have a couple of predictions in this area, if I may.

So, one is that by 2025—so just 2 and a half years away or so—private 5G network systems will be repositioned as a platform. And the reason for this is that you can use 5G for various different things: tracking worker safety, autonomous robots, workflow—lots of different use cases. But 5G is a complicated network, and not many people have got all the skills needed to set it up and do that. Also, if the narrative is shifting from connectivity to the intelligence, users don’t want to spend their time setting the network up; they just want to get on with it.

So we expect to see private-network app stores, so that you can download packaged applications, connectivity options, preconfigured connectors to IoT platforms—all these various things—so that you can just set it up much more easily and quickly, and get on with what you need to do. Also, it’s not only about 5G; there are other dynamics moving.

And one more prediction, if we have time, is that major telecom operators will spin off successful IoT businesses to create shareholder value and further the growth in IoT. Now, we have seen Deutsche Telekom has done it; Vodafone is looking into it. And we think others are going to follow. And the reason is that it brings independence from the parent company—more freedom.

And I said earlier that the focus should be on using the data, not on the connectivity. So why shouldn’t they use whatever connectivity fits best? Not just whatever their parent owns, if it’s 4G or 5G. You’ve seen recently, I think Semtech just acquired Sierra Wireless—that’s the LoRa and the cellular worlds coming together for the first time ever. And so we’re expecting lots more spinoffs of IoT companies from telecom operators. So there’s some quite exciting dynamics going on at the moment.

Christina Cardoza: I’m excited to see where else 5G is going to go in the next year. And it’s good to hear all the progress that they’ve been making. And then, also, we don’t have to worry about 6G yet. I think sometimes when you hear a new term or a new technology coming out, you want to jump on that right away. But these conversations are still early, and the focus is still on 5G.

But one thing that I’m wondering that if it will come about in 2023 is this idea of the metaverse. We’ve been talking about this a little bit more. And especially, Bola, when you mentioned HoloLens and using this type of technology in the workplace—is that all going to be part of this new idea of the metaverse?

Bola Rotibi: The metaverse. Well, it’s a very nice word anyway. Well, to be honest with you, look, I think the metaverse is going to create a lot of opportunities. I think we are in its infancy at this moment in time. So I think a lot of our predictions around the metaverse are certainly towards the end of the decade. But what I do think it is—and there’s still a lot of looking at what’s possible: the definition, we’ve got different companies—Meta is putting a lot of investment in this. And I think where it will end up might be different to where we are actually looking at it at this moment in time.

But what I do think: there is a relationship between the metaverse and digital twins. And I think that’s actually quite important. Because I think what the metaverse—if we think of digital twins as conflating, or converging, actually I would say—is this environment where you can actually have a digitized representation. And I think this is one of the things—and if we go back to the digital transformation, what is it what we’re really seeing here? Apart from modernization, we’re having modern infrastructure. But it’s the digitization of all data assets, all of this, in order to give a representation.

And, in fact, one of the things that we have in our predictions, which I think is quite exciting, so it does actually open up, is that we think by 2028 there would be a blockchain of view which lets developers build viable digital twins of people to support personalized services. Now that’s quite exciting. Because there we’ve talked about three different technologies: blockchain, digital twins, metaverse. But it’s the opportunity that we think about. And this is what I was starting to think, is that once we start digitizing everything it’s the capabilities of what does that mean? It means that people could actually have a representation of their health data, of the way that they—their personal likes, dislikes. And that blockchain bits mean that they have a certain level of ownership: it can’t be changed. And then they can actually start trading that with other organizations who may want to actually use that information in order to do testing against drugs or liabilities or things. The possibilities are endless.

But I think the reality is that we do see that convergence happening. Now, what that looks like by the end of the decade I think is still out there. But I think we have a pathway between the metaverse and digital twins to have that digital representation. Not just of products of physical things, but actually of people. And then that’s really when we start to get, as they say, cooking with gas. It’s going to be exciting. Innovation.

Christina Cardoza: Absolutely. And, of course, digital twins is another conversation me and Martin had on the IoT Chat. So I just invite listeners who want to learn more about that, especially in an industrial setting, to go check out that podcast.

But what I’m thinking is a lot of these things—digital twins, hybrid work environments, digitizing things—these aren’t necessarily new concepts. But I think what is new and what’s driving this more and advancing this more is the rise of some of these other technologies like machine learning, deep learning, artificial intelligence. And I know, Bola, you mentioned some of these earlier in the conversations. But, Martin, I’m wondering if you can talk more about how organizations and industries continue to adopt these intelligent features. And, especially in the beginning of the conversation, we talked about how the focus is more on intelligence than data. So how is AI and machine learning, for instance, going to continue to play a role throughout the next year?

Martin Garner: Well that’s right. And, Christina, and especially I think in IoT. As soon as you start on IoT you generate so much data that the only way to make really good sense and get the maximum out of it is to use machine learning. And I think the direction and the main use cases of that are now fairly clear. I think the main strands of development we expect over the coming few years are, first of all, the tools are becoming much more user friendly. We need to abstract away all of the coding that you have to do—the complex. There are so many different machine learning frameworks. It’s a really hard space to navigate. And also, the hardware differences. Intel with OpenVINO^™ and things have done quite a good job of making that easier.

There’s also, I think, prepackaging, so that you can buy systems that have it just built in. And you open the box and it’s ready there, working. And it’s a bit like Intel’s Market Ready Solutions; it’s the same concept applied to machine learning. We’re seeing more and more good examples of that.

And the other bit that needs an awful lot of attention, and we’re just, I think, starting on this is the data. So, the research we do with end users, they tell us this is just the hardest bit. And I think, historically, there hasn’t been a strong imperative to try to harmonize all the data so that it’s easy to use. And we’ve heard stories of manufacturers having different generations of sensors that just are all different in the way they present data. When you say it now, it makes no sense. But I think 20 years ago, maybe it did. Anyway, lots of focus on semantics, on data harmonization—both within a supplier, because they need it for their own internal analytics, but also across suppliers for digital twins, supply chains, all sorts of various areas that we are now getting into. But an awful lot of effort to get that right. Those are the main trends: tools, pre-packaging, and data, I think, that we expect to see. But that’s very much from an IoT point of view. And I know Bola has lots of other thoughts around how it looks from developers and various people.

Bola Rotibi: Yes, developers. Well, AI and ML actually. I mean, I think it’s going to really—we’re starting to see it actually have everyday viability. So, whereas before it was very much the big things, like the big calculations, the big modeling to do amazing things—whether that’s looking at imaging in cancer and all this kind of stuff—I think now what we’re actually now starting to see is accessible AI, accessible ML. And actually it means that developers are now—the tools are there, the tools have gone a long way.

And, in fact, you can have tools at multiple levels. You have tools still for the data scientists—those who understand the modeling concepts and things like that. But now we’ve come a level up. We’ve caught abstraction. And now people have incorporating low-code/no-code capabilities. So that, actually, we’re getting a much broader range of developers. And, actually, it’s not just professional developers, but those who have got domain experience, who want to have a level of programmability to their applications. And they’re being brought into the fold.

And I think that’s actually really important. Because now we’re starting to see what AI and ML actually mean to everyday tasks. But also, what’s also important is that we’re starting to see small data sets. So, people are actually using their domain experience to make these small changes, correct changes, so that it isn’t requiring vast compute resources to come up with, “Oh, is this going to do everything?” I think it’s actually, and I say—I can’t stress the word “accessible” enough, because I think that is what is making it much more of a broader cohort of people who can engage.

So I think one of the things that Martin rightly said is development is really expanding. So, it’s not just the professional developers. It’s actually bringing in a broader church of people capable of building those AI and ML applications, and they’re more task oriented. And I think that is really key, because that’s actually going to really spearhead adoption. And then we start seeing opportunities for connected solutions being part of that capability—from adding intelligence to delivering personalization, efficiency saving—the whole caboodle. So it’s amazing in terms of what is possible. But I think that’s certainly going to happen over the next—we’ve got an exciting next few years for AI and ML.

Martin Garner: It’s very clear, isn’t it, that more and more of the kind of people who need to use it are not data scientists. But they are engineers or operations specialists or process managers or all sorts of people who run things in companies. They need to use it, and it has to be easy for them.

Bola Rotibi: Yeah, it has to be understandable—“explainable,” as we say.

Christina Cardoza: Yeah, I love all of those ideas. There’s accessible AI—because we’ve seen how important the technology is across all industries, automating all sorts of different tasks and making lives easier. And so by broadening that adoption we’re going to get more opportunities, more benefits, more innovative solutions that developers themselves may not have thought about. But when you bring domain user or business user in there, you really start solving some of these real-world challenges. And I think it’s going to be very exciting to see over the next couple of years.

Unfortunately, we are running out of time. I know we’ve covered a lot so far. IoT and technology—they just span across everything, and they’re just such big topics. Of course, for our listeners who want to dig a little deeper into these topics and learn more, I invite you to look at the CCS white paper on insight.tech. And that’ll have even more predictions and opportunities for the next coming years. But before we go, Bola and Martin, I just want to throw it back to you guys one last time for any final key thoughts or takeaways you want to leave our listeners with today. So, Martin, I’ll start with you.

Martin Garner: Yeah, so, I do have one. We haven’t talked a whole lot about cybersecurity. And it is still the single biggest concern of people implementing IoT. And what I find interesting is that as systems are now scaling up to supply chain level, the idea that your whole supply chain might be hacked is honestly terrifying. It’s becoming even more important.

One interesting outcome, I think, of the war in Ukraine has been that there’s been a very large collective response around the world to cybersecurity issues—helping Ukraine not to be hacked to bits. Now, I think that’s really interesting. And there’s a question about how can we as industries maximize the benefit that we get from that collective response. I don’t know just the answer yet, but we’re going to have a think about that. And I think that’s maybe a prediction for next year.

Bola Rotibi: Well, I was going to add, Martin, we do have a prediction that we did quote, which was, by 2027 at least three governments mandate cybersecurity standards for businesses deemed of strategic economic importers. So I think that talks to a lot of the focus around cybersecurity. And, as Martin rightly pointed out, is that it is becoming much more of a broader topic, which will actually bring in a lot more people—whether it’s at an international level, whether it’s at a national level, or whether it’s organizational.

One of the things I would say, because we didn’t have a quick time to talk about it, is sustainability, which is another big feature for what, I think, is 2023. And I think IoT will play a big part in that. Because it will allow edge solutions to be part of the sustainability story; it’ll bring together AI and ML capabilities. And so it actually raises an incredible environment for developers, the broader church of developers, opportunities for those who are delivering connected solutions.

Christina Cardoza: Yeah, that’s a great callout about the sustainability. We see that as a huge trend across all industries. And being more sustainable—not only with the energy and the environmental concerns that we give off, but also within our own operations, how to be more sustainable and more efficient. And so I think this conversation just scratched the surface of what the audience can find in that big report from CCS Insight. And there’s plenty more to dig into and to expect and to jump on for 2023 and beyond. So I just want to thank you both again for such an insightful conversation and joining the podcast today.

Martin Garner: Thank you, Christina. Thank you very much.

Bola Rotibi: Thank you very much, Christina. Thank you for inviting us.

Christina Cardoza: Yeah, of course. And thank you for our listeners for tuning in. If you liked this episode, please like, subscribe, rate, review, all of the above on your favorite streaming platform. Until next time, this has been the IoT Chat.

The preceding transcript is provided to ensure accessibility and is intended to accurately capture an informal conversation. The transcript may contain improper uses of trademarked terms and as such should not be used for any other purposes. For more information, please see the Intel^® trademark information.

This transcript was edited by Erin Noble, copy editor.

Christina Cardoza: Hello and welcome to the IoT Chat, where we explore the latest developments in the Internet of Things. I’m your host, Christina Cardoza, Associate Editorial Director of insight.tech, and today we’ll be talking about OT and IoT security with Louis Parks from Veridify and Mark Frost from Intel^®. But before we jump into our conversation, let’s get to know our guests a bit more. Mark, I’ll start with you. Please tell us more about yourself and what you do at Intel.

Mark Frost: Thank you, Christina. So, I work for Intel’s Programmable Solutions Group, which was previously Altera for those in the FPGA world. Prior to the role I’ve got now, I had a proper job as a design engineer for 15 or so years. And then the last five or so I’ve been doing some product-marketing roles, and my current role is to promote our security solutions into many markets around the world.

Christina Cardoza: Excited to dig more into the Intel Security Solutions, Mark, and for those of you who don’t know what FPGAs are yet, you’re going to find out. That’s going to relate into our OT and IoT security conversations. So we’ll get into that. But before we do, Louis, welcome to the podcast. Please tell us more about yourself and Veridify.

Louis Parks: So, I’m Louis Parks. I’m a Co-Founder of Veridify Security. Our focus is on securing very, very low-resource processors typically found at the edge of networks, IT, OT, IoT. And we’re an Intel partner and have worked for several years now in developing solutions for securing devices. And when we say security, our primary focus is on authentication and protecting data moving over these networks.

Christina Cardoza: Great. And you know, talking about your focus, I noticed that the company really has a lot of solutions based on operational technology. And today we’re talking about security and cybersecurity, and I feel like a lot of the conversations are around IT usually, so I’m curious to hear more about why Veridify focuses on OT. What brought you to this space, and what makes operational-technology security challenging or special?

Louis Parks: The short answer is OT, or operational-technology networks, have been around for decades, like IT networks. But typically these networks have been naturally air gapped, or disconnected from the outside world; they’re running buildings, industrial sites, etc. On the other side of the world, IT networks—which typically run our data, our sales systems, our HR, accounting, patient records, etc. —again, for decades have been around. But because of the value of the data perceived, always developed and done in a very secure fashion—firewalls, VPNs, malware detection. Very highly defined.

The problem is, or, should I say, the challenge that has come up is, that we all are looking to better utilize platforms, buildings, industrial PLCs, etc. So they’re now being connected to IT and OT networks for better visibility. I want to look at my building in Chicago from San Francisco or from New York. So what happens now is you’re connecting a very secure platform, your IT network, to a very insecure platform, your OT network. And that’s all a hacker really needs. You’re increasing the attack surface. So that is the challenge.

And the other challenge is—unlike IT, which is a very homogenous environment, and this is one of the issues in securing OT networks, so we have a Windows, a Linux, an Apple environment—in the building world, there are many different protocols that can be brought to bear—Modbus, PROFIBUS, BACnet, on it goes—by different vendors. So in a single building you could have multiple operating systems, no operating system, etc. And also working on 32-bit or smaller devices that have little or no room for security and yet are gateways into the system now.

So these are the challenges in why suddenly this has become an issue, and I will actually add and not stage, two and a half, or a little over two and a half years ago, the IoT division, one of the sister divisions to Mark’s group, came to us and said this was an issue and thought we had a platform—we’ll talk about it a little bit more later—that could solve this issue. And that’s how we got to OT networks.

Christina Cardoza: Yeah, absolutely. And hearing some of the challenges you just mentioned, I can see why there’s been an ongoing trend to converge the OT and IT worlds together. But before we get into more of those complexities, I want to take a step back a little bit. Mark, if you will, help us set the stage of the security landscape today. What are the trends and challenges you see on your side when it relates to OT network, cybersecurity, and security in general?

Mark Frost: I guess one of the nice things about working within Intel is we get a global view and we get to see customers and partners and what they’re working on, which is the really exciting thing about the job actually. You get to see all the cool stuff that people are working on. And it is clear that there’s been such a rapid expansion of connected devices. And, as Louis says, we’re seeing OT and IT networks’ boundaries are blurring, and I think many people have just not really considered the implications of this, the security implications—these older networks connected to these newer networks. “Oh, it seems to be working; it’s okay.” And many people are getting away with it, I think, absolutely.

But with the increase of connected devices I think the attack surface, as Louis says, just increases, and we’re seeing more and more and more of these cyberattacks going on today. So it’s something that people need to be paying attention to now.

Christina Cardoza: Absolutely. And there are so many different security, cybersecurity solutions out there, and Louis, like you’re mentioning, some of them are now connecting to the OT world, which isn’t as secure. Or some of them have been more focused in IT. So I’m wondering if you can expand a little bit about the current solutions available out there today. How do they need to evolve, or why do they fall short when it comes to OT?

Louis Parks: Sure. I want to start with a disclaimer that anything you’re doing to secure your network, OT or IT, is a good thing. So this is not meant to be either an evaluation or a ranking, but rather just the challenges, really, of how we are currently, or at least to date have approached OT security. And as I gave in my introduction the overview, IT security—pretty mature market space. So, guess what? A lot of the OT cybersecurity solutions we see come from the IT market space.

But what are the problems? So, first of all, at a very high level you could have really two different goals. In the IT space, the goal of your cybersecurity is to protect your data and keep the devices on the system, your devices. In the OT world it might be more to keep things functioning. Think of a hospital, think of a utility operating in an OT world, and it could be safety. So the goals could be different. And right there you begin to have this divergence of what the IT products that are entering the OT space do, versus maybe what the OT world needs.

So, the typical tools we see, first of all, are primarily network based. So, these are tools that have been developed for monitoring a network. Because in the IT world it’s pretty important that an IT director or CESO knows if you brought a device from home and plugged it into the network. Big no-no in a lot of operations. In the OT world they’re not really thinking about people bringing thermostats from home and plugging them in. However, you have other issues in the OT world in terms of protecting the data. And in the IT world the tools now being used typically, then, give you visibility—a good thing still. They give you monitoring.

And monitoring typically is looking for anomalies, and there’s a couple of different technologies brought to bear from the IT world. Again, I’m looking for data anomalies. That data packet doesn’t look right; we don’t recognize that IP address—there could be a variety of things. Some of these systems even now use AI and they learn, which is really great. The problem with that is, as you’ll see in some of the demonstrations, it could take 30, 60, 90 days to get to a suitable level of learning to actually protect. And, again, learning means you’re never fully covered.

Finally in the end, if you do learn of an attack—and this is just, again, the reality of the world that we operate in—in the IT world you have network people, IT people, sitting there ready to respond. In the OT world you may be calling a plant or building manager and saying, “Hey, on the 23rd floor we see unidentified data traffic on your HVAC system.” Not really actionable by them.

So, again, the tools that are suitable and now being used and providing monitoring, detection, and alerts I would keep, but it’s not protecting the data. Nobody would think of transmitting open text on an IT network—patient data, credit card data. And it’s not stopping attacks. And so that’s what we see as the tools that are there, and the issues of the cybersecurity to date.

Christina Cardoza: Yeah, those are some great concerns and issues you bring up. And I think when it comes to security, everybody knows that it’s important to secure your systems and your assets, but not everybody knows exactly how to, or what it all entails. And I want to go back to something Mark brought up in his introduction, which is this: the idea of FPGAs, which is, I think, an important aspect when it comes to all these devices being connected, and IoT and OT security.

So, Mark, I would love if you could explain a little bit more about what FPGAs are, and the role that it plays in addressing some of these issues and challenges that Louis has mentioned.

Mark Frost: Okay. Well, I’ll try. So, we’ve had FPGA technology around for, I don’t know, 30-plus years, and it stands for Field-Programmable Gate Array. So, it’s a bit of custom hardware that you can program and set up in certain ways. We see use cases often in very high-speed applications where people have got super high-speed data they want to process, or in applications where you need very low latency or some high determinism. Often a lot of industrial applications will have those particular requirements.

Also, FPGA is really good if you have custom IO. So, for example, you want to interface to, I don’t know, this MRI machine over here and this motor drive over there—you can’t buy something off the shelf to do that. You need some custom hardware to do that kind of interfacing application. And that’s where FPGAs really shine.

And we see them all across all the applications, but particularly in the industrial space. We see them in—Louis mentioned PLCs, motor drives, networking solutions, all the Modbus TCP—all that kind of stuff, will often have FPGAs supporting that. And we’ve tried to think about how the FPGA can be suitable in this application.

So, some of our solutions will have an industrial bent to them. We’ll think about things like functional-safety applications, and also things like longevity. OT networks are often installed for—designed and to install for—20 years. We’ve got some customers still buying devices 25 years later; they’ve been in production for 25 years with the same things, and they want to know that their product is safe and secure for that thing. And the nice thing about the FPGA is that you can update it in the field. So should some security hole be found, you can update that in the FPGA as well. So they’re really nice for industrial applications.

Louis Parks: That’s a great point, Mark, that you make, is the legacy devices and length of time in the field. We’re looking at public sector projects with Intel, to his point, that are out there for decades. On the IT side: patch, firmware updates—weekly events. In the OT world, in some cases nonexistent. So the ability to move the processing to the edge with an FPGA is huge, which is one of the reasons why we focus on them, the ability to update.

So we are doing what we call legacy protocols now, NST-approved protocols for protecting devices at the edge. But in the next few years we’re going to move those to what we call future proof protocols for an issue around quantum computers to make sure we continue to provide protection to these things that get protected, get installed, for decades. And that was a great point, Mark, and that’s one of the powers of an Intel FPGA, is we don’t have to guess at everything today and just hope we’re good for the next 10, 15 years. We can address it.

Mark Frost: Yeah, a hundred percent on the postquantum stuff. So, you know, things like the AES 256 looks to be postquantum okay, we think. But things like some of the public/private key signature schemes, like elliptic curves—we know that that needs updating for postquantum. And so devices we’re designing today have to think about that. Can they be patched or updated in 10 years’ time when we know where we are with the postquantum standards? So, yeah, totally important.

Christina Cardoza: So, given that some industries or organizations may be dealing with this legacy equipment and legacy technology, I’m just wondering what the security strategies or practices look to you guys out there for organizations, given that FPGAs are also are like, 30-plus-year technology. Are you finding that organizations really have a strong security strategy? Or is this something that we’re still trying to figure out? Mark, I’ll start with you on that one.

Mark Frost: Yeah, it’s kind of mixed. I think we have some people who I’ve seen have taken it, have gone to town, and they have really big security teams who look at this in great depth. And we have other customers who are really small teams of people. Maybe they just have one engineer who has got to do everything, and they just don’t have the time to really focus on security. It’s really hard for them.

So, how do we make it easier for those guys to start implementing some basic security features? And I looked at some—this is a bit UK specific—but I looked at some kind of UK government stats, and there was a cost of cybercrime in 2019 of something like £27 billion, or $27 billion, something like that, in that year. And it’s not so much the number, but it’s where you see the high points in the data. So the two high points in the data are IP theft, i.e., people’s designs being stolen—and we’ve actually seen some customers recently who turned up at a factory and seen their design implemented when they hadn’t sold that design to somebody. So somebody had cloned their complete machine with their FPGA design and everything inside it. So they were quite shocked. So, that is a growing threat.

And the other one is what we call espionage, I guess, where people have maliciously put something into the firmware to make it do something unintended, or tried to steal the firmware, or do something that’s going to upset the system in some way. So the security strategy is a big thing.

FPGA guys have tended to rely on this security-through-obscurity security concept in the past. FPGA is quite a niche product. We don’t need to worry too much about it. There’s no real published data out there about how, say, for example, the devices get configured properly—no one really knows about it. But actually there’s been a massive growth in FPGAs recently; it’s been exponential. And we’re finding the devices are now found everywhere. It’s no longer a niche kind of product, and guys using these FPGA devices now need to really start considering their security policies.

Louis Parks: That’s great. I would—so, as an Intel partner and FPGA user, I would take upon that and Mark’s answer, and just sort of extend it a bit further. So, when we look at our people looking to address it, they are. So, the first hurdle or issue we see is the two entities you’re typically dealing with—the, again, the building or plant manager who may be responsible for that system who does not have the security background for protecting data that the ITs have, the IT side may have, and the IT side may not see it as their purview to protect the HVAC system, for example. So you have issues there, but people are aware of this.

The problem is just starting and extending that sort of split in who you’re talking to and the different people you need to satisfy. Then you go to, well, how do you satisfy it? So you have standards for industrial and industrial controls that could be applied for security purposes, and then you have guidance from entities like NST. But how they get applied, and, again, the old joke: once you have more than one standard, you have no standard. So there is some work in the field to do this, but, again, it’s really left to these organizations to figure out what do they do, and how do they protect their systems and platforms? That becomes a challenge.

So, one of the things that we look to do in helping answer that and, again, network segmentation—which is a common response from these network tools—works in the IT world: I’ve got a bad data situation on a server here; I can isolate it till I go and either replace the server, or move the operations over. If it’s operating a portion of a hospital, I may not be able to isolate it the same way. So our focus has been to take things like an Intel FPGA and provide security at the edge and protect the devices. So that’s been the role that we’ve given.

So, we’re not replacing any of the security somebody may have already invested in, we’re not replacing any of these observational or monitoring-only solutions. But we are trying to give a proactive solution that doesn’t require the replacement of installed technology, where an Intel FPGA running our technology can be placed in front of a device as a gateway and act as a security gateway, providing all of the authentication and data encryption you’d expect on an IT network, but running it almost like a VPN over an OT network. So that takes away some of the hurdles in arriving at: so, we know we have a problem; what are we going to do? Because, again, there are many answers, none of them necessarily wrong, but there can be some paralysis as a result.

Christina Cardoza: Absolutely. And, given the industry and industrial standards that you mentioned are out there, Mark, I’m wondering how Intel FPGAs help support those industry recommendations or support IoT security efforts?

Mark Frost: I guess our main task here is as an enabler. So, you know, our devices are designed for many markets. We’re trying to be a jack-of-all-trades across all these different vertical markets. But we do consider industrial, particularly, as a very important marketplace. For us, it’s a very long-term stable market that we have a lot of customers in. So we try and think about basic device features that will support security, that then guys like Louis and the team can plug into.

So we rely really heavily on partners like Veridify, who do this stuff day in and day out, to offer the solution to the customer. If we can just build that foundational base, those guys then go and build upon that. But we have to do the right thing in the foundational base. We have to have the right hooks into the device. We have to be doing things like, for example, thinking about functional safety-data packages. We have to be thinking about specific silicon features, real-time processing, and all this kind of other stuff that the guys at Veridify can then build upon.

Christina Cardoza: Is there anything you wanted to add, Louis, to that?

Louis Parks: Sure. Only I was going to say that Intel, and in particular why we look to FPGAs for certain parts of our solution, is because there is a focus on security and securing firmware data—things running on the FPGA—where then we extend that by, how does that device interact with devices around it, which is our focus; the communication between devices, which in essence, creates what we often think of the IoT. But in any of these networks, it’s device-to-device communication. So we look for those critical foundational blocks, because, again, any corner where you don’t have protection the bad guys will find that corner of the neighborhood and enter. So it’s critical that we pick a solid platform to then implement industry standards for authenticating, securely updating, and sharing data across the network.

Christina Cardoza: Great. And talking about platforms, we’ve mentioned a couple of best practices—being more aware of the OT security side of things, connecting OT and IT together—as well as just things that you should keep top in mind in your security strategies. So I’m wondering, now, how can organizations actually be successful at this? What are the tools and the technologies out there that are helping address OT networks, especially ones connected to IT and IoT networks? Louis, if you want to start with that.

Louis Parks: Sure. So, being the level, even-handed response, there are a range of tools out there, again, for monitoring, from a variety of companies that will give you the ability to look at your network and see what’s happening. So, again, if you’re using those, they’re good. A network-level strategy will give you some capability.

Some of the protocols out there in the industrial world are trying to add, or do add security. I will comment that some of them are difficult to implement because they don’t see implementation or management of those things as being their priority. If they can put an encryption or authentication protocol in the device they in some cases perceive their job as done. And then when you go to the field and you have that integrator who knows how to put things on the wall, wire things up, and may even know about things like Wireshark to look at the network, are not people who can key, provision, handle data certificates, go to third parties—all the things that might be required to provision correctly a security solution.

Again, our focus is device level. What we’ve done with Intel is we’ve basically packaged cybersecurity in a box. So when you take one of our edge devices and plug it in, it auto-onboards. We’ve done a zero-touch process, recognizing that IT and cyber skills are at a limited availability, particularly in the field or at the edge. So, with Intel as a partner, that has been our focus. And I think there could be—and I say this knowing that we monitor the market pretty closely—there aren’t a lot, if any, other device level, but one should keep looking for them, not that they won’t appear. And there are things that you could do right now. Like, do you have a backup of your OT network? Nobody would ever think of not having an IT-network backup, but is your building system, is your plant-factory system, backed up? Do you have current network mappings of it?

So, there are some noncost things you can do today to just start thinking about. So, where are my risks? And even understanding, what would be the risk if somebody entered this part of my network? Is that critical or not? Can they get to a critical IT server, or could they stop a critical operation in my building or facility? So, an evaluation. There are some things in terms of the risk evaluation that don’t involve buying anything that people should think about doing now, if they haven’t already done it, to make themselves safer going forward.

Christina Cardoza: Absolutely. And you mentioned a couple of times how the company is an Intel partner, and how you’re working with Intel, using Intel FPGAs. I should mention that the IoT Chat and insight.tech as a whole are sponsored by Intel. But I’m curious—the value of that relationship and partnership. Why are you working with Intel on FPGAs and IoT security, and how you guys continue to work with each other to address some of these issues and challenges?

Louis Parks: Well for us—so, we have a lot of expertise. My partners are mathematician cryptographers—so, some of the world-leading people, which is all great. So we bring that, plus engineering, in our labs for how we apply it to physical devices. But there’s no substitution for the reach and the depth of the Intel team. Both, as I’ve mentioned already, from Mark’s group, the PSG Programmable Systems group; and the IoT group, who we work with. They not only bring us to opportunities and sectors, but more importantly expose us to the challenges, expose us to the issues that we then have to address.

Our product DOME, which I’ve been talking about indirectly—I’ll give it a name here—came into being because Intel came to us and said there is a challenge in how you manage devices at the edge of a network. And our design started with: well, not all these devices talk to the cloud. In the real world a lot of solutions always go, “Well, you power it up and it goes to the cloud.” A lot of devices deep in a building or an industrial network never talk to the cloud, but they still need to be secured and managed.

So, again, with the support of Intel in developing protocols, in developing solutions, and helping us bring it and pilot them in the market space—invaluable. So that when somebody then sees our solutions—and two of them are listed on what Intel calls RRKs, and these are RFP-ready kits—so these are solutions that are tested and done. So, a lot of the vetting that would not be available to the industrial or building manager still wanting security has, in essence, been done by Intel. So not only have they given us the resources and some of the direction, but they’ve then vetted the solution on behalf of the end customer. So, really, irreplaceable as a partner. Thank you, Mark.

Mark Frost: You’re welcome. And, you know, we rely totally on partners like Veridify to—our primary aim really is to—is to sell silicon. And we can’t do that without some kind of really cool solutions that appeal to the marketplace. That’s what drives the silicon sales; it’s the partner solutions. So we do what we can to try and help extend the reach of the Veridify guys into these global markets through our sales networks and our channel networks. But it’s the work of these guys and their solution—it’s the most exciting part, really.

Christina Cardoza: It’s great hearing how companies are getting together to solve real-world challenges. And I hope everybody listening to this podcast is thinking about their OT network security, and leaving this conversation going to make sure that they have everything secure.

It’s been a great conversation with both of you. Unfortunately we are running out of time, but before we go I just want to throw it back to each of you. Any final thoughts or key takeaways you want to leave our listeners with today? Louis, I’ll start with you.

Louis Parks: Sure. I think everybody should be thinking about security. Unfortunately, the world we live in today, the security threats are not only potential within your organization, within your city, town, state, but could be from outside the country, unfortunately, as we’ve all been learning. So everybody should be thinking about the role they play. I think that you should look for solutions and understand not only what they can do for you—and you do not need to be a cybersecurity expert to have it explained to you—but then understand your ability to use them and manage them, and what it will take. So you should see, arguably, a demonstration or something for your environment to make sure that they will actually deliver value. And no one solution is going to do it all. So even when you’re successful, please keep working, keep looking; this is an ongoing process.

Mark Frost: Yeah. And to follow up on that, really, don’t ignore security stuff. Many of the most high-profile security breaches we’ve seen over the past are quite innocuous at the start, and still many people are thinking, “Oh it doesn’t—it’s not going to happen to me.” But, you know, these things could happen. So do think about it.

Our new devices, particularly our new family of FPGAs, have got some really cool security features in them. And if you can just start thinking about things like, as simple as authenticating and encrypting the configuration data for your FPGA—those two are very simple things to do, but it makes a huge difference on the security of your implementation with FPGA. So go take a look at our website, look at Intel FPGA security. There’s a load of cool new stuff going up on there, and we’re here to help.

Christina Cardoza: Well, with that, I just want to thank you both again for joining the podcast, and for the insightful conversation. And thanks to our listeners for tuning in. If you liked this episode, please like, subscribe, rate, review, all of the above, on your favorite streaming platform. Until next time, this has been the IoT Chat.

This transcript was edited by Erin Noble, copy editor.

The preceding transcript is provided to ensure accessibility and is intended to accurately capture an informal conversation. The transcript may contain improper uses of trademarked terms and as such should not be used for any other purposes. For more information, please see the Intel^® trademark information.