Simplicity, the next big thing?

Complex processRecently, Dynatrace conducted a survey of CIOs on their top challenges. Of the top six, almost all deal with concerns about complexity. There is no doubt there are numerous technologies being injected in almost every industry from a range of vendors. Integration of this multivendor cacophony is ripe with security risks and misunderstanding – whether it is your network or IoT vendor environment.

Humans have a limited capacity to handle complexity before they throw up their hands and just let whatever happens wash over them. That fact is one of the reasons AI is being viewed as the savior for the future. Back in 2008, I wrote a blog post for HP that mentioned:

“the advent of AI could allow us to push aside a lot of the tasks that we sometimes don’t have the patience for, tasks that are too rigorous or too arduous.”

IT organizations needs to shift their focus back to making the business environment understandable, not just injecting more automation or data collection. Businesses need to take latency out of decision making and increase the level of understanding and confidence. A whole new kind of macro-level (enterprise) human interface design is required. Unfortunately, this market is likely a bit too nebulous to be targeted effectively today other than through vague terms like analytics…  But based on the survey results, large scale understanding (and then demand) appears to be dawning on leadership.

The ROI for efforts to simplify and encourage action, should be higher than just adding a new tool to the portfolio ablaze in most organizations. We’ll see where the monies go though, since that ROI is likely to be difficult to prove when compared to the other shiny balls available.


Adding more complex triggers with IFTTT to control your home IoT

IoT HomeI have been using IFTTT for quite a while with my various IoT devices, doing simple things like turning on lights when my garage door opens or when there is motion near my home. One of the great things about IFTTT is its simplicity. If ‘this’ triggering event happens, do ‘that’. This simplicity is also one of the frustrating limitations of doing more complex tasks.

If I want to only turn on the porch lights when it is dark out, but keep them off when it is light, there is no way to do that natively within the system. They have thought about expansion capabilities through the ability to send and receive information from websites that can provide stateful information – IFTTT supports both trigger and response through a capability called webhooks. There are some free services to support this capability that you can experiment, if you don’t want to bring up your own website.

The one I looked at is: and there is a good explanation of it on Medium. It is still in beta though.

Apilio has three building blocks:

  • Variables – to contain state information
  • Conditions – to evaluate variables
  • Logicblocks – to determine the actions from a Boolean analysis of the conditions

As an example, I decided to use Apilio with IFFF to turn my lights on when there was motion in front of my house but only when it is dark out. To accomplish this, I had to perform the following steps:

  1. Configure your IFTTT webhook connection on your webhooks settings/documentation page in IFTTT and enter that key into your Apilio profile. This key enables a secure connection between the website and IFTTT.
  2. Next define the variables in Apilio where you would like to store state information. In my case, I created a Boolean variable darkOutside. Note that there are URLs that when accessed will set the variable to True or False. You’ll need these URLs in the next step.
  3. Define two IFTTT rule Applets that set the variable to True at sunset and False at sunrise, using the capabilities of the Weather Underground trigger supported by IFTTT.
  4. Define a condition in Apilio that if darkOutside is True then it returns true, otherwise False. I named it DarkOutsideCondition
  5. Next, I made an Apilio logicblock that performs a simple logical AND operation that if it is triggered and the DarkOutsideCondition is True, it triggers applets back in IFTTT. I called the logicblock lights_on_when_dark. It has a URL to force its evaluation (from the logicblock show command) and a place to store a IFTTT trigger event name, if it is evaluated. One for True (called LightsOn) and another for when it is evaluated False (called LightsOff).
  6. Since I have a Ring doorbell with motion sensing that interfaces with IFTTT, I made an IFTTT Applet for when motion is sensed to initiate the evaluation trigger of the logicblock lights_on_when_dark.
  7. Now I just needed to create 2 more Applets, one to turn on the lights if it gets a webhook event called LightsOn and another if IFTTT gets the webhook event LightsOff that turn the lights on accordingly.

This may seem a complex but really only consists of:

  • a variable, a condition and a logicblock in Apillio
  • five applets in IFTTT:
    • set the darkOutside variable to true at sunset
    • set the darkOutside variable to false at sunset
    • receive a LightsOff trigger and turn the lights off
    • receive a LightsOn trigger and turn the lights on
    • catch the Ring motion sensor trigger and force and evaluation of the lights_on_when_dark logic block.

This is a fairly simple example. There are also some additional examples on the Apilio site, but hopefully this walkthrough will help you get started with enough context to overcome some of the areas that confused me.

I also have a IFTTT applet to turn the lights off at sunrise, just so there is another way to turn the lights off. I should have the ability to add some delay sensing so that I can turn the lights off after they have been on for a defined period (say a half hour), to keep my energy costs down.

Was something missing from the Cisco Annual Cybersecurity Report?

security compromizeAccording to Cisco’s 2018 Annual Cybersecurity Report:

  • “Burst attacks” or short DDoS attacks affect 42% of the organizations studied
  • Insider threats are still a huge issue
  • More Operational Technology and IoT attacks are coming
  • Hosting in the cloud as a side benefit of greater security
  • Nearly half of security disks come from having multivendor environments
  • New domains tied to SPAM campaigns

Many of these findings seem like common sense or in some ways in CISCO’s interest at first glance, but this 60+ page report goes into much greater detail than these one-liners. It breaks down the analysis by region and time and concludes about the difficulties of cyber defense:

“One reason defenders struggle to rise above the chaos of war with attackers, and truly see and understand what’s happening in the threat landscape, is the sheer volume of potentially malicious traffic they face. Our research shows that the volume of total events seen by Cisco cloud-based endpoint security products increased fourfold from January 2016 through October 2017”

The breadth and volume of attacks can overwhelm any organization and it is not a case of ‘if’ but ‘when’.

One thing I didn’t see mentioned at all was cryptojacking, the unapproved leveraging of processing cycles for mining cryptocurrency. This form of cybersecurity risk affects large entities as well as individuals through their access of websites. Generally, this is less destructive than the previous cyber attack methods and may even be seen as an alternative to advertisements on sites, but it seemed odd to me that this rapidly advancing trend wasn’t mentioned.

The report is still worth looking over.


NIST standards draft for IoT Security

IoTThe draft version of NIST’s “Interagency Report on Status of International Cybersecurity Standardization for the Internet of Things (IoT)” was  released this week and is targeted at helping policymakers, managers and standards organizations develop and standardize IoT components, systems and services.

The abstract of this 187 page document states: “On April 25, 2107, the IICS WG established an Internet of Things (IoT) Task Group to determine the current state of international cybersecurity standards development for IoT. This Report is intended for use by the IICS WG member agencies to assist them in their standards planning and to help to coordinate U.S. government participation in international cybersecurity standardization for IoT. Other organizations may also find this useful in their planning.”

The main portion of the document is in the first 55 pages with a much larger set of annex sections covering definitions, maturity model, standards mappings… that will be likely of great interest to those strategizing on IoT.

The document is a great starting point for organizations wanting an independent injection of IOT security perspectives, concerns and approaches. My concern though is the static nature of a document like this. Clearly, this Information Technology area is undergoing constant change and this document will likely seem quaint to some very quickly but be referenced by others for a long time in the future. A wiki version may make this more of a useful, living document.

Comments on the draft are due by April 18. Reviewers are encouraged to use the comment template, and NIST will post comments online as they are received.


Six thoughts on mobility trends for 2018

mobility walkLet’s face it, some aspects of mobility are getting long in the tooth. The demand for more capabilities is insatiable. Here are a few areas where I think 2018 will see some exciting capabilities develop. Many of these are not new, but their interactions and intersection should provide some interesting results and thoughts to include during your planning.

1. Further blurring and integration of IoT and mobile

We’re likely to see more situations where mobile recognizes the IoT devices around them to enhance contextual understanding for the user. We’ve seen some use of NFC and Bluetooth to share information, but approaches to embrace the environment and act upon the information available is still in its infancy. This year should provide some significant use cases and maturity.

2. Cloud Integration

By now most businesses have done much more than just stick their toe in the cloud Everything as a Service (XaaS) pool. As the number of potential devices in the mobility and IoT space expand, the flexibility and time to action that cloud solutions facilitate needs to be understood and put into practice. It is also time to take all the data coming in from these and transform that flow into true contextual understanding and action, also requiring a dynamic computing environment.

3. Augmented reality

With augmented reality predicted to expend to a market somewhere between $120 and $221 billion in revenues by 2021, we’re likely to see quite a bit of innovation in this space. The wide range of potential demonstrates the lack of a real understanding. 2018 should be a year where AR gets real.

4. Security

All discussions of mobility need to include security. Heck, the first month of 2018 has should have nailed the importance of security into the minds of anyone in the IT space. There were more patches (and patches of patches) on a greater range of systems than many would have believed possible just a short time ago. Recently, every mobile store (Apple, Android…) was found to have nefarious software that had to be exercised. Mobile developers need to be ever more vigilant, not just about the code they write but the libraries they use.

5. Predictive Analytics

Context is king and the use of analytics to increase the understanding of the situation and possible responses is going to continue to expand. As capabilities advance, only our imagination will hold this area back from increasing where and when mobile devices become useful. Unfortunately, the same can be said about the security issues that are based on using predictive analytics.

6. Changing business models

Peer to peer solutions continue to be the rage but with the capabilities listed above, whole new approaches to value generation are possible. There will always be early adopters who are willing to play with these and with the deeper understanding possibilities today new approaches to crossing the chasm will be demonstrated.

It should be an interesting year…


Groundhog Day, IoT and Security Risks

groundhogs dayLately I’ve been hearing a great deal of discussion about IoT and its application in business. I get a Groundhog day feeling, since in some sectors this is nothing new.

Back in the late 70s and early 80s, I spent all my time on data collection off factory equipment and developing analytics programs on the data collected. The semiconductor manufacturing space had most of its tooling and inventory information collected and tracked. Since this manufacturing segment is all about yield management — analytic analysis was a business imperative. Back then though you had to write your own, analytics and graphics programs.

The biggest difference today though is the security concerns. The ease of data movement and connectivity has allowed the industries lust for convenience to open our devices and networks to a much wider aperture of possible intruders. Though there are many risks in IoT, here are a few to keep in mind.

1) Complexity vs. Simplicity and application portfolio expansion

Businesses have had industrial control system for decades. Now that smart thermostats and water meters and door bells are becoming commonplace, approaches to managing this range of devices in the home has required user interfaces to be developed for the public and not experts. Those same techniques are being applied back into businesses and can start a battle of complexity vs. simplicity.

The investment in the IoT space by the public dwarfs the investment by most industries. These new more automated and ergonomic tools still need to tackle an environment that is just as complex for the business as its always been – in fact if anything there will be more devices brought into the business environment every day.

Understanding the complexity of vulnerabilities is a huge and ever-growing challenge. Projects relying on IoT devices must be defined with security in mind and yet interface effectively into the business. These devices will pull in new software into the business and increase the application portfolio. Understand the capabilities and vulnerabilities of these additions.

2) Vulnerability management

Keeping these IoT devices up-to-date is a never-ending problem. One of the issues of a rapidly changing market segment like this is devices will have a short lifespan. Business need to understand that they will still need to have their computing capabilities maintained. Will then vendor stand behind their product? How critical to the business is the device? As an example of the difficulties, look at the patch level of the printers in most businesses.

3) Business continuity

Cyber-attacks were unknown when I started working in IoT. Today, denial of services and infections make the news continuously. It is not about ‘if’ but ‘when’ and ‘what you’re going to do about it. These devices are not as redundant as IT organizations are used to. When they can share the data they collect or control the machines as they should, what will the business do? IoT can add a whole other dimension to business continuity planning that will need to be thought through.

4) Information leakage

Many of the IoT devices call home (back to the businesses that made them). Are these transferred encrypted? What data do they carry? One possible unintended conscience is that information can be derived (or leaked) from these devices.  Just like your electric meter’s information can be used to derive if you’re home, a business’s IoT devices can share information about production volume and types of work being performed. The business will need to develop a deeper comprehension of the analysis and data sharing risks that has happened elsewhere, regardless of the business or industry and adjust accordingly.

The Internet of Things has the potential to bring together a deeper understanding of the business. Accordingly, security at both the device and network levels needs to develop as strongly. The same analytics enabling devices to perform their tasks can also be used nefariously or to make the environment stronger.


IT opportunities and cruising…

cruiseI recently went on a western Caribbean cruise on Royal Caribbean. This is the first cruise I’d been on in a couple of years and I found it interesting how much mobile device use there was on the boat. Everything from folks checking emails… to live streaming at the breakfast table (at an additional cost, of course). There still seemed to be numerous more subtle ways to enhance the cruise experience now that nearly everyone has an enhanced device.

There is an anecdote about cruising that for every couple that gets on a cruise, one of them doesn’t really want to be there. That’s probably a bit strong, but what’s true is that there are numerous activities going on at any one time and finding the right one to interest you could be improved.

I could easily see adding NFC or low power Bluetooth spots throughout the ship that personal devices could tap into for service information or even historic facts/trivia. As I drive across the country, I see numerous historic spot signs along the highway that’s because some people are interested in what’s happened at locations in the past. Adding some capabilities to share that information for the ship would be interesting:  where items of specific interest (music performers/performances, celebrity spotting, changes in ship design over the years) could be broadcast. It would make for an interesting gamification,  scavenger hunt and Pokémon Go like possibilities that would interest some on board.

Analytic data from IoT and business process systems could be shared to optimize the experience. For example, sharing how long the wait may be at “my time” dining. A news feed capability may be useful, so you can subscribe to information about where the ship is or when it will get into port. Naturally there will be a great deal of opportunity available to upsell passengers on jewelry, drinks, excursions… as well.

There may be some interesting peer-to-peer sharing experiences. The one I’ve thought about for a long time is: allowing folks to share their skills and interests so they could be notified if someone within 50 feet is an author/expert on a topic of interest. Or enable ad-hoc meetings, like in the case of our cruise where there was a quilting, veteran and Victorian dance group, that would have a public meeting at a specific time and place. These capabilities would encourage interactions with other passengers that they wouldn’t normally experience. These capabilities would have to be opt in though, to allow those who want to get away to have that experience as well.

The use of augmented reality also seems like a missed opportunity. An app to take some of the signpost information mentioned earlier and enhance it with directional information. This could help lead you to the experience you’d like to have, rather than the one you just settle for, based on what you know.

What I am getting at is: different people want a range of experiences on a cruise and its seems like there are numerous opportunities being missed by both the passengers and the cruise lines to make the most of the occasion, with relatively little additional effort. There are some significant privacy and customer satisfaction concerns, but I am sure a range of pilots would quickly point out the issues and possibilities.