(This article is excerpted from the report: “The IoT Impact – Finding YourCompany’s Role in the New Smart Connected World” available for download here.)
Why You Need an Internet of Things Game Plan Now
Opinions, predictions, hyperbole, pontifications — a lot has been written about the Internet of Things recently. But precious little has been written to help the senior executive or product manager who is trying to decipher what it all means for their business — what, if anything, they should be doing differently, and when. This is not simply a question about what features or technology to add to a product. Our research has shown that IoT is impacting business models and in turn industries’ very structure, the basis of competitiveness, what it is you sell, and who you partner with. In fact, we expect, and in some cases are starting to see, industries being shaken up, a major reshuffling of power and positioning, and new disruptive entrants. With these potential upheavals looming, it is imperative for organizations to understand the impact to their firm and develop an intelligent strategy soon. It is critical to act prudently, but also to start now.
With this urgent need for guidance and a paucity of good sources of it in mind, I was delighted to see the article How Smart, Connected Products Are Transforming Competition in the Harvard Business Review. Written by competitive strategist Michael Porter and PTC CEO Jim Heppelmann, this article provides practical advice on the decisions a company needs to reflect on.
The Pace of Change
Tectonic changes like this always happen more slowly than much of the media hype suggests — these transformations take many years, even decades. But, these changes happen faster than many organizations are able to learn and adapt. The changes required are profound: developing whole new arenas of expertise, turning your underlying business model and financial model upside down, completely changing the pace and approach to developing products, building entirely new ecosystems and trading partner relationships, deep integration with services and partners that you may not have even heard of yet. These kinds of deep transformation take serious effort and time — lots of organizational learning, and trial and error. That is why it is so critical to start the journey in earnest now or risk being outmaneuvered and unable to catch up. You don’t win the marathon by waiting until you see how things are shaking out before even taking your first step in the race!
Heppelmann and Porter’s Ten Questions – Useful Roadmap
The HBR paper uses Porter’s five forces analysis framework to analyze how smart connected products will impact and reshape industries. IoT and smart connected products are transforming the basis of competition and hence, companies’ business models — their fundamental understanding of “What business am I in?”
The ten strategic questions that Porter and Heppelmann suggest companies1 ask themselves form the centerpiece of their HBR article (see Figure 1). They provide the core value of the piece by providing guidelines to answer the question “What should I do about IoT” in very specific ways. These ten questions fall into four broad categories: 1) Product, 2) Data, 3) Business Models & Scope, 4) Ecosystem/Partner.
This provides a useful roadmap for considering what to do about the Internet of Things. Below we consider each of those four categories of questions.
1) Product Questions
Which Smart Connected Capabilities to Pursue?
One of the key points made by Porter and Heppelmann is that a company must understand what truly is of value to customers; what services or functions are they willing to open their wallet and actually pay for.
In virtually every ‘IoT’ company we have spoken with, they did not set out to become an IoT company, but rather set out to solve specific problems. Some of the key learnings from our interviews:
Bigbelly, An Example of Solving a Specific Problem
The founder of Bigbelly had an idea to dramatically reduce the frequency of trash collection in public spaces (e.g. parks, beaches, etc.) by creating a solar powered trash compactor to replace traditional trash bins. The enclosed container also reduces smell and rodent infestation. Bigbelly’s compactors were successful (holding 5 times as much as traditional ones), but they realized that they were being emptied on average when they were only 60% full.2 So, they added sensors and wireless communications to their trash bins so the device could tell the city workers when it was time to pickup. They were not asking, “What can we do with IoT technologies?” but rather, “What is the best way to solve this specific problem?”
- Rather than asking, “How can we become an IoT company?” ask, “What problems does my customer have that I am in a position to solve? How can I add more value?”
- Companies that develop true collaborative partnerships with their customers discover new ways to solve problems and add value.
- Some of the best disruptive IoT business ideas come from experienced industry veterans who have a deep appreciation of how things actually work and the thorny problems in their industry, and who are imaginative enough to develop a practical vision for how things could be done radically differently.
What to Put in the Product vs. in the Cloud
The second question posed by Heppelmann and Porter is how much IoT functionality should be embedded in the product vs. in the cloud. These choices can be complex with product, process, organizational, and revenue implications. As described in Distributed Intelligence in the IoT, there may be many layers of intelligence and processing between the product and the cloud.
Consider, for example, a smart, connected infusion pump used in a hospital. It may communicate its location, be remotely programmable based on the patient and drug being dispensed, and sends alerts when it needs maintenance. But we can also imagine a tight coupling with other systems, for example heart rate and/or blood sugar monitoring devices, that would vary the rate at which the drug is dispensed based on the monitoring device’s readings. It also might communicate with the security system when it is being moved to a location where it is not supposed to be. Data generated by the pump is shared with other devices, other applications, users in other departments, and even other enterprises. They all need methods to access the data. Thus a system of systems may have some functionality in the cloud, some in the product, and some intelligence residing in local processing systems. The concept of an IoT gateway is another example of local intelligence sitting between the smart connected product and the cloud.
These pieces all need to be architected to fit together. Ultimately, questions of what functionality belongs where are multi-disciplinary decisions. Many engineering factors come into play, but they also involve business models, pricing, partnerships, security and privacy, data ownership, and more.
Rethinking Security in IoT-enabled Products
Manufacturers of physical products already make decisions about physical security—your coffee maker does not have a
lock on it; your car does. These decisions all need to be revisited once a physical device is plugged into the cyber world, especially as they integrate into interoperable environments (e.g., your new smart coffee maker integrating into your smart kitchen and smart home). Within the context of a home, hospital, factory, or office building, there will be many IoT-enabled devices from different manufacturers, connected together and communicating back and forth. When multiple devices talk to and trust each other, they can be exposed to the security flaws of the weakest link. Therefore, devices may need to pass a security posture check3 before they are allowed to participate. This will require a federated approach4 to identity management, as well as Identity Relationship Management.5
IoT Security and Privacy
Having your computer hacked might be disruptive to your life. Having your self-driving car hacked might end your life. When intelligence and connectivity are added to a physical product, it is critical that security and privacy are designed into the product — its architecture at all levels in the stack, its supporting infrastructure, the supporting organizations and service providers, and contractual agreements. Many product manufacturers do not have all these skills or expertise internally and will need to bring in outside help.
In our research, security was cited as the biggest issue associated with IoT implementation. Still, security and privacy in IoT are frontier areas right now. Most makers of IoT-enabled smart connected devices are just dipping their toes in the water. We have learned over and over that trying to bolt on security measures after the fact, instead of architecting them in from the start, creates many vulnerabilities. If past experience is any guide, it unfortunately may take some disastrous breaches occurring before the proper level of investment is made in these areas. We expect to hear a lot more about IoT security.
In Part Two of this series, we will examine the implications of all the data generated by smart connected products, and how the IoT is changing companies’ core business model.
__________________________________
1The ten questions are somewhat biased to the perspective of product manufacturers and OEMs. After all, the HBR article is about Smart Connected Products. However, many of the questions are still very useful for other players in the ecosystem, such as service or software companies. — Return to article text above
2 Cities scheduled pickups often enough to try and ensure no trash cans are ever full, because otherwise people simply leave their trash next to or on top of the container, causing eyesores, windblown trash, stench, and attracting rodents. — Return to article text above
3 A security posture check validates that the device implements appropriate security protections, such as anti-virus capabilities and encryption. The check may quarantine infected or inadequately protected devices. — Return to article text above
4Federated security approaches involve establishing a set of shared policies, practices, and protocols to manage identity and trust across heterogeneous organizations and devices.
5 Identity Relationship Management ties the identity and access rights of a device to the identity and rights of the device’s owner.
To view other articles from this issue of the brief, click here.