The business of IoT,
curated & opinionated

Twitter Facebook Google+ LinkedIn Buffer Gmail Email Addthis

Safe subscribe to our monthly enewsletter

Icons coming out of smartphone




















Twitter Logo Square





Enterprise IoT Profiles: U-Z

Anura Fernando UL

31 March 2015 - By Maxine Bingham, Editor-in-Chief

We met with Principal Engineer of eHealth and mHealth, Anura Fernando, of UL (Underwriters Laboratories) at, of all places, Wearables TechCon in March. UL is a safety advisory, testing, and certification company headquartered in Northbrook, IL, with offices in 46 countries. Historically, reasons to have the UL mark is that regulations often require a nationally recognized test lab certification, such as from an enterprise like UL. Today, UL also offers verification services to manufacturers who want to ensure a product is operating to specification, sometimes going beyond just safety.

What was UL doing at an IoT wearables event? It turns out that the company has developed assessment and certification programs for wearables in the area of “biocompatibility,” as well as in the areas of performance, security and safety for both devices and textiles. As Anura remarked, “the IoT is a game changer for our company.”

UL’s biocompatibility testing is done on such devices as fitness monitors and wearable eyewear. They analyze materials that make up a device, and conduct tests to determine whether skin irritation occurs, and they can also conduct testing to ensure it doesn’t, for example, burn the skin, by exceeding maximum permissible temperature limits that are defined in the safety standards.

According to Fernando, if there’s a UL mark on a product then a variety of safety aspects have been looked at, including electrical testing. If the manufacturer makes any safety-critical component changes, including materials, the manufacturer needs to notify UL engineers, who will then assess whether the change has impacted the device safety.   

Starting as a certification body for fires caused by that new invention – electricity – in the 1890s, the company has been in the health care space since at least the 1950s, noted Anura.

Now UL is in many areas: new safety science research for: control systems, cyber security, smart grid, water plants, etc. Although, said Anura, there is no such thing as absolute safety or security, “it’s what society finds to be tolerable, and, as social norms have changed, the science of safety has shifted.” UL continues working through industry to evolve its standards as technology advances.

UL has been involved in automotive electronics, primarily for charging of electric cars. They are currently looking into some new areas of safety science with the safety and performance of autonomous car capabilities, for example, examining whether the car provides functional safety such as electronic controls for stopping the car prior to a collision. They are developing testing for the connected home, much of which is still in process of research and standardization, but with some aspects of certification currently available.

While UL doesn’t provide regulatory compliance for manufacturers, they can support regulatory submissions and interface with regulators on behalf of manufacturers. Because technologies like biosensors can use nanoscale technologies for which standardized performance testing may not yet exist, or which address a broad range of physiological conditions, UL has begun looking into model-based testing, following the lead of the FDA and other regulators. UL can advise manufacturers on how to use model-based testing to support regulatory submissions.

UL can provide some free product or concept review time as part of a special introductory package in the areas of safety, security, regulations and performance metrics for makers and entrepreneurs. “One message to the IoT community,” said Anura, “is to really think about what markets they want to get into, where their product will be successful and what are the safety, standards and regulatory implications in that market?” See: for more information about this opportunity.

Photo of Anura Fernando courtesy of UL

© 2015 IoT Perspectives

Johan Sys Verizon

22 June 2015 - by Maxine Bingham, Editor-in-Chief

Johan Sys, the manager of IoT Security at Verizon, sat down with us at the recent RSA Conference to talk about issues in IoT security. Johan was both articulate and informative, with some very useful advice. Below is our edited Q&A.

IoTP: What are Verizon’s security businesses?

JS: Verizon Enterprise Solutions provides cybersecurity solutions for federal and corporate security, such as denial of service attacks (DDoS) and IoT security. Basically, we cover the spectrum of solutions (network, managed and advanced) for enterprises of all sizes and in a broad range of verticals. .

If you look at the companies we deal with we’ll get the right people with the right expertise in that area to address their questions and issues.

IoTP: What do you find are the biggest challenges regarding IoT security?

JS: The biggest challenge is the scale, the number of devices out there, which, according to most everyone, will be in the billions.

IoTP: Does Verizon provide IoT devices?

JS:  No, we partner with different platforms, although we have our own set-top boxes for our FioS service, we’re not an IoT supplier.  Although we do provide technology for a car sharing program.

We have two innovation centers, one in San Francisco, where you can see all the partners’ connected devices - we work with partners to test their IoT devices on our network.

We also resell partner products in our Verizon Wireless Destination stores, and do some resale , such as in wearables.

IoTP: Are you finding that people are concerned about IoT security? Is it top-of-mind?

JS: In IoT, the requirements for security by enterprises are top of mind – at least the people we talk to.

IoTP: Is Verizon’s security solution global?

JS: The IoT security and management platform is US only.

IoTP: What do enterprises need to know about IoT security?

JS: From the enterprise perspective, before starting an IoT project, I would recommend that companies define very clearly their use case and build security as part of the project. Don’t do it as an afterthought. Have security as part of the roll out. Sometimes it may not be possible but, start with something very specific and grow from there versus trying to do everything at the same time.

However, there’s not one security model for all the IoT use cases - health, smart cars and smartphones have differences in how you build them. It’s not one size fits all. Although there are some common items;  we discuss common guidelines in our DBIR (Data Breach Investigations Report).

My recommendations are to be sure to understand the purpose of what you’re developing. Collect and transmit only the data you need to. Make sure to have access control as fine-grained as possible. If you transmit data, be sure it’s encrypted. Especially with the IoT, you have the risk of breaches, but even a higher concern is privacy. Encryption is a requirement, but it’s important to separate data from privacy. How you do that differs across the spectrum.

IoTP: What’s the responsibility of the consumer when it comes to IoT security?

JS: For the consumer community, do as you’re told. Keeping up with updates is the biggest thing users can do. Don’t say “no” to updates. Let it go through. From a credential point of view, use different credentials for different devices, don’t use the same PIN number across devices; use different passwords or PIN codes across the devices.

IoTP: What do you find exciting about all this?

JS: I love this question! The sheer scale of the IoT is fascinating. Because of the scale and type and number of devices, the challenge I like a lot to solve is to automate the heck out of security, which is different than what’s happening now.

Another reason why I think IoT is fascinating is that there will be many different new technologies over next couple of years. In five years’ time a lot of people will need to rethink their approach to the Internet, from an architectural perspective.

I also believe that SDN (software-defined networking) will play a big role going forward. We’re working with Cisco and other vendors on SDN.  See our news release.

IoTP: Tell us more about SDN and the IoT

JS: Specifically for the IoT what is exciting is within the corporate network. To connect via WiFi under corporate rules goes out the window with IoT, especially with consumer devices. If people connect with WiFi and Bluetooth, you have to assume connecting to a host network, and you’ll have no idea who will be looking at it.

Basically, through SDN, you can extend your corporate network to include a device more securely. Have a protected network on the lower level. SDN is a big enabler for IoT security for the enterprise (although not in every case), it’s pretty important for IoT security deployment.

With SDN you can reroute, you can almost have the network include a virtual firewall and have the full network controls, which you couldn’t do before.

There’s a lot of focus on collecting and analyzing IoT data for breaches. The amount of data is so huge; the volume is too much for Big Data and analytics. If you try to look at each packet, you’re generating too much data. With SDN, you don’t have the traditional boundaries between intranet, extranet and the corporate network, it’s elastic, so that helps.

By the way, Verizon recently announced its SDN strategy as a whole (not specifically IoT), but worth a look.

IoTP: Talk more about issues with Internet architecture.

JS: It has to do with scale. For a long time IPv6 [note: the way devices are assigned an Internet address] has been promised. IoT absolutely needs it; we’re hitting the limit of IPV4 regarding the number of nodes. It’s about how can you manage a billion devices.

IoTP: Do you find that business units, as opposed to IT, are getting involved in IoT security?

JS: I would say so. Unlike other technologies, the business users are concerned about security; it’s not a secondhand concern. Even though major breaches haven’t happened yet with the IoT, I would say that the business unit is asking for security from a risk management perspective.

Business units with consumer devices are concerned about the cost of the device and the cost of security for billions of devices - just think about even a couple of cents per device multiplied by millions. This cost can be quite substantial, so that concern is again with the business units.

IoTP: What is Verizon specifically doing with IoT security for its customers?

JS: Verizon’s position in IoT is specifically that in B2B, you can’t not have security. What Verizon is adding to businesses are more packaged solutions. My recommendation regarding deploying IoT security is, don’t do yourself, there is network deployment, firmware, and too many different developments in the IoT ecosystem. If you want to accelerate deployment, partner up with one, two or three partners and deploy with a packaged solution.

Photo of Johan Sys Courtesy of Verizon
© 2015 IoT Perspectives

Andrew Morawski Vodafone

Vodafone M2M
21 January 2015 - by Maxine Bingham, Editor-in-Chief


It was a pleasure speaking with Andrew Morawski, Head of M2M Americas at Vodafone. Vodafone Group Plc is one of the world's largest telecommunications companies providing a wide range of services including voice, messaging, data and fixed broadband for 438 million mobile customer across 26 countries and partners with mobile networks in over 50 more. The Group’s operations are split into two geographic regions – Europe and Africa, Middle East and Asia Pacific (AMAP).

What was an eye opener for us was the company’s leadership position in M2M, a huge opportunity in the overall Internet of Things ecosystem. According to Statista, the M2M market was around 45B USD in 2013, and is predicted to reach 200B USD in 2022, at a CAGR of 18 percent. 

Per Andrew, Vodafone’s M2M business since 2011 has been:

  • Growing 20-30% year-over-year
  • Ranked as the leading M2M communications service provider (CSP) for the past 3 years by investment firm Analys Mason
  • Recently tapped by research firm Gartner as the leader in Gartner’s MagicQuadrant for M2M in both the ability to execute and completeness of vision
  • Recognized as a leader by market research firm Current Analysis
  • Grown from 7.8M to 18.6M connections
  • Expanded its staff from 145 to 1300

Morawski noted that Vodafone has been in the M2M business for almost 20 years, but that M2M has become a strategic “pillar” for the company under CEO Vittorio Colao, which the growth bears out.

He said that the success of the company’s M2M growth was due to their global M2M platform.

Morawski said, “We designed our own M2M platform over our global mobile network infrastructure. Our mission is to connect every machine in order to transform life and business. As well as enabling companies to increase efficiency and ROI, we focus on real applications that are making a difference in people’s lives.”

As Morawski pointed out, because of Vodafone’s global connectivity network, there is no extra work in expanding applications around the world. It’s the same SIM (subscriber identity module) that can be plugged in any country without modification.

Some of these applications include:

Lively: Lively wanted to launch a new system of remote sensors that would enable families to monitor the movements of their older relatives. Vodafone Global M2M SIMs provides the worldwide coverage for the sensors to upload activity data wirelessly, without the need for home Internet or phone line connections. The sensors are preinstalled with a Vodafone Global M2M SIM to upload activity data wirelessly. An additional hub receives activity signals from each of the sensors to compare daily events with normal routines. That information is then shared with relatives via a secure login that can be accessed through PCs, tablets or smartphones.

Amazon: Vodafone enables Kindle Paperwhite 3G users to have the ability to download a book in more than 150 countries. They provided an intelligent SIM for the Kindle Fire HDX in UK and Germany that recognizes its location the moment its activated.

Vodafone recently acquired Cobra Automotive Technologies S.p.A, a telematics company to expand its penetration in the M2M automotive services market

The “Vodafone M2M Adoption Barometer 2014 study includes conversations with 600 executives in 14 countries across five continents about their experiences with M2M as well as their predictions for the future. The study provides a useful definition of M2M:

Although the terms are often used interchangeably, Machina Research sees a very definite distinction between M2M and IoT. M2M is, effectively, the plumbing for IoT. M2M involves connecting devices and transferring data. This is something that the IoT depends on. However, M2M typically involves an application developed to solve a particular need. IoT replaces these stovepipeswith common application platforms, where data from lots of different sources can be mashed-uptogether, and where developers can build new apps without having to start from the ground up. To give an analogy, M2M is like your mobile connection, while IoT is Facebook, Google, and all the apps that you use on your PC or phone. With IoT, developers no longer need to do the equivalent of inventing the iPhone every time they want to create an app."

In a worrisome trend for North and South America, the report notes, Adoption in Africa, the Middle East and Asia-Pacific (AMEAP) has leapt 15 percentage points since 2013. Europe wasnt far behind, but the Americas saw relatively sluggish growth of just four percentage points.But, Vodafone thinks this will narrow considerably in two years. It still makes me wonder why the Americas are behind!

The report includes an excellent graphic of what benefits to M2M respondents saw (see below).

Vodafone M2M Benefits ChartVodafone M2M Graph

IoT Perspectives agrees with Morawski’s belief that, while the automated home is interesting, at the moment it is a “nice to have” rather than a “must have, although Vodafone plays in smart homes via connectivity.” At the same time, Andrew  added, “We are doing more in the consumer space” as the case studies above attest.

Vodafone is a member of W3C, “that has announced a new Web of Things initiative to develop Web standards for enabling open markets of applications and services based upon connected sensors and actuators (the Internet of Things) and the Web of data… the World Wide Web Consortium (W3C) is an international community that develops open standards to ensure the long-term growth of the Web.”  Surprisingly, we don’t see Vodafone as a member of the relatively new, but expected to be influential, Industrial Internet Consortium (they work with standards groups) formed by AT&T, Cisco, GE, IBM and Intel, and which is working on security and interoperability for M2M. We’ll be profiling the IIC since its membership and focus is impressive.

As Andrew discussed, M2M is an exciting space, especially as one considers connected car and eHealth. He explained that the company would continue to expand into what customers need, including, potentially, analytics.

Photo of Andrew Morawski and Chart Courtesy of Vodafone

© 2015 IoT Perspectives