IoT Analytics, one of the most active market insights and competitive intelligence firms covering and reporting on the Internet of Things (IoT), M2M, and Industry 4.0, earlier this year published two comprehensive market report updates on IoT Platforms, including a 193-page report titled IoT Platforms Market Report 2018-2023.
Their research indicated the IoT Platform market will continue to accelerate in as more businesses prioritize their transformation into IoT data-driven companies.
Spending on IoT Platform-related software and services for connected business solutions is forecast by IoT Analytics to grow at a rate of 39% per year until 2023, in line with estimates from other firms including Gartner and IDC.
“The IoT Platforms report forecasts…annual spending surpassing US$22 Billion by 2023,” IoT Analytics wrote, with numbers “based on the IoT Platforms related revenue of the leading companies in the field, across 11 industry segments (Agriculture, Connected Buildings, Connected Car, Energy, Health, Manufacturing, Public services, Retail, Smart supply chain, Transportation, and Other). The market is broken down into 7 regions (Asia, Europe, North America, MEA, South America, Oceania, Rest of World), 5 platform types (cloud platforms, application enablement platforms, device management platforms, connectivity platforms, advanced analytics platforms), 4 deployment types (on-premise, hosted private cloud, hybrid cloud, public cloud), and 2 revenue types (platform software sales vs services sales).”
A whopping 450 technology companies were interviewed, and 1,600 implementations of enterprise IoT reviewed.
Microsoft and PTC were identified as the leading vendors in terms of market share in their respective platform types, cloud and AEP, also common among other analyst firms’ coverage. Other analysed IoT platform vendors included Accenture, ADAMOS, Amazon Web Services, Bosch, C3 IoT, Device Insight, GE, Hitachi, Huawei, IBM, Kaa IoT, Microsoft, Mnubo, PTC, SAP, Schneider Electric, Seluxit, Siemens, Sierra Wireless, Software AG, and Telit.
With the continued growth (and fragmentation) of the IoT platform market, we asked Gil Bernabeu, Technical Director of GlobalPlatform, a non-profit whose members work together “to ensure the association’s specifications align with existing and emerging market requirements” about how IoT platforms and related industry standards might shake out in the coming new year.
Question: How does GlobalPlatform work with other standards organizations?
GlobalPlatform has established strong, collaborative relationships with several relevant industry partners across the world, from international standards organizations to regional industry bodies. This collaboration is key to realizing our vision of fully open ecosystems that efficiently deliver innovative digital services across all vertical markets, while providing greater security, privacy, simplicity, and convenience for users.
One example of this collaboration is the work that GlobalPlatform has done with GSMA. GSMA is a standards organization that represents the interests of mobile network operators (MNOs) worldwide to facilitate security within the mobile ecosystem. GSMA has developed innovative eSIM use cases based on GlobalPlatform Secure Element (SE) technology, and GlobalPlatform has qualified multiple testing laboratories and test tools to establish the compliance and certification infrastructure needed to promote interoperability, stability and flexibility within the connected device ecosystem. This means that GSMA’s technology allows the eSIM to manage subscriptions from different MNOs in order to authenticate devices accessing their networks and services to secure internet of things (IoT) applications.
Question: Is this an “open source” community and, if so, how does it compare to other IoT open source communities (example Linux EdgeX Foundry)?
Open source makes a lot of sense when the primary product of the collaboration is software. GlobalPlatform isn’t open source in that sense, as our primary deliverables are specifications, market configurations and a certification program that allows stakeholders to verify product adherence to said technical documents.
However, GlobalPlatform is structured to create fully collaborative and open ecosystems with an intellectual property (IP) policy that controls potential claims in all publication.
In the future GlobalPlatform plans to deliver more software and we are starting to generate more open source resources in our Github zone: https://github.com/GlobalPlatform/.
Question: What are some of the key use cases for IoT device security leveraging GlobalPlatform?
GlobalPlatform standardizes foundational security technologies, which are applicable to a broad range of IoT use cases.
Take the Device Trust Architecture (DTA) framework as an example. DTA demonstrates how GlobalPlatform’s standardized secure component technologies can be used to build Chains of Trust into a device. It does this by offering high level security services, implemented within a secure component. These services can be used at each level of a Chain of Trust: from the boot mechanism to the device operating system (OS) and up to the application layer.
The DTA framework is necessary in today’s increasingly connected world because new device operating systems and digital services are constantly being developed, but not all devices are secure enough to protect against threats and attacks. For digital services to be successfully deployed throughout the connected device landscape, service providers, device manufacturers and cloud platform providers need to collaborate to ensure that all elements of the IoT ecosystem provide the right level of security services. The GlobalPlatform DTA framework enables fog and edge device manufacturers to provide a security anchor regardless of market or device type that will be used by the other stakeholders when deploying secure digital services.
This approach means that IoT device security leveraging GlobalPlatform technology can be deployed in almost any sector, but let’s take a closer look at smart energy, connected cars and Industry 4.0.
The global smart meter market is expected to reach $10.4bn by 2022, and this predicted growth is because they provide added-value to energy consumers. However, they hold a vast amount of personal information, which, if compromised, could lead to crimes such as burglary and identity theft. GlobalPlatform’s technology can support the smart energy sector to build trust within the energy ecosystem by ensuring tamper-proof data transmission between trusted elements within the network.
Industry 4.0 aims to create a virtual copy of the physical world and make decentralized decisions required to interconnect and manage multiple physical components and processes, such as smart distribution. This interconnection, however, increases the attack surface of the manufacturing facility. GlobalPlatform technology facilitates collaboration between Industry 4.0 service providers and device manufacturers that empowers them to ensure the right level of security within all devices to protect against threats. This will be crucial to the success of the ecosystem.
GlobalPlatform technology can also be used to secure various use cases within connected cars. One example is digital car keys, where smart devices – including smartphones, key fobs or wearables like smart watches – act as a digital key for a connected vehicle, allowing drivers to lock, unlock, start the engine and share access to the car.
Question: Is there a specific implementation we can talk about?
GlobalPlatform’s technology is being used to develop an interoperable, secure, and convenient digital car key solution. This is made possible by collaboration with the Car Connectivity Consortium (CCC) – an organization focused on enabling seamless mobile device-to-vehicle connectivity. The CCC is developing a technical specification (of which v1.0 has already been published) that will form the basis of a digital key ecosystem that covers all cars and devices. This will deliver a fully interoperable digital car key solution that can be used in a variety of use cases, from individual drivers to fleet management, car rental and car sharing companies.
The Digital Key Specification 1.0 provides a framework for deployment that allows vehicle manufacturers to securely transfer a digital key to a smart device. By leveraging near-field communication (NFC) distance bounding and a direct link to the Secure Element of the device, state-of-the-art security level for vehicle access is assured.
Question: What does GlobalPlatform see as the number one challenge today associated with securing IoT/IIoT?
The industry has not yet achieved ubiquitous IoT device security. To get there, we first need widespread education on the importance of foundational security. Without this step, it will be difficult to ensure digital services and devices can be trusted and securely managed throughout their lifecycle. If security is not foundational, seemingly innocuous devices like lamps, refrigerators and cameras can become the platform for attacks. It is important to remember that effective security needs to be built into the device; it cannot be added afterwards. When devices and services are hacked, or used to launch attacks, the risk is not only that data and infrastructures are compromised; brands can suffer irreparable reputational damage too.
It is therefore essential that security is standardized. The number of connected devices has increased substantially in the past decade, with devices such as connected cars, set top boxes, smart cards, smartphones, tablets and wearables all requiring protection against threats and attacks.
The standardization of IoT device security gives service providers and device manufacturers the means to interact seamlessly when deploying secure digital services, regardless of market or device type. The resulting collaboration makes the mass marketing of secure digital services possible, while bringing time and cost efficiencies to stakeholders within the ecosystem. GlobalPlatform enables collaboration between service providers and device manufacturers by standardizing three key requirements of a successful secure digital service deployment: protection of secure digital services and associated assets; certification of secure components within devices; and end-to-end remote management of digital services and device secure services.
GlobalPlatform and its members have been working with device manufacturers and service providers for two decades, to standardize the foundational security of successful secure digital service deployments. GlobalPlatform’s resulting specifications deliver sustainable business models and empower both stakeholders to ensure that devices are protected against threats and attacks to enable the delivery of secure digital services.
You can learn more about GlobalPlatform’s work and team here.