Why reactive IoT operations are failing

Show Notes

In this episode of the Trending Tech podcast, Transforma Insights’ Jim Morrish sits down with Aeris’ Grant Bishop to map out a path forward. Together, they break down why traditional reactive operations are fundamentally broken, how major new compliance frameworks like the Cyber Resilience Act (CRA) and NIS2 are radically reshaping global deployments, and why deep network orchestration is no longer optional. 

Transcript

Jim Morrish: [00:00:00] Hi, and welcome to this Trending Tech podcast focusing on IoT connectivity in the context of evolving enterprise needs and also evolving regulations, and welcome to all of you around the world who are listening in. My name's Jim Morrish. I'm co-founder of Transforma Insights. We're a firm of industry analysts focused on all things related to digital transformation, and for this episode of the podcast, I'm joined by Grant Bishop, who is sales engineering director for Europe, Middle East and North America with Aeris.

Jim Morrish: Welcome, Grant.

Grant Bishop: Hi, Jim. Happy to be here.

Jim Morrish: Excellent. Thank you, and as I mentioned in the quick introduction, this podcast will focus on IoT connectivity in the context of evolving enterprise needs and regulations, and just for a bit of background, today's IoT is no longer operating quietly in the background of enterprises. It sits at the center of critical business operations. From manufacturing and logistics [00:01:00] to healthcare and retail. Connected devices now drive essential services, making outages, failed software updates and security breaches far more disruptive and costly than ever before. In parallel, we have a fast-evolving regulatory landscape, which is forcing the pace of change across all kinds of IoT contexts, even those that might support less critical enterprise processes, and that's primarily in order to support the overall security of an overall enterprises' state of devices and wider systems. And in this new emerging environment, things like over-the-air updates have rapidly moved from being a sophisticated aspect of sophisticated IoT contexts, like for instance connected cars, to basically becoming table stakes, and in this podcast, we're gonna explore some of the consequences, as the use of IoT matures to include ever more critical applications that can often be core to an enterprise value proposition.

So Grant, welcome to the podcast. It's great to have you as a guest.

Grant Bishop: Happy to be here again.

Jim Morrish: Fantastic. Um, but before we get stuck [00:02:00] into the gnarly topic of IoT connectivity, let's take a quick look at some serious tech news stories that we've spotted in recent days, and towards the end of the podcast, we'll circle back with some lighter news stories in our "What the Tech" segment at the end.

So Grant, what serious tech news stories have you found?

Grant Bishop: Well, I was looking at tech news and everything, predictably, is AI-based these days at the moment,

Jim Morrish: yeah

Grant Bishop: 'cause of the, the time we're in, and I picked up one from World Economic Forum, which is as AI rises, so does the need for human creativity, and I find this a particularly interesting story because with AI, what is AI gonna do for us in the future? And, and I do think about my children actually. What jobs are they gonna have in the future? What skills are gonna be the most useful in an AI-driven world? And the one thing a computer cannot do is creativity. So for me, this story is very, very interesting. It talks about as AI advances, so does the need for more humanness to come into it. So, and I'll talk about that later on in my fun story as well. [00:03:00] So very interesting story, and I think when we look at AI, the human element always needs to be factored into these things. There's a saying in security that we use, "a fool with advanced tool is still a fool", and we need to think about the humanness and the human impact of AI every time we use it.

Jim Morrish: Absolutely, and I'll pick up a couple of those threads actually later as well with my lighter story certainly around employment impacts.

But as you highlight, AI at the moment is essentially derivative, and the key I think as that article highlighted, and you've mentioned, is to use AI as a tool to enhance creativity. But in many ways, that, that kind of runs counter to corporate profit-seeking motives and an employee needing to just get their job done and in less time. It's a hard one to solve since the paybacks will be slow and you're in a situation where right now you can get 95% of an ideal result in 10% of the time. It's a real presumably disruptive time, but conversely an opportunity for organisations that get it right to disrupt markets.

Grant Bishop: Yep.

Jim Morrish: So I also found an interesting story, but [00:04:00] focusing much more on the nuts and bolts of evolving technology and geopolitics in fact, and this relates to China's somewhat snappily titled Regulations on Security of Industrial Supply Chains Decree Number 834. And just highlighting some of the provisions of this, it's a fairly complex document, but it's just a few of the key provisions to highlight are firstly, that terminating a Chinese supplier relationship to comply with, for example, a US export control could trigger Chinese countermeasures, and that represents to some extent a ratcheting up of our geopolitical challenges at the moment where companies may have a choice between complying with US regulations and Chinese regulations, and you're gonna pick one, and that can be quite a challenge, but there are some second order effects of this which are quite interesting. Because it also mentions restrictions on supply chain information collection, which is essentially that in many situations you can't do it, and that brings it into conflict with some EU and [00:05:00] US regulations around forced labour, but potentially also ESG audits, supplier and even just due diligence, and then more interesting, in fact from my perspective, is that there's a whole host of regulations, certifications, best practices and other guidance being issued by governments and regulators around the world focusing on the management of software bill of materials and stipulating that that's kept up to date, and last count, this included something like 40 documents from different regulators and governments around the world, and China's decree focuses on physical supply chains, but potentially the collection of software bill of materials information could be regarded as a form of supply chain information, and at that point, it could get really quite interesting in terms of how to manage a software BOM when you're not allowed to analyse a supply chain. There's no way really knowing how this is going to play out. The regulation is quite new. But it's certainly something worth keeping an eye on, I think.

Did you spot that one, Grant?

Grant Bishop: Yeah, I looked at it and it, it's a complex, complex topic, [00:06:00] and I think that's part of the nature, the reason, the creation of this in the fact it's clearly a countermeasure against over-regulation, but from a position, what do you do? That is the challenge at the moment. How do you work out what is the right and wrong answer? Because-

Jim Morrish: Yeah ...

Grant Bishop: just formulating that approach is gonna be challenging for all organisations, and I don't envy the people who've got to make those decisions.

Jim Morrish: Absolutely. Absolutely not. And I think as we've both mentioned, it's not clear, so there is no path through it. It's a matter of balancing risks and feeling your way through it. It's gonna be a complex one, I'm sure. 

But with that, we should proceed to the main discussion about cellular connectivity for IoT. So we've touched on how IoT is more than just a supporting technology. It's becoming core to business processes, you know, in this evolving world we have. Um, yeah, that must change the impact of things like, you know, outages and security, incidents or failed software updates.

Grant Bishop: Yeah, absolutely. I've been in this industry for 25 years, sadly, and when I started, the way we used to work with IoT was very much more simplistic.[00:07:00] 

It was in the line of very outcome-based. We need to do this. We need a function. Let's get on and do it. Now the world's different. It's much more important. It's not just about efficiency and making sure something works. If we have an outage, it can impact revenue, safety, human lives could potentially be at stake, with autonomous vehicles if there are challenges there, and there's this regulatory exposure, and all of these can really damage branches. So IoT networks need to be looked at through a different set of eyes than they were potentially being looked at 20 years ago, and I just think of some of the OEMs and the customers we spoke to over the years, it's not just about when connectivity drops. It could be that the APIs to the CMP aren't working, stopping the production line. It could be that connectivity drops or impacts a software update, and if a software update breaks or fails, you could end up with a brick car, which is a huge level of disruption again for individuals.

So I think organisations need to now move away from best effort monitoring of IoT estates. They need to have continuous monitoring of their estates because [00:08:00] it's core infrastructure now and it creates critical business impact.

Jim Morrish: Absolutely, and, I mean, as you mentioned, it's not just about efficiency anymore. It's about these processes and things that are supported by IoT being much more critical and potential safety applications, and your point about APIs for a connectivity management platform is interesting because that's something very much outside the traditional enterprise domain-

Grant Bishop: Yeah

Jim Morrish: is now something that they need to worry about. But that's the enterprise perspective. Regulators seem to have taken much more of an interest lately as well. There's things like the Cyber Resilience Act in the EU and there's also the NIS2 regulations, and there's also, just around the world, there are growing demands for localisation and data sovereignty and just the geopolitical aspects as well.

So how are global IoT deployments being forced to rethink in this new environment?

Grant Bishop: Yeah. Well, as you mentioned, regulation is accelerating the trend. It's changing. It's only going one way from what I can see. More and more regulation in the last three years, [00:09:00] and even your story around China, it just shows that you cannot ignore regulation at all from an IoT perspective. You need more accountable. Um, the data sovereignty is a challenge. You need to be able to prove data sovereignty and you have local performance expectations now as well. So it's a challenging environment. Most businesses, they would love to use a roaming SIM, a standard roaming SIM globally if they're a multinational global department. That's not realistic. It's never been realistic in certain geographies and territories. As the technology change, there's even more visibility around this and requirement for that localisation could be for the technology, et cetera, et cetera. So it's a challenging model that these organisations now need to put in place 'cause at the moment they will have a fragmented solution that just by regulation, just by the need for localisation, there is that level of fragmentation across their estates. And how do you manage that estate? You need visibility. You need to orchestrate that. You, you cannot do it on a case-by-case base business across a global infrastructure.

So yes, the need is global. [00:10:00] Global platform, global orchestration that satisfies that localised need. And that global orchestration is now more than just orchestration of communication suppliers selling pipes. It's what's going on in those pipes that you need to, also have visibility and be able to control and monitor.

Jim Morrish: Yes. There's an interesting beginning of a full circle there, because back in the early days of IoT, one of the lines that was used to promote the benefits were, "If you can't monitor it, you can't manage it."

Grant Bishop: Yeah.

Jim Morrish: And we've now got to the situation where the IoT infrastructure itself is so complicated and diverse and fragmented that that needs monitoring in the-

Grant Bishop: Yeah ...

Jim Morrish: same kind of way. As you say, it's not just roaming solutions anymore. It's localisation and dealing with multiple networks and different specific technical situations on the ground.

So, as these IoT estates, as they scale across regions and device types as well, and different software diversions embedded in those device types, you know, the end-to-end visibility becomes critical. What kind of role do you see it playing in maintaining performance, security, and just [00:11:00] making sure the operations work?

Grant Bishop: It's everything, and it's back to the point you said, "If you can't see it, you can't monitor it, you can't manage it." That is the fundamental point. But if you think of these global complex networks that you've got in place, you need to understand the network. You need to understand what is normal in a network. So you need to monitor it, but you also need to understand the behavior of that network, and that's not just at the control plane level. You need to understand what's happening with the data within those networks to really understand what is normal because you've got such a big, big estate there. That's a critical change that we need to really see, and if you don't know that, you can't baseline.

So if you don't know what's normal, how can you support that network? So, you know, if you can have a, like they call in the industry, a single pane of glass, you've got that orchestration, you can cascade those security policies, you can segment that network into a way that's manageable, then this can help you to faster resolution times, you know, less incidents, and you can proactively manage the network rather than reactively react to events.

Jim Morrish: Right, so this [00:12:00] is the network and network intelligence becoming-

Grant Bishop: Yeah

Jim Morrish: part of the fabric of a solution rather than-

Grant Bishop: Yeah

Jim Morrish: simply a thing that connects those end devices.

So in my intro, I mentioned that OTA or over-the-air updates, were becoming, you know, increasingly critical and table stakes in the context- Yes of some regulations, in fact. So that's becoming much more critical. So what's the situation, how does enforcement and management of those OTA updates interact with that kind of network intelligence? Is there a case for driving that out of the network rather than from endpoint to endpoint, from clouds to device?

Grant Bishop: Well, I think the criticality of OTA updates is so high that you have to adopt a multilayered approach. You absolutely need to adopt a multilayered approach and cover this as, many points as possible that you can. If I look from a network perspective with OTAs, I can look at some of our customers and some of the challenges they've had. If you do not control the level of bandwidth that is used on the OTA, it can suck all the bandwidth on the pipe. And then what is the solution? Mm. Y- you get more [00:13:00] scale, you get more connections, you just increase the pipe. And we're getting into a situation where we get our OEMs, they increase the fleet, the pipe size, and they keep increasing it. But with an OTA, what generally happens is the more bandwidth you've got there, the more it will suck. So actually, it's one of those scenarios from a networking point of view, you can't just throw bandwidth at OTAs 'cause it will take the bandwidth. So it's almost like you have to do the complete opposite. You have to restrict the bandwidth to improve the performance with OTAs, and so features like rate limiting. they're now essential really if you're gonna want to effectively manage OTAs across a network, particularly like an IoT network, which, you know, there's a lots of points in an IoT net that, that aren't managed and monitored just with the nature of the end devices.

So yeah, you need to kind of be able to segment the network, you need to be able to run QOS, and you need to be able to rate limit, and these are all things that we're seeing have been driven in from our OEMs. And then there's the assurance of this, and there's regulation now where you need to prove that you've been able to assure and do these kind of things. So it's on twofold. One is the performance, and two, you've got to satisfy the regulation.

Jim Morrish: Yeah. So [00:14:00] you've described quite a lot of intelligence there in a network context. Clearly, some of that drives out some of the cost by reducing the bandwidth as

Grant Bishop: Yeah

Jim Morrish: the allocater for OTA. You'd assume that some of it would increase the cost just because of the sophistication of the overall solution. So what are the net impacts in terms of cost predictability and total cost of ownership of this, you know, putting some real smarts in the network?

Grant Bishop: Well, that's the thing, we're always talking about, if you can't see it, you can't secure it. The world is moving forward, so you need that level of visibility. If you've got that level of visibility across a fleet and you introduce the automation so your IoT network has a CMP, has a security capability with APIs that can be automated into security environments, into the potentially OEM environments for multiple functions, it gives you the ability to go from being reactive firefighting to proactive policy-driven operations, and this is where we see a lot of our customers wanting to go. They are talking about they wanna control OTAs, as we've just discussed. They want to introduce stronger security controls like zero [00:15:00] trust across the access to kind of make that network more efficient and make it more predictable. And once you can do that, you're gonna detect issues earlier, you're gonna reduce the number of issues because responses are gonna be automated and cost predictability is gonna improve. So if you look historically, what have you got? You've got legacy tools, you've got siloed systems, you've got friction here, there and everywhere. But we have the technology now within IoT to reduce these barriers. They're disappearing fast. So I think automation is gonna turn a lot of chaos into predictable costs, and it's definitely the future.

Jim Morrish: Yeah. It certainly feels like a significant evolutionary step away from where we started this conversation, simply connecting a device and getting information off that device-

Grant Bishop: Yeah

Jim Morrish: and then having some remote monitoring capability. This is a much more integrated proposition driven by the criticality applications and regulations. But what we're getting to is a much more proactively managed environment, really extending from device into cloud and through the network and managed in a much more intelligent way, I think.

Grant Bishop: Yeah. Agreed.

Jim Morrish: [00:16:00] Excellent. Thank you. That was a really interesting discussion. What we should do now is move on to the promised "What the Tech" section of this discussion, where we highlight some interesting and/or amazing stories. So Grant, what news story made you smile- Well- ... or frown recently?

Grant Bishop: And this kind of links to my serious news story earlier on. Um, it was on the BBC News this week. OpenAI tells ChatGPT models to stop talking about goblins, and I find this quite funny 'cause apparently there's an increase in the mention of goblins, gremlins in metaphors in ChatGPT, significantly up by 175% since November. And one of the explanations from OpenAI is that this has been part of the nerdy personality that's been introduced into ChatGPT. And I was talking earlier on about humanness with AI, and it seems that potentially they are trying to address this by putting nerdy personalities into the system. So, I suppose for me, I'd be really intrigued to understand, after I spend, I don't know, a week or so on ChatGPT, what personality it derives that [00:17:00] I have. Will I fit into the mentioning of goblins in metaphors, or will it be something different? So I just thought that was quite interesting.

Jim Morrish: Yeah, absolutely. It does make you wonder what other kinds of bias that might be there in the models that are potentially not quite so obvious as a preponderance of goblins. Although, this does seem to be a bias in the presentation layer rather than the underlying analysis, or at least I'd hope that that's the case.

The interesting story that I came across actually, it circles back to some of the comments you made earlier, Grant, around, you know, your kids and how they would interface the world and what jobs would be left in decades to come.

And I'm gonna take us back to China, because it seems that a Chinese court has made it illegal to replace human workers with AI, and what I found particularly entertaining about this story is that the case in question involves a worker who had in fact been hired to check the outputs of AI models and to filter them and remove illegal or privacy-violating content, and it seems that what happened is the models got better, so his job wasn't needed anymore. [00:18:00] So he had no job to do. But the court decided that using AI to perform a worker's job does not automatically justify terminating that contract, and that's become an established principle in case law now.

You know, It's one approach, but it's illustrative of the problem that you highlighted earlier, Grant, and a problem that many governments and many others are struggling with right now. You know, how do you deal with the impact that AI is going to have on economies as a whole? How do you retrain the folks who get displaced? How do you collect tax from them, and how do you stop-

Grant Bishop: Yeah

Jim Morrish: paying them benefits because they're not working? So it's a really critical thing to solve, and there's a range of remedies that are being approached, ranging from retraining employees to a universal basic income, and now seemingly bans on terminating employees.

But it doesn't seem like the world or the community or the tech community or the governments around the world have really coalesced around some kind of agreed approach. Did you spot that as something that's-

Grant Bishop: Well I spotted it. I think it's an inevitable... as technology evolves, it's an [00:19:00] inevitability, you know. You go back 100 years, how many people would've worked in telephone exchanges just pointing and pulling the things? It's inevitability. My bigger concern is AI shouldn't be designed to replace jobs, it should be used to improve humanity. Yes. And we need to make sure organisations focus their AI strategy not just on simplistic economics and efficiencies. So, um- Yes ... um, it's a challenge.

Jim Morrish: I definitely agree that using AI to enhance an employee's capabilities is the way to go. But, you know, when there's a boss sitting there and saying, "You gotta have this done by the end of this day," you know, the temptation is-

Grant Bishop: Yeah,

Jim Morrish: is to move fast. So it's a challenge.

Grant, it's been an extremely interesting discussion. Thank you for joining us.

Grant Bishop: You're welcome.

Jim Morrish: Fantastic, and with that, I think we should draw this episode of this podcast to a close, and just a reminder that you can subscribe to the 'Trending Tech' Podcast wherever you found us today, and indeed, thank you for joining us. We're delighted to have you listening in as part of our growing audience, and we'll be back with another edition of the 'Trending Tech' Podcast soon, [00:20:00] focusing on another aspect of digital transformation. So, thanks again for joining, and goodbye for now.