IoT represents a significant opportunity to enterprises as they go through digital transformation. IoT has been making waves in industries from manufacturing to consumer electronics and, with a proliferation of connected devices and more intelligence at the edge, inevitably we are learning about the opportunities it creates and the lengths that we must go through to provide for a trusted experience…

Given the nature of IoT and devices being always on and always connected, they offer another pathway for cyber criminals to gain access to private information and data. While businesses are eager to take advantage of the efficiencies and gains promised by IoT, they must also implement the security that will protect their assets and investments.

Rising to the Challenge

In the latest episode of the Microsoft Partner Network podcast, I discuss security not only as a concern for enterprises but also as a differentiator for partners.

There is an industry-wide underestimation of the critical need for high-level security on every connected scenario from device to cloud. Whether you are dealing with a smart fridge or an industrial-scale process automation device, companies need to address the risk of vulnerable endpoints and how those end points collect and share information in the cloud. There is an enormous opportunity for partners to monetize IoT within the “as a service” business model, but first, we need to win the trust of consumers and enterprise customers alike by securing the intelligent edge.

Four Questions to Ask

To address those challenges around building a more secure IoT, I recommend enterprises and partners approach the problem by asking the following four questions:

  1. Is there a secure OS that is constantly updating?
  2. Is there a way to provision devices already inside an IoT environment to make them secure?
  3. Do you have the right cloud security tools that can scan across all devices?
  4. Do you have a robust and secure management system that is updating devices on a regular basis?

I also recommend that enterprises and partners alike get started with IoT by focusing on the problem they are trying to solve. For partners, this is often starting from a position of strength – some vertical expertise, some technical or dev capability.

Listen in to Learn More

To hear more about how you can build a better, more secure IoT implementation and leverage security services within the IoT opportunity, listen to the latest episode of the Microsoft Partner Network podcast. Also, check out the latest on device security by reading Seven Properties of Highly Secure Devices.

Subscribe to the podcast for weekly downloads of our conversations with industry experts and thought leaders on the cutting edge of business and technology. Past episodes are available for download on iTunesSoundCloudiHeartRadioGoogle Play Music, and YouTube. Remember to leave us a review if you like what you hear!


Rachel Braunstein: Welcome to the Microsoft Partner Network Podcast. Every week, we bring in industry leaders and Microsoft partners to talk about the big ideas shaping business and technology today.

In today’s episode, we’re talking with Rodney Clark, Vice President of Worldwide IoT Device Experience, about the latest trends in the world of IoT and how partners can better prepare for doing business in a more connected world. Welcome, Rodney, very happy to have you in the studio today.

Rodney Clark: So great to be here.

Braunstein: You’ve been at Microsoft some time. I think we’re looking at about 19 plus years or so. You’ve made your rounds in all sorts of areas, the company. Tell us a little bit about you.

Clark: Yeah. Thank you again for having me. What an incredible journey it’s been over 19 years and so fortunate to be at Microsoft and so fortunate to be in this space of IoT. I’ve had several roles within the company; I won’t go through all of them because we don’t have that much time. But I’ve taken a tour of duty through the company. And roughly three and a half, four years ago saw an opportunity and really a need in the industry around shaping the Internet of Things. The business is built on our traditional Windows embedded business and it’s been so fun and so great to work with our partner ecosystem in evolving this notion of device to cloud.

Braunstein: That’s awesome. So, what are some trends that you’re seeing in IoT right now?

Clark: Yeah, IoT is interesting. When I think about trends, I always try and personalize it. You know, back to the what I do at Microsoft and kind of what drives me. You know, one of the trends is just from a personal perspective. There’s more and more data and information available and to a gadget geek who centers around device and the experiences that devices create, the data and the information I personalize. Things like, you know, my cycling experience. Every weekend I have more information coming from computers and sensors and things from my bike. I can go and in my own personal cloud, really understand how I performed that day relative to my last ride or relative to my friends who may be on the same route. You know, that’s a trend from a consumer standpoint. The fact that we have these devices that are just common stance that we now can extract data and information from. From an industry perspective, there are so many trends shaping IoT from things like cashless pay or digital pay and the fact that in some countries, paying in cashless transaction is actually more popular than withdrawing money from an ATM. Branch transformation connected to that is another trend. Financial services companies finding different ways to manage all aspects of financial for their consumers. Connected cars, right? We hear about connected cars and autonomous cars and this notion of autonomous cars generating over 100 gigabytes of data per second. You know, that’s a massive trend in IoT. Wearables—I talked about my own experiences in devices but wearables and the impact that they have on things like healthcare. The impact that technology and the trends that technology play in farming and agriculture. So, when we talk about IoT and the trends, there are so many that are personal and unique to home. There are so many that are personal and unique to businesses. And it creates this incredible opportunity to work with a partner ecosystem around harnessing the collective to address these opportunities.

Braunstein: Yeah, because it seems like with IoT, you can’t really do it yourself, right? I mean there’s too many pieces of the puzzle.

Clark: There really is. And when we think about that, this notion of IoT is really a value chain. It starts from device. By the way, device is my jump in point. We’ll talk more about that in just a minute. But this value chain starts at device. It goes to the application. It goes all the way to the data and analytic platform. And really, I think about it and I like to tease it out from how did customers get started and differentiate that from how do partners get started. Sometimes it’s the same jump in point but when you think about the customer, it’s really a company trying to solve a problem. How do I drive better efficiency? How do I leverage the assets that we have to make us smarter? To help us monetize in ways that we haven’t before? There are examples like farming that I mentioned and sensors to help farmers understand where to actually plant crops. If that’s their position of strength, they have to yield more crops than anybody. Then IoT, potentially in the data that they leverage, is a great starting point for that. Medical manufacturing companies who for years have provided chemical combinations to produce medicines and when they mix those they have to be concerned about waste. A starting point for a customer in the medical field, in this case, manufacturing of medications, could be they want to eliminate waste which translates into one more pill or one more vial of medicine so that they can save another life. And so the starting point is really unique to each and every customer but really around what are they trying to drive or what problem are they trying to solve.

Braunstein: And what about for the partner? What’s their kind of perspective in all this?

Clark: Yeah. You know, many of our partners are also enterprises and so for many, the jump in point is very similar to that of customers. Partners have a unique opportunity because they can get started but they also have a set of assets that are software platforms that enterprises use and leverage. You know, combinations of software platforms and hardware and things that they can put in op together as solutions in terms of where they get started. You know, if you’re in agriculture, you’re not going to want to go and get started in financial services and so chances are you should actually look at how do I create these repeatable platforms based on the assets that I already have. And I think about—there’s several examples that come to mind. We had a OEM who builds weighing machines for food and meat slicers. For years, they were building these devices, selling them to small butchers and small restaurants. They had a Win32 application that was in essence guidance on food safety. How long to keep meats out before they go bad. What temperature your butter should be at as your mixing things.

Braunstein: Always been curious about that.

Clark: By the way, so have I. And oddly enough, this company was curious enough about it to develop a software platform around it. And so, where they used to sell meat slicers and scales to measure and weigh meat, today they’re actually food safety as a service. And so that was their starting point. And many of our partners have similar opportunities if they dig deep and really understand how they can create these repeatable solutions.

Braunstein: Yeah, that’s a great example. Do you know what the temperatures are?

Clark: I do. But you know what? They are different for each meat but the butter thing, we’re gonna figure that one out together.

Braunstein: Okay. Perfect. So, we had Tom O’Reilly in the studio several weeks ago. So, your team is focusing on really building out solutions based on the device. Can you tell me a little bit more about securing the intelligent edge?

Clark: Yeah, I mean, the interesting thing about the device—and it is my lead in because I work with primarily a set of device manufacturers who also happen to build additional capability which could be software platforms or software as a service extension—the device itself is the foundation of IoT. It is the thing in the Internet of Things. Oftentimes when we take IoT from a company perspective, we forget that even an IoT scenario in a large company perspective, there’s a process whereby in order to extract the most optimum data sets and information, you actually have to touch and provision each and every one of the devices that’s already in that environment. And so, even an IoT implementation where you come at it from an IT perspective or a line of business problem and solving there, you still have to touch the device. When I think about the device and I mentioned a point of sale reference and an ATM and a financial service reference earlier, there is a need for us to really focus on secure connectivity. And the industry in general underestimates the needs to provide the highest level of security in connected scenarios. This spans from a child’s toy all the way to the most robust manufacturing scenario. That device and the role that it plays in the IoT value chain is critical, having a secure end point is also extremely critical in that. So, I try and advise our partners that that is the starting point. And we should have a conversation around the steps they’re taking to ensure the security of that device.

Braunstein: What are some steps that you can take to secure the intelligent edge?

Clark: Yeah. So, in the process of really looking through a secure scenario, very few companies address it. I talk about how important it is but very few companies address it. When we think about this notion of as a service model, we have to have an answer and this is a plea to the partner community as well as a call to action. To that end, because there’s not a lot of focus on it, Microsoft has published what we call the seven properties of a highly secure and connected device. It’s not quite like the seven habits of highly effective people but it’s just as significant. In my world of IoT that’s my Stephen Covey, right? It’s like the seven properties of a highly secure and connected device. And I’ll walk through them really briefly and then maybe we talk about like other aspects of security. I’ll let you ask the questions. I’m just going to give some responses and answers. But no, I mean, it starts with this notion of a hardware-based root of trust and that’s really around does a device have unique and unforgeable identity that’s inseparable from the hardware. Now, there’s a lot to unpack there. People who build devices and who build as a service solutions will understand the importance of that hardware-based root of trust. There’s also this small trusted computer base. And in most devices, this is software outside of the device’s trusted computer base. And that’s important as well. Defense in depth and this is really is the device protected if the security of one layer of the software is compromised. And how deep is the level of security? There’s compartmentalization—if one component fails, is it specific to that particular segment of the hardware and are the other aspects of the hardware protected? It’s certificate-based authenticity which we do and that’s a big part of the Windows experience today. It’s renewable security and it’s also failure reporting. And so, if you think about again the edge and how important it is in the overall IoT value chain and implementation, these are things that partners should look at and say, and ask first, do we have elements of these seven things? And then our P to P relationships—to what extent are we partnering with people who also place value in security? And specifically from a hardware perspective these seven trusted things.

Braunstein: Those are fantastic. Hope you all are listening.

Clark: I do, too. Is anyone there? Hello?

Braunstein: So, this is kind of the perfect time that we’re coming to this podcast with some of the crazy security issues and threats with WannaCry that happened that impacted the entire world and are still impacting. How should partners manage situations like this because it’s not going to stop?

Clark: It’s not going to stop. And WannaCry is unfortunate, but it is an example of a ransomware attack. And it’s a reminder of many things. In fact, I should point out that Brad Smith wrote a very thorough response on this blog which detailed Microsoft’s position. And more importantly, he also called for government to publish vulnerabilities for the sake of public good. And I think that’s awesome. So, anyone listening to this should go out and check our blog site and really look for Brad’s remarks there. But what WannaCry proved is that a breach is inevitable. It’s not a matter of if but when. And in all situations and in IoT specifically, customers and partners need to make sure that they have a comprehensive solution that addresses breaches at all levels. Not just at device but at all levels. And so, there’s kind of four things that I think about with respect to this. Is there a secure operating system? Again, we’re talking IoT from end to end. Is there this notion of a secure operating system that is constantly updating? Leveraging tools like advanced threat protection and Windows is just a really good way to keep these devices updated. Is there a way to provision the devices that are already inside of IT environments so that they are also secure? That can come in the form of updates through that secure operating system or through some IT protocols which goes and provisions those devices to make them more secure. The third one is is there the right cloud security tools that can scan across all devices? This is regardless of the operating system. This is Linux. This is Windows. And this is leveraging services like Azure that can go out and provide the necessary security tools to ensure that we scan all those devices and that all of them are updated. The last is really connected to the third one which is a robust and secure device management solution that’s updating these devices on a regular basis, either directly as a function of the operating system or some other cloud service. The net is that all partners should be incorporating all aspects of security as they look at building IoT solutions. It’s really—once you get beyond solving business needs for the customer, security is usually the number one objection that comes up. Hey, I’m trusting Microsoft or whomever it may be to protect this data and information in the cloud. This is now an asset to the company because it’s helping them drive more efficient operations. We need to think about this and help our ecosystem think about this from device all the way through to cloud.

Braunstein: Yeah. You just made me think about GDPR as just an example of the kinds of—some mechanism that governments are trying to control what’s going on—what is the data regulation policy? And the EU that will take effect in May of 2018. We have a lot of information about that, partners, but security is no joke and at some point will be affecting revenues.

Clark: Yeah, it will, and it affects revenues on both sides. You start thinking about a breach and dollars lost, efficiency lost, productivity lost. And then you start thinking about it as a differentiator in your solutions that you’re building and the amount of money that that’s worth to a company who values a secure and connected solution. And so, as we think about, again, end to end IoT and I think about this where I started which is the device, to the AppDev platform to the analytics and these high value workloads, having a common thread of security all the way through is key. By the way, no partner will do this alone. This is where it takes not only in the spirit of security but it takes tens if not twenties of partners to work together across this IoT value chain to land a comprehensive implementation, deployment, consumption, whatever the metric is for your organization in an enterprise. And so, the one thing I’d encourage partners to do beyond what we’ve already talked about is to reach out to those partners who also place high value in secure connectivity and secure platform and software as a service development.

Braunstein: If you had one final message what partners can do today, you kind of alluded to it, but what would you say tomorrow if they’ve got to go start doing something?

Clark: Yeah, I mean, this is an exciting space. The numbers are huge and massive. The billions of devices, the trillions of dollars available; it’s all real. It sometimes gets in the way of some basics. The thing about IoT is its long lead and as much as we hate to admit it, this notion of pilots and POCs is real in this space. You have to prove to an organization that you’re going to help them drive efficiencies, shift and change business models, make more money. And the partners have to be invested in that and these can be 12 to 18 month, sometimes 24 month cycles before we start seeing true revenue flow from these. And so, in parting words, it’s like hang in there, partners. There are no shortcuts. You have to get in and you have to win that first POC. You have to engage in that first pilot. Then—and here’s the piece—what you want to do is build repeatable solutions and so every time you go and build a solution which is highly customized for the next partner, you are leveraging 80% of your IP. That financial services partner that I talked about that’s in ATMs and leverages this old server-based solution that they’ve poured into cloud and they’re going and selling that to Wells Fargo and they land Wells Fargo, when they build that cloud solution that actually manages data and device telemetry from the ATMs and they sell that to Wells Fargo, when they go and sell that to UBC, they want to be able to leverage 80% of that IP so that the next implementation only takes nine months. And that’s the key. IoT—massive opportunity and partners who are building these repeatable, scalable solutions will win the day.

Braunstein: That’s super helpful, Rodney. Thank you so much for coming in today. We appreciate it.

Clark: Thank you for having me. Really, really appreciate the time.

Braunstein: Thanks for listening today. Don’t forget to subscribe on iTunes and please rate and review if you like what you hear. Also, follow us at MS Partner on Twitter and Facebook. Tune in next week for more great insights from business leaders and innovators shaping the tech industry today.