A while ago Ubisecure participated in a workshop of an IoT and Industrial Internet related research project. Now that I’ve had some time to reflect on the session, I’d like to share some of my personal take-aways from the session.

First a short intro to the project

The name of the project is ‘New Business from Cross-Enterprise Data’, abbreviated as NBxED, and is a joint-effort of the Aalto University in Finland together with industry, with many global leaders of the manufacturing industry in their respective fields involved. Ubisecure is one of the sponsors of the project.

The project studies what new concepts for improving operations in the manufacturing industry there could be, if there would be mechanisms to interact using data from more or “all” sources in an industrial process.

NBxED takes a kind of industrial Big Data and IoT look at the use cases that involve huge amounts of measurement data from sensors and monitoring — and combining the data from a number of or “all” stakeholders involved. The different stakeholders can be the company owning or operating the industrial production plant in question and companies that have designed, manufactured and delivered equipment or production facilities to the plant, etc.

Back to those reflections from that NBxED workshop

What comes to mind is, first of all, the importance of already initially having some infrastructure-like capabilities supporting the cross-enterprise interaction readily in place in the companies that are to be involved in such interactions following the principles of Industrial Internet.

IAM in place is a must

As I have my IAM hat tightly fixed to my head, it must be no surprise that I first claim that it is important that the company has at least some elementary IAM in place as a base for the interactions that the organization will inevitably face in the digital era of Industrial Internet.

Not having IAM will otherwise be either a serious and very concrete blocker or at least a source for delays and prolonged processes when having to fall back to manual paper-based tedious processes. The deployed IAM solution should be able and ready to serve and deliver when the individuals possessing various roles in the organization interact with their various counterparts in other organizations.

IAM extended to technical parts and use-cases

Further, if the company is to really interact on broader and much deeper scale particularly in Industrial Internet, it should extend its IAM capabilities to cover also more technical elements and use cases. For instance, Industrial Internet typically involves using data and information residing behind APIs and perhaps provided by sensors and monitoring of processes and then from that providing relevant data based on structured API calls. As an implication of that, those APIs should be within the scope of an IAM setup serving that Industrial Internet business properly.

More than that, the IAM services should provide the capability to also control the usage based on role-based and attributes-based access of the APIs.

Further, it should be taken into account that the usage will also be involving  external users, such as partners and customers in cross-organizational use cases such as the ones that NBxED studies.

Managed-IoT and Managed-IAM

Going even further in the evolution, basically “any” device and equipment which is relevant in the Industrial Internet interactions, with also external partners involved in operations and in the value-chains of the business, should preferably be behind some kind of well managed-IoT and well managed-IAM. That would help in reducing the hassle that otherwise come from of a multitude of separate and diverse devices in the interaction.

“On behalf of” type mandates

If the IAM setup serving Industrial Internet is then finally capable also to serve more advanced IAM use cases such as “on behalf of” and delegation type mandates and entitlements, then the organization is fairly well set for the digital era that is already emerging in a fairly tangible way. That is, where Internet is present and a natural element in the very daily and even basic work of engineers in industry and manufacturing.

Some more specific reflections

Another observation that I made when hearing the comments in that NBxED workshop, was that it would also seem beneficial and important if there would be a possibility to scope the entitlements more tightly than just on the very general level. Otherwise, if someone coming from an external partner organization must get a very wide (read: too wide) access to the data in order to complete whatever task or analysis, then also the administrative process will take much longer and be much more complicated. What if instead the entitlements could be handled and provided more to the point with a tighter scope and as-needed?

Otherwise, the demand to have “everything” in a kind of all-covering entitlement to “all data” will result in many hours spent in legal what-if considerations and a prolonged process.

Those where some of the reflections that came to mind in the workshop when enjoying the inspiring discussions at the Aalto campus with the researchers, the CDOs and the Business Development and Technical Directors of industry, that are involved in this marvelous research project.