• Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6m this year.
• 38% of enterprises have company-wide IoT deployments in production today.
• 84% of enterprises expect to complete their IoT implementations within two years.
• 82% of enterprises share information from their IoT solutions with employees more than once a day; 67% are sharing data in real-time or near real-time.

These and many other fascinating insights are from Zebra Technologies’ second annual Intelligent Enterprise Index (PDF, 25 pp., no opt-in). The index is based on the list of criteria created during the 2016 Strategic Innovation Symposium: The Intelligent Enterprise hosted by the Technology and Entrepreneurship Center at Harvard (TECH) in 2016. An Intelligent Enterprise is one that leverages ties between the physical and digital worlds to enhance visibility and mobilise actionable insights that create better customer experiences, drive operational efficiencies or enable new business models, “ according to Tom Bianculli, Vice President, Technology, Zebra Technologies.

The metrics comprising the index are designed to interpret where companies are on their journeys to becoming Intelligent Enterprises. The following are the 11 metrics that are combined to create the Index: IoT Vision, Business Engagement, Technology Solution Partner, Adoption Plan, Change Management Plan, Point of use Application, Security & Standards, Lifetime Plan, Architecture/Infrastructure, Data Plan and Intelligent Analysis. An online survey of 918 IT decision makers from global enterprises competing in healthcare, manufacturing, retail and transportation and logistics industries was completed in August 2018. IT decision makers from nine countries were interviewed, including the U.S., U.K./Great Britain, France, Germany, Mexico, Brazil, China, India, and Australia/New Zealand. Please see pages 24 and 25 for additional details regarding the methodology.

Key insights gained from the Intelligent Enterprise Index include the following:

86% of enterprises expect to increase their spending on IoT in 2019 and beyond

Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6M this year. Nearly half of enterprises globally (49%) interviewed are aggressively pursuing IoT investments with the goal of digitally transforming their business models this decade. 38% of enterprises have company-wide IoT deployments today, and 55% have an IoT vision and are currently executing their IoT plans.

49% of enterprises are on the path to becoming an Intelligent Enterprise, scoring between 50 to 75 points on the index

The percent of enterprises scoring 75 or higher on the Intelligent Enterprise Index gained the greatest of all categories in the last 12 months, increasing from 5% to 11% of all respondents. The majority of enterprises are improving how well they scale the integration of their physical and digital worlds to enhance visibility and mobilise actionable insights. The more real-time the integration unifying the physical and digital worlds of their business models, the better the customer experiences and operational efficiencies attained.

The majority of enterprises (82%) share information from their IoT solutions with employees more than once a day, and 67% are sharing data in real-time or near real-time

43% of enterprises say information from their IoT solutions is shared with employees in real-time, up 38% from last year’s index. 76% of survey respondents are from retailing, manufacturing, and transportation & logistics. Gaining greater accuracy of reporting across supplier networks, improving product quality visibility and more real-time data from distribution channels are the growth catalysts companies competing in retail, manufacturing, and transportation & logistics need to grow. These findings reflect how enterprises are using real-time data monitoring to drive quicker, more accurate decisions and be more discerning in which strategies they choose. Please click on the graphic to expand to view specifics.

Enterprises continue to place a high priority on IoT network security and standards with real-time monitoring becoming the norm

58% of enterprises are monitoring their IoT networks constantly, up from 49%, and a record number of enterprises (69%) have a pre-emptive, proactive approach to IT security and network management. It’s time enterprises consider every identity a new security perimeter, including IoT sensors, smart, connected products, and the on-premise and cloud networks supporting them. Enterprises need to pursue a “never trust, always verify, enforce least privilege” approach and are turning to Zero Trust Privilege (ZTP) to solve this challenge today. ZTP grants least privilege access based on verifying who is requesting access, the context of their request, and ascertaining the risk of the access environment. Designed to secure infrastructure, DevOps, cloud, containers, Big Data, and scale to protect a wide spectrum of use cases, ZTP is replacing legacy approaches to Privileged Access Management by minimising attack surfaces, improving audit and compliance visibility, and reducing risk, complexity, and costs for enterprises. Leaders in this field include Centrify for Privileged Access Management, Idaptive, (a new company soon to be spun out from Centrify) for Next-Gen Access, as well as Cisco, F5 and Palo Alto Networks in networking.

Analytics and security dominate enterprise’ IoT management plans this year

66% of enterprises are prioritising analytics as their highest IoT data management priority this year, and 63% an actively investing in IoT security. The majority are replacing legacy approaches to Privilege Access Management (PAM) with ZTP.  Enterprises competing in healthcare and financial services are leading ZTS’ adoption today, in addition to government agencies globally. Enterprises investing in Lifecycle management solutions increased 11% between 2017 and 2018. Please click on the graphic to expand to view specifics.

Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

• The U.S. B2B eCommerce market is predicted to be worth $1.2T by 2022 according to Forrester.
• 75% of marketing executives say that reaching customers where they prefer to buy is the leading benefit a company gains from selling through an e-commerce marketplace according to Statista.
• 67% strongly agree to the importance of B2B e-commerce being critical to their business’s advantages and results in their industry.

Digital marketplaces are flourishing today thanks to the advances made in artificial intelligence (AI), machine learning, real-time personalisation and the scale and speed of the latest generation of cloud platforms including the Google Cloud Platform. Today’s digital marketplaces are capitalising on these technologies to create trusted, virtual trading platforms and environments buyers and sellers rely on for a wide variety of tasks every day.

Differentiated from B2B exchanges and communities from the 90s that often had high transaction costs, proprietary messaging protocols, and limited functionality, today’s marketplaces are proving that secure, trusted scalability is achievable on standard cloud platforms. Kahuna recently partnered with Brian Solis of The Altimeter Group to produce a fascinating research study, The State (and Future) of Digital Marketplaces. The report is downloadable here (PDF, 14 pp., opt-in). A summary of the results is presented below.

Kahuna digitally transforms marketplaces with personalisation

The essence of any successful digital transformation strategy is personalisation, and to the extent, any organisation can redefine every system, process, and product to that goal is the extent to which they’ll grow. Digital marketplaces are giving long-established business and startups a platform to accelerate their digital transformation efforts by delivering personalisation at scale.

Kahuna’s approach to solving personalisation at scale across buyers and sellers while creating trust in every transaction reflects the future of digital marketplaces. They’ve been able to successfully integrate AI, machine learning, advanced query techniques and a cloud platform that scales dynamically to handle unplanned 5x global traffic spikes. Kahuna built its marketplace platform on Google App Engine, Google BigQuery, and other Google Cloud Platform (GCP).

Kahuna’s architecture on GCP has been able to scale and onboard 80+ million users a day without any DevOps support, a feat not possible with the exchange and community platforms of the 90s. By integrating their machine learning algorithms designed to enhance their customers’ ability to personalise marketing messages with Google machine learning APIs to drive TensorFlow, Kahuna has been able to deliver fast response times to customers’ inquiries. Their latest product,  Kahuna Subject Line Optimisation, analyses the billions of emails their customers use to communicate with customers to see what has and hasn’t worked in the past.  Marketplace customers will receive real-time recommendations as they are in the email editor composing an email subject line. Kahuna scores the likely success of the subject lines in appealing to target audiences so that marketers can make adjustments on the fly.

The state (and future) of digital marketplaces

Digital marketplaces are rapidly transforming from transaction engines to platforms that deliver unique, memorable and trusted personal experiences.

Anyone who has ever used OpenTable to get a last-minute reservation with friends at popular, crowded restaurant has seen the power of digitally enabled marketplace experiences in action. Brian Solis noted futurist, author, and analyst with The Altimeter Group recent report,  The State (and Future) of Digital Marketplaces is based on 100 interviews with North American marketing executives across eight market segments.

Key insights and lessons learned from the study include the following:

Altimeter found that 67% of marketplaces are generating more than $50m annually and 32% are generating more than $100m annually with the majority of marketplaces reporting a Gross Merchandise Volume (GMV) of between $500m to $999m

When the size of participating companies is taken into account, it’s clear digital marketplaces are one form of new digital business models larger organisations are adopting, piloting and beginning to standardise on. It can be inferred from the data that fast-growing, forward-thinking smaller organisations are looking to digital marketplaces to help augment their business models. Gross merchandise volume (GMV) is the total value of merchandise sold to customers through a marketplace.

59% of marketing executives say new product/service launches are their most important marketplace objective for 2019

As marketplaces provide an opportunity to create an entirely new business model, marketing executives are focused on how to get first product launches delivering revenue fast. Revenue growth (55%), customer acquisition (54%) and margin improvement (46%) follow in priority, all consistent with an organisations’ strategy of relying on digital marketplaces as new business models.

Competitive differentiation, buyer retention, buyer acquisition, and social media engagement and the four most common customer-facing challenges marketplaces face today

39% of marketing execs say that differentiating from competitors is the greatest challenge, followed by buyer retention (32%), buyer acquisition (29%) and effective social media campaigns (29%) Further validation that today’s digital marketplaces are enabling greater digital transformation through personalisation is found in just 22% of respondents said customer experience is a challenge.

Marketplaces need to scale and provide a broader base of services that enable “growth as a service” to keep sellers engaged

Marketplaces need to continually be providing new services and adding value to buyers and sellers, fueling growth-as-a-service. The three main reasons sellers leave a marketplace are insufficient competitive differentiation (46%), insufficient sales (33%) and marketplace service fees (31%). Additionally, sellers claim that marketing costs (28%) and the lack of buyers (26%) are critical business issues.

Lack of sellers who meet their needs (53%) is the single biggest reason buyers leave marketplaces

Buyers also abandon marketplaces due to logistical challenges including shipping costs and fees added by sellers (49%) and large geographic distances between buyers and sellers (39%). These findings underscore why marketplaces need to be very adept at creating and launching new value-added services and experiences that keep buyers active and loyal. Equally important is a robust roadmap of seller services that continually enables greater sales effectiveness and revenue potential.

According to recent research by Gartner,

• Marketing analytics continues to be hot for marketing leaders, who now see it as a key business requirement and a source of competitive differentiation
• Artificial intelligence (AI) and predictive technologies are of high interest across all four CRM functional areas, and mobile remains in the top 10 in marketing, sales and customer service.
• It’s in customer service where AI is receiving the highest investments in real use cases rather than proofs of concept (POCs) and experimentation.
• Sales and customer service are the functional areas where machine learning and deep neural network (DNN) technology is advancing rapidly.

These and many other fascinating insights are from Gartner’s What’s Hot in CRM Applications in 2018 by Ed Thompson, Adam Sarner, Tad Travis, Guneet Bharaj, Sandy Shen and Olive Huang, published on August 14, 2018. Gartner clients can access the study here  (10 pp., PDF, client access required).

Gartner continually tracks and analyses the areas their clients have the most interest in and relies on that data to complete their yearly analysis of CRM’s hottest areas. Inquiry topics initiated by clients are an excellent leading indicator of relative interest and potential demand for specific technology solutions. Gartner organises CRM technologies into the four category areas of marketing, sales, customer service, and digital commerce.

The following graphic from the report illustrates the top CRM applications priorities in marketing, sales, customer service, and digital commerce.

Key insights from the study include the following:

Marketing analytics continues to be hot for marketing leaders, who now see it as a key business requirement and a source of competitive differentiation

In my opinion and based on discussions with CMOs, interest in marketing analytics is soaring as they are all looking to quantify their team’s contribution to lead generation, pipeline growth, and revenue. I see analytics- and data-driven clarity as the new normal. I believe that knowing how to quantify marketing contributions and performance requires CMOs and their teams to stay on top of the latest marketing, mobile marketing, and predictive customer analytics apps and technologies constantly. The metrics marketers choose today define who they will be tomorrow and in the future.

Artificial intelligence (AI) and predictive technologies are of high interest across all four CRM functional areas, and mobile remains in the top 10 in marketing, sales and customer service

It’s been my experience that AI and machine learning are revolutionising selling by guiding sales cycles, optimising pricing and enabling CPQ to define and deliver smart, connected products. I’m also seeing CMOs and their teams gain value from Salesforce Einstein and comparable intelligent agents that exemplify the future of AI-enabled selling.

CMOs are saying that Einstein can scale across every phase of customer relationships. Based on my previous consulting in CPQ and pricing, it’s good to see decades-old core technologies underlying Price Optimisation and Management are getting a much-needed refresh with state-of-the-art AI and machine learning algorithms, which is one of the factors driving their popularity today.

Using Salesforce Einstein and comparable AI-powered apps I see sales teams get real-time guidance on the most profitable products to sell, the optimal price to charge, and which deal terms have the highest probability of closing deals. And across manufacturers on a global scale sales teams are now taking a strategic view of Configure, Price, Quote (CPQ) as encompassing integration to ERP, CRM, PLM, CAD and price optimisation systems. I’ve seen global manufacturers take a strategic view of integration and grow far faster than competitors.

In my opinion, CPQ is one of the core technologies forward-thinking manufacturers are relying on to launch their next generation of smart, connected products.

It’s in customer service where AI is receiving the highest investments in real use cases rather than proofs of concept (POCs) and experimentation

It’s fascinating to visit with CMOs and see the pilots and full production implementations of AI being used to streamline customer service. One CMO remarked how effective AI is at providing greater contextual intelligence and suggested recommendations to customers based on their previous buying and services histories.

It’s interesting to watch how CMOs are attempting to integrate AI and its associated technologies including ChatBots to their contribution to Net Promoter Scores (NPS). Every senior management team running a marketing organisation today has strong opinions on NPS. They all agree that greater insights gained from predictive analytics and AI will help to clarify the true value of NPS as it relates to Customer Lifetime Value (CLV) and other key metrics of customer profitability.

Sales and customer service are the functional areas where machine learning and deep neural network (DNN) technology is advancing rapidly

It’s my observation that machine learning’s potential to revolutionize sales is still nascent with many high-growth use cases completely unexplored. In speaking with the vice president of sales for a medical products manufacturer recently, she said her biggest challenge is hiring sales representatives who will have longer than a 19-month tenure with the company, which is their average today.  Imagine, she said, knowing the ideal attributes and strengths of their top performers and using machine learning and AI to find the best possible new sales hires. She and I discussed the spectrum of companies taking on this challenge, with Eightfold being one of the leaders in applying AI and machine learning to talent management challenges.

Source: Gartner by Ed Thompson, Adam Sarner, Tad Travis, Guneet Bharaj,  Sandy Shen and Olive Huang, published on August 14, 2018.

• Sales, marketing and operations are most active early adopters of IoT today.
• Early adopters most often initiate pilots to drive revenue and gain operational efficiencies faster than anticipated.
• 32% of enterprises are investing in IoT, and 48% are planning to in 2019.
• IoT early adopters lead their industries in advanced and predictive analytics adoption.

These and many other fascinating insights are from Dresner Advisory Services’ latest report,  2018 IoT Intelligence® Market Study, in its 4th year of publication. The study concentrates on end-user interest in and demand for business intelligence in IoT. The study also examines key related technologies such as location intelligence, end-user data preparation, cloud computing, advanced and predictive analytics, and big data analytics.

“While the market is still in an early stage, we believe that IoT Intelligence, the means to understand and leverage IoT data, will continue to expand as organisations mature in their collection and leverage of sensor level data,” said Howard Dresner, founder, and chief research officer at Dresner Advisory Services. 70% of respondents work at North American organisations (including the United States, Canada, and Puerto Rico). EMEA accounts for about 20%, and the remainder is distributed across Asia-Pacific and Latin America. Please see pages 11, 15 through 18 of the study for specifics regarding the methodology and respondent demographics.

Key insights gained from the study include the following:

Sales, marketing and operations are most active early adopters of IoT today

Looking to capitalise on IoT’s potential to gain real-time customer feedback on products’ and services’ performance, Sales and marketing lead all departments in their prioritising IoT’s value in the enterprises. 12% of operations leaders say that IoT is critical to attaining their goals. Executive management and finance have yet to see the value that sales, marketing and operations do.

Manufacturers see IoT as the most critical to achieving their product quality, production scheduling and supply chain orchestration goals

Insurance industry leaders also view IoT as critical to operations as their business models are now concentrating on automating inventory and safety management. Insurance firms also track vehicles in shipping and logistics fleets to gain greater visibility into how route operations can be optimised at the lowest possible risk of accidents. Financial Services and Healthcare are the next most interested in IoT with Higher Education and Business Services assign the lowest levels of importance by industry.

Investment in IoT analytics, application development and defining accurate, reliable metrics to guide development is the most critical aspect of IoT adoption today

Investments in the data supply chain including data capture, movement, data prep, and management is the second-most critical area followed by investments in IoT infrastructure.  Analytics, application development, and accurate, reliable metrics guiding DevOps are consistent with the study’s finding that early adopters have an excellent track record adopting and applying advanced and predictive analytics to challenging logistical, operations, sales, and marketing problems.

IoT early adopters or advocates prioritise dashboards, reporting, IoT use cases that provide data streams integral to analytics, advanced visualisation, and data mining

IoT early adopters and the broader respondent base differ most in the prioritisation of IT analytics, location intelligence, integration with operational processes, in-memory analysis, open source software, and edge computing. The data reflects how IoT early adopters quickly become more conversant in emerging technologies with the goal of achieving exponential scale across analytics and IoT platforms.

The criticality of advanced and predictive analytics to all leaders surveyed is at an all-time high

Attaining a (weighted-mean) importance score of 3.6 on a 5.0 scale, advanced and predictive analytics is today considered “critical” or “very important” to a majority of respondents. Despite a mild decline in 2017, importance sentiment (the perceived criticality of advanced and predictive analytics) is on an uptrend across the five years of our study. Mastery of advanced and predictive analytics is a leading indicator of IoT adoption, indicating the potential for more analytics pilots and in-production IoT projects next year.

The most valuable features for advanced and predictive analytics apps include support for a range of regression models, hierarchical clustering, descriptive statistics, and recommendation engine support

Model management is important to more than 90% of respondents, further indicating IoT analytics scale is a goal many are pursuing. Geospatial analysis (highly associated with mapping, populations, demographics, and other web-generated data), Bayesian methods, and automatic feature selection is the next most required series of features.

Access to advanced analytics for predictive and temporal analysis is the most important usability benefit to IoT adopters today

Second is support for easy iteration, and third is a simple process for continuous modification of models. The study evaluated a detailed set of nine usability benefits that support advanced and predictive activities and processes. All nine benefits are important to respondents, with the last one of a specialist not being required important to a majority of them at 70%.

Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

• 91% of manufacturers are investing in predictive analytics in the next 12 months, and 50% consider artificial intelligence (AI) a major planned investment for 2019 to support their subscription-based business models.
• New subscription business models and smart, connected products are freeing manufacturers up from competing for one-time transaction revenues to recurring revenues based on subscriptions.
• By 2020, manufacturers are predicting 67% of their product portfolios will be smart, connected products according to an excellent study by Capgemini.
• 71% of manufacturers are using automated sensors for real-time monitoring and data capture of a product’s condition and performance, yet just 25% have the infrastructure in place to analyse it and maximise product uptime.

Manufacturers need to break their dependence on just selling products to selling services if they’re going to grow. Smart, connected products with IoT sensors embedded in them are the future of subscription business models and a key foundation of the subscription economy.

Product reliability and uptime help create subscription economies

In a subscription economy world, whoever excels at product reliability and uptime grows faster than competitors and defines the market. Airlines with the highest on-time ratings have designed in reliability and uptime as part of their company’s identity; their DNA is based on these goals. Worldwide Business Research (WBR) in collaboration with Syncron, a global provider of cloud-based after-sales service solutions focused on empowering the world’s leading manufacturers to maximise product uptime and deliver exceptional customer experiences, recently surveyed to see how manufacturers are addressing the reliability and uptime challenges so critical to growing subscription business.

The research study, Maximised Product Uptime: The Emerging Industry Standard provides insights into how manufacturers can improve their after-sales service solutions. A copy of the study can be downloaded here (PDF, 23 pp., opt-in). Please see pages 20 – 23 for additional details on the report’s methodology. WBR and Syncron designed the survey to gain a deep understanding of manufacturers’ ability to deliver on their customers increasing demand for maximised product uptime, surveying 200 original equipment manufacturers (OEMs), with respondents evenly split between the U.S. and European markets, as well as 100 equipment end-users

Key insights from the study include the following:

34% of manufacturers are ready to compete in a subscription economy and have created a service strategy based on maximised product uptime

39% are planning to have one in two years, and 22% are predicting it will be in 2020 or later before they have on in place. Capgemini found that manufacturers’ plans for smart, connected products would extend beyond these projections, making it a challenge of manufacturers to realise the new subscription revenue they’re planning on in the future.

71% of manufacturers are using automated sensors including IoT for real-time monitoring and data capture of a product’s condition and performance, yet just 25% have the infrastructure in place to analyse it and maximise product uptime

51% of manufacturers have systems in place for analysing the inbound data generated from sensors, yet report they still have more work to do to make them operational.  The 25% of manufacturers with systems in place and at scale will have at least an 18-month jump on competitors who are just now planning on how to make use of the real-time data streams IoT sensors provide.

Predicting part failures before they occur (83%), optimising product functionality based on usage (67%), and using stronger analytics to evaluate product performance (61%) matter most to manufacturers pursuing subscription models

Autonomous product operation (56%) and implementing stronger analytics on ROI ( 50%) are also extremely important. These findings further underscore how manufacturers need to design in reliability and uptime if they are going to succeed with subscription-based business models.

91% of manufacturers are investing in predictive analytics in the next 12 months, and 50% consider artificial intelligence (AI) a major planned investment for 2019

Creating meaningful data models from the massive amount of manufacturing data being captured using automated sensors and IoT devices is making predictive analytics, AI and machine learning extremely important to manufacturers’ IT planning budgets for 2019 and beyond. Combining predictive analytics, AI and machine learning to gain greater insights into pre-emptive maintenance on each production asset, installed product or device is the goal. Knowing when a machine or product will most likely fail is invaluable in ensuring the highest uptime and service reliability levels possible.

77% of manufacturers say having an after-sales service model is critical to their customers’ success today

Customers are ready to move beyond the legacy transactional, break-fix model of the past and want a more Amazon-like experience when it comes to uptime and reliability of every device they own as consumers and use at work. Speed, scale and simplicity are the foundational elements of a subscription business model, and the majority of manufacturers surveyed say their customers are leading them into a value-added after-sales service model.

• Over 100 million healthcare IoT devices are installed worldwide today, growing to 161m by 2020, attaining a Compound Annual Growth Rate (CAGR) of 17.2% in just three years according to Statista.
• Healthcare executives say privacy concerns (59%), legacy system integration (55%) and security concerns (54%) are the top three barriers holding back Internet of Things (IoT) adoption in healthcare organizations today according to the Accenture 2017 Internet of Health Things Survey.
• The global IoT market is projected to soar from $249B in 2018 to $457B in 2020, attaining a Compound Annual Growth Rate (CAGR) of 22.4% in just three years according to Statista.

Healthcare and medical device manufacturers are in a race to see who can create the smartest and most-connected IoT devices first. Capitalizing on the rich real-time data monitoring streams these devices can provide, many see the opportunity to break free of product sales and move into more lucrative digital service business models. According to Capgemini’s “Digital Engineering, The new growth engine for discrete manufacturers,” the global market for smart, connected products is projected to be worth $519B to $685B by 2020. The study can be downloaded here (PDF, 40 pp., no opt-in). 47% of a typical manufacturer’s product portfolio by 2020 will be comprised of smart, connected products. In the gold rush to new digital services, data security needs to be a primary design goal that protects the patients these machines are designed to serve. The following graphic from the study shows how organizations producing smart, connected products are making use of the data generated today.

Healthcare IoT device data doesn’t belong for sale on the dark web

Every healthcare IoT device from insulin pumps and diagnostic equipment to Remote Patient Monitoring is a potential attack surface for cyber adversaries to exploit. And the healthcare industry is renowned for having the majority of system breaches initiated by insiders. 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today according to Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR).

Many employees working for medical providers are paid modest salaries and often have to regularly work hours of overtime to make ends meet. Stealing and selling medical records is one of the ways those facing financial challenges look to make side money quickly and discreetly. And with a market on the Dark Web willing to pay up to $1,000 or more for the most detailed healthcare data, according to Experian, medical employees have an always-on, 24/7 marketplace to sell stolen data. 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey. Healthcare IoT devices are a potential treasure trove to inside and outside actors who are after financial gains by hacking the IoT connections to smart, connected devices and the networks they are installed on to exfiltrate valuable medical data.

Healthcare and medical device manufacturers need to start taking action now to secure these devices during the research and development, design and engineering phases of their next generation of IoT products. Specifying and validating that every IoT access point is compatible and can scale to support Zero Trust Security (ZTS) is essential if the network of devices being designed and sold will be secure. ZTS is proving to be very effective at thwarting potential breach attempts across every threat surface an organization has. Its four core pillars include verifying the identity of every user, validating every device, limiting access and privilege, and utilizing machine learning to analyze user behavior and gain greater insights from analytics.

The first step is protect development environments with Zero Trust privilege

Product research & development, design, and engineering systems are all attack surfaces that cyber adversaries are looking to exploit as part of the modern threatscape. Their goals include gaining access to valuable Intellectual Property (IP), patents and designs that can be sold to competitors and on the Dark Web, or damaging and destroying development data to slow down the development of new products. Another tactic lies in planting malware in the firmware of IoT devices to exfiltrate data at scale.

Attack surfaces and the identities that comprise the new security perimeter of their companies aren’t just people; they are workloads, services, machines, and development systems and platforms. Protecting every attack surface with cloud-ready Zero Trust Privilege (ZTP) which secures access to infrastructure, DevOps, cloud, containers, Big Data, and the entire development and production environment is needed.

Zero Trust Privilege can harden healthcare and medical device manufacturers’ internal security, only granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, healthcare and medical device manufacturers would be able to minimize attack surfaces, improve audit and compliance visibility, and reduces risk, complexity, and costs across their development and production operations.

The best security test of all: An FDA audit

Regulatory agencies across Asia, Europe, and North America are placing a higher priority than ever before on cybersecurity to the device level. The U.S. Food & Drug Administration’s Cybersecurity Initiative is one of the most comprehensive, providing prescriptive guidance to manufacturers on how to attain higher levels of cybersecurity in their products.

During a recent healthcare device and medical device manufacturer’s conference, a former FDA auditor (and now Vice President of Compliance) gave a fascinating keynote on the FDA’s intent to audit medical device security at the production level. Security had been an afterthought or at best a “trust but verify” approach that relied on trusted versus untrusted machine domains. That will no longer be the case, as the FDA will now complete audits that are comparable to Zero Trust across manufacturing operations and devices.

As Zero Trust Privilege enables greater auditability than has been possible in the past, combined with a “never trust, always verify” approach to system access, healthcare device, and medical products manufacturers should start engineering in Zero Trust into their development cycles now.

Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.

• The business value-add of blockchain will grow to slightly more than $176B by 2025, then exceed $3.1T by 2030 according to Gartner.
• Typical product recalls cost $8M, and many could be averted with improved track-and-traceability enabled by blockchain.
• Combining blockchain and IoT will revolutionise product safety, track-and-traceability, warranty management, Maintenance, Repair & Overhaul (MRO), and lead to new usage-based business models for smart, connected products.
• By 2023, 30% of manufacturing companies with more than $5B in revenue will have implemented Industry 4.0 pilot projects using blockchain, up from less than 5% today according to Gartner.

Blockchain’s greatest potential to deliver business value is in manufacturing. Increasing visibility across every area of manufacturing starting with suppliers, strategic sourcing, procurement, and supplier quality to shop floor operations including machine-level monitoring and service, blockchain can enable entirely new manufacturing business models. Supply chains are the foundation of every manufacturing business, capable of making use of blockchain’s distributed ledger structure and block-based approach to aggregating value-exchange transactions to improve supply chain efficiency first. By improving supplier order accuracy, product quality, and track-and-traceability, manufacturers will be able to meet delivery dates, improve product quality and sell more.

Capgemini Research Institute’s recent study, Does blockchain hold the key to a new age of supply chain transparency and trust? provide valuable insights into how blockchain can improve supply chains and manufacturing. A copy of the study is available here (PDF, 32 pp., no opt-in). Capgemini surveyed 731 organisations globally regarding their existing and planned blockchain initiatives. Initial interviews yielded 447 organisations who are currently experimenting with or implementing blockchain. Please see pages 25 & 26 of the study for additional details regarding the methodology.

Key takeaways of the study include the following:

Typical product recalls cost $8 million, and many could be averted with improved track-and-traceability enabled by blockchain

Capgemini found that there was 456 food recalls alone in the U.S. last year, costing nearly $3.5B. Blockchain’s general ledger structure provides a real-time audit trail for all transactions secured against modifications making it ideal for audit and compliance-intensive industries.

Gaining greater cost savings (89%), enhancing traceability (81%) and enhancing transparency (79%) are the top three drivers behind manufacturer’s blockchain investments today

Additional drivers include increasing revenues (57%), reducing risks (50%), creating new business opportunities (44%) and being more customer-centric (38%). The following graphic from the study illustrates the manufacturer’s priorities for blockchain. Capgemini finds that improving track-and-traceability is a primary driver across all manufacturers, consistent with the broader trend of manufacturers adopting software applications that improve this function today. That’s also understandable given how additional regulatory compliance requirements are coming in 2019 and those manufacturers competing in highly regulated industries including aerospace & defense, medical devices, and pharma are exploring how blockchain can give them a competitive edge now

Digital marketplaces, tracking critical supply chain parameters, tracking components quality, preventing counterfeit products, and tracking asset maintenance are the five areas Capgemini predicts blockchain will see the greatest adoption

Based on interviews with industry experts and startups, Capgemini found 24 blockchain use cases which are compared by level of adoption and complexity in the graphic below. The use cases reflect how managing supplier contracts is already emerging as one of the most popular blockchain use cases for manufacturing organisations today and will accelerate as compliance becomes even more important in 2019.

Manufacturers have the most at-scale deployments of blockchain today, leading all industries included in the study

Blockchain adoption is still nascent across all industries included in the study, with 6% of manufacturers having at-scale implementations today. Customer products manufacturers lead in pilots, with 15% actively [purusing blockchain in limited scope today. And retailers trail all industries with 91% having only proofs of concept.

Combining IoT and blockchain at the shipping container level in supply chains increases authenticity, transparency, compliance to product and contractual requirements while reducing counterfeiting

In highly regulated industries including Aerospace & Defense (A&D), Consumer Packaged Goods (CPG), medical devices, and pharma, combining IoT and blockchain provides real-time data on the shipping container conditions, tamper-proof storage, each shipment’s locational history and if there have been changes in temperature and product condition. Capgemini sees use cases where a change in a shipment’s temperature as measured by a sensor change sends alerts regarding contractual compliance of perishable meats and produce, averting the potential of bad product quality and rejected shipments once they reach their destination.

Capgemini found that 13% of manufacturers are 'pacesetters' and are either implementing blockchain at scale or have pilots in at least one site

Over 60% of Pacesetters believe that blockchain is already transforming the way they collaborate with their partners. Encouraged by these results, Pacesetters are set to increase their blockchain investment by 30% in the next three years. They lead early stage experimenters and all implementers on three core dimensions of organisational readiness. These include end-to-end visibility across functions, detailed and defined supportive processes, and availability of the right talent to succeed.

Lack of a clear ROI, immature technology and regulatory challenges are the top three hurdles pacesetter-class manufacturers face in getting blockchain initiatives accepted and into production

All implementations face these three challenges in addition to having to overcome the lack of complementary IT systems at the partner organisations. The following graphic compares the hurdles all manufacturers face in getting blockchain projects implemented by the level of manufacturers adoption success (Pacesetter, early-stage experimenters, all implementers).

 Interested in hearing leading global brands discuss subjects like this in person? Find out more at the Blockchain Expo World Series, Global, Europe and North America.

• Privileged credentials for accessing an airport’s security system were recently for sale on the Dark Web for just $10, according to McAfee.
• 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey.
• Apple employees in Ireland have been offered as much as €20,000 ($22,878) in exchange for their privilege access credentials in 2016, according to Business Insider.
• Privileged access credentials belonging to more than 1 million staff at a top UK law firm have been found for sale on the Dark Web.

There’s been a 135% year-over-year increase in financial data for sale on the Dark Web between the first half of 2017 and the first half of 2018. The Dark Web is now solidly established as a globally-based trading marketplace for a myriad of privileged credentials including access procedures with keywords, and corporate logins and passwords where transactions happen between anonymous buyers and sellers. It’s also the online marketplace of choice where disgruntled, angry employees turn to for revenge against employers. An employee at Honeywell, angry over not getting a raise, used the Dark Web as an intermediary to sell DEA satellite tracking system data he accessed from unauthorized accounts he created to Mexican drug cartels for $2M. He was caught in a sting operation, the breach was thwarted, and he was arrested.

Your most vulnerable threat surface is a best seller

Sites on the Dark Web offer lucrative payment in bitcoin and other anonymous currencies for administrators’ accounts at leading European, UK and North American banking institutions and corporations. Employees are offering their privileged credentials for sale to the highest bidder out of anger, revenge or for financial gain anonymously from online auction sites.

Privileged access credentials are a best-seller because they provide the intruder with “the keys to the kingdom.” By leveraging a “trusted” identity, a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. This holds especially true when the organizations are not applying multi-factor authentication (MFA) or risk-based access controls to limit any type of lateral movement after unauthorized access. Without these security measures in place, hackers can quickly access any digital businesses’ most valuable systems to exfiltrate valuable data or sabotage systems and applications.

81% of all hacking-related breaches leverage either stolen and weak passwords, according to Verizon’s 2017 Data Breach Investigations Report. A recent study by Centrify and Dow Jones Customer Intelligence titled, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in), found that CEOs can reduce the risk of a security breach by rethinking their Identity and Access Management (IAM) strategies. 68% of executives whose companies experienced significant breaches in hindsight believe that the breach could have been prevented by implementing more mature identity and access management strategies.

In a Zero Trust world, identities are the new security perimeter

The buying and selling of privileged credentials are proliferating on the Dark Web today and will exponentially increase in the years to come. Digital businesses need to realize that dated concepts of trusted and untrusted domains have been rendered ineffective. Teams of hackers aren’t breaking into secured systems; they’re logging in.

Digital businesses who are effective in thwarting privileged credential access have standardized on Zero Trust Security (ZTS) to ensure every potentially compromised endpoint, and threat surface within and outside a company is protected. Not a single device, login attempt, resource requested or other user-based actions are trusted, they are verified through Next-Gen Access (NGA).

Zero Trust Security relies upon four pillars: real-time user verification, device validation, access and privilege limitation, while also learning and adapting to verified user behaviors. Leaders in this area such as Centrify are relying on machine learning technology to calculate risk scores based on a wide spectrum of variables that quantitatively define every access attempt, including device, operating system, location, time of day, and several other key factors.

Depending on their risk scores, users are asked to validate their true identity through MFA further. If there are too many login attempts, risk scores increase quickly, and the NGA platform will automatically block and disable an account. All this happens in seconds and is running on a 24/7 basis ― monitoring every attempted login from anywhere in the world.

A recent Forrester Research thought leadership paper titled, Adopt Next-Gen Access to Power Your Zero Trust Strategy (14 pp., PDF, opt-in), provides insights into how NGA enables ZTS to scale across enterprises, protecting every endpoint and threat surface. The study found 32% of enterprises are excelling at the four ZTS pillars of verifying the identity of every user, validating every device using Mobile Data Management (MDM) and Mobile App Management (MAM), limiting access and privileges and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

NGA is a proven strategy for thwarting stolen and sold privileged access credentials from gaining access to a digital business’ network and systems, combining Identity-as-a-Service, Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Forrester found that scalable Zero Trust Security strategies empowered by NGA lead to increased organization-wide productivity (71%), reduced overall risk (70%) and reduced cost on compliance initiatives (70%).

Additionally, insights gained from user behavior through machine learning allow for greater efficiency — both on reduced compliance (31% more confident) and overall security costs (40% more likely to be confident), as well through increased productivity for the organization (8% more likely to be confident). The following graphic from the study ranks respondents’ answers.

Conclusion

Making sure your company’s privileged access credentials don’t make the best seller list on the Dark Web starts with a strong, scalable ZTS strategy driven by NGA. Next-Gen Access continually learns the behaviors of verified users, solving a long-standing paradox of user experience in security and access management. However, every digital business needs to focus on how the four pillars of Zero Trust Security apply to them and how they can take a pragmatic, thorough approach to secure every threat surface they have.

• By 2020, more than 20 million job seekers will look for automated advice on how to improve their ranking in job-matching algorithms according to Gartner.
• More than 50% of large enterprises based in North America and Western Europe will include diversity and inclusion enablement criteria in their HCM technology selection processes by 2020.
• By 2022, nearly 80% of organisational skills will have to be reprioritised or revisited due to digital business transformation.

These and many other fascinating insights are from Gartner’s recent research note, Cool Vendors in Human Capital Management for Talent Acquisition (PDF, 13 pp., client access reqd.) that illustrates how AI and machine learning are fundamentally redefining the war for talent. Gartner selected five companies that are setting a rapid pace of innovation in talent management, taking on Human Capital Management’s (HCM) most complex challenges. The five vendors Gartner mentions in the research note are AllyO, Eightfold, jobpal, Knack, and Vettd. Each has concentrated on creating and launching differentiated applications that address urgent needs enterprises have across the talent acquisition landscape. Gartner’s interpretation of the expanding Talent Acquisition Landscape is shown below (please click on the graphic to expand):

Source: Gartner, Cool Vendors in Human Capital Management for Talent Acquisition, Written by Jason Cerrato, Jeff Freyermuth, John Kostoulas, Helen Poitevin, Ron Hanscome. 7 September 2018

Company growth plans are accelerating the war for talent

The average employee’s tenure at a cloud-based enterprise software company is 19 months; in the Silicon Valley, this trends to 14 months due to intense competition for talent according to C-level executives leading these companies. Fast-growing enterprise cloud computing companies and many other businesses like them need specific capabilities, skill sets, and associates who know how to unlearn old concepts and learn new ones. Today across tech and many other industries, every company’s growth strategy is predicated on how well they attract, engage, screen, interview, select and manage talent over associates’ lifecycles.

Of the five companies Gartner names as Cool Vendors in the field of Human Capital Management for Talent Acquisition, Eightfold is the only one achieving personalisation at scale today. Attaining personalisation at scale is essential if any growing business is going to succeed in attracting, acquiring and growing talent that can support their growth goals and strategies. Eightfold’s approach makes it possible to scale personalised responses to specific candidates in a company’s candidate community while defining the ideal candidate for each open position.

Gartner finds Eightfold noteworthy for its AI-based Talent Intelligence Platform that combines analysis of publicly available data, internal data repositories, HCM systems, ATS tools, and spreadsheets then creates ontologies based on organisation-specific success criteria. Each ontology, or area of talent management interest, is customisable for further queries using the app’s easily understood and navigated user interface. Gartner also finds that Eightfold.ai is one of the first examples of a self-updating corporate candidate database. Profiles in the system are now continually updated using external data gathering, without applicants reapplying or submitting updated profiles. The Eightfold.ai Talent Intelligence Platform is shown below:

Taking a data-driven approach to improve diversity

AI and machine learning have the potential to remove conscious and unconscious biases from hiring decisions, leading to hiring decisions based on capabilities and innate skills. Many CEOs and senior management teams are enthusiastically endorsing diversity programs yet struggling to make progress. AI and machine learning-based approaches like Eightfold’s can help to accelerate them to their diversity goals and attain a more egalitarian workplace. Data is the great equaliser, with a proven ability to eradicate conscious and unconscious biases from hiring decisions and enable true diversity by equally evaluating candidates based on their experience, growth potential and strengths.

Conclusion

At the center of every growing business’ growth plans is the need to attract, engage, recruit, and retain the highest quality employees possible. As future research in the field of HCM will show, the field is in crisis because it’s relying more on biases than solid data. Breaking through the barrier of conscious and unconscious biases will provide contextual intelligence of an applicant’s unique skills, capabilities and growth trajectories that are far beyond the scope of any resume or what an ATS can provide. The war for talent is being won today with data and insights that strip away biases to provide prospects who are ready for the challenges of helping their hiring companies grow.

• 58% of healthcare systems breach attempts involve inside actors, which makes this the leading industry for insider threats today.
• Ransomware leads all malicious code categories, responsible for 70% of breach attempt incidents.
• Stealing laptops from medical professionals’ cars to obtain privileged access credentials to gain access and install malware on healthcare networks, exfiltrate valuable data or sabotage systems and applications are all common breach strategies.

These and many other fascinating insights are from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR). A copy of the study is available for download here (PDF, 20 pp., no opt-in).  The study is based on 1,368 incidents across 27 countries. Healthcare medical records were the focus of breaches, and the data victims were patients and their medical histories, treatment plans, and identities. The data comprising the report is a subset of Verizon’s Annual Data Breach Investigations Report (DBIR) and spans 2016 and 2017.

Why healthcare needs Zero Trust Security to grow

One of the most compelling insights from the Verizon PHIDBR study is how quickly healthcare is becoming a digitally driven business with strong growth potential. What’s holding its growth back, however, is how porous healthcare digital security is. 66% of internal and external actors are abusing privileged access credentials to access databases and exfiltrate proprietary information, and 58% of breach attempts involve internal actors.

Solving the security challenges healthcare providers face is going to fuel faster growth. Digitally-enabled healthcare providers and fast-growing digital businesses in other industries are standardizing on Zero Trust Security (ZTS), which aims to protect every internal and external endpoint and attack surface. ZTS is based on four pillars, which include verifying the identity of every user, validating every device, limiting access and privilege, and learning and adapting using machine learning to analyze user behavior and gain greater insights from analytics.

Identities need to be every healthcare providers’ new security perimeter

ZTS starts by defining a digital business’ security perimeter as every employees’ and patients’ identity, regardless of their location. Every login attempt, resource request, device operating system, and many other variables are analyzed using machine learning algorithms in real time to produce a risk score, which is used to empower Next-Gen Access (NGA).

The higher the risk score, the more authentication is required before providing access. Multi-Factor Authentication (MFA) is required first, and if a login attempt doesn’t pass, additional screening is requested up to shutting off an account’s access.

NGA is proving to be an effective strategy for thwarting stolen and sold healthcare provider’s privileged access credentials from gaining access to networks and systems, combining Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Centrify is one of the leaders in this field, with expertise in the healthcare industry.

NGA can also assure healthcare providers’ privileged access credentials don’t make the best seller list on the Dark Web. Another recent study from Accenture titled, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity” found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000. 24% of employees know of someone who has sold privileged credentials to outsiders, according to the survey. By verifying every login attempt from any location, NGA can thwart the many privilege access credentials for sale on the Dark Web.

The following are the key takeaways from Verizon’s 2018 Protected Health Information Data Breach Report (PHIDBR):

58% of healthcare security breach attempts involve inside actors, which makes it the leading industry for insider threats today

External actors are attempting 42% of healthcare breaches. Inside actors rely on their privileged access credentials or steal them from fellow employees to launch breaches the majority of the time. By utilizing NGA, healthcare providers can get this epidemic of internal security breaches under control by forcing verification for every access request, anywhere, on a 24/7 basis.

Most healthcare breaches are motivated by financial gain, with healthcare workers most often using patient data to commit tax return and credit fraud

Verizon found 876 total breach incidents initiated by healthcare insiders in 2017, leading all categories. External actors initiated 523 breach incidents, while partners initiated 109 breach incidents. 496 of all breach attempts are motivated by financial gain across internal, external and partner actors. Internal actors are known for attempting breaches for fun and curiosity-driven by interest in celebrities’ health histories that are accessible from the systems they use daily. When internal actors are collaborating with external actors and partners for financial gain and accessing confidential health records of patients, it’s time for healthcare providers to take a more aggressive stance on securing patient records with a Zero Trust approach.

Abusing privileged access credentials (66%) and abusing credentials and physical access points (17%) to gain unauthorized access comprise 82.9% of all misuse-based breach attempts and incidents

Verizon’s study accentuates that misuse of credentials and the breaching of physical access points with little or no security is intentional, deliberate and driven by financial gain the majority of the time. Internal, external and partner actors acting alone or in collaboration with each other know the easiest attack surface to exploit are accessed credentials, with database access being the goal half of the time. When there’s little to no protection on web application and payment card access points to a network, breaches happen. Shutting down privilege abuse starts with a solid ZTS strategy based on NGA where every login attempt is verified before access is granted and anomalies trigger MFA and further user validation. Please click on the graphic to expand it for easier reading.

70.2% of all hacking attempts are based on stolen privileged access credentials (49.3%) combined with brute force to obtain credentials from POS terminals and controllers (20.9%)

Hackers devise ingenious ways of stealing privileged access credentials, even resorting to hacking a POS terminal or controllers to get them. Healthcare insiders also steal credentials to gain access to mainframes, servers, databases and internal systems. Verizon’s findings below are supported by Accenture’s research showing that 18% of healthcare employees are willing to sell privileged access credentials and confidential data to unauthorized parties for as little as $500 to $1,000. Please click on the graphic to expand it for easier reading.

Hospitals are most often targeted for breaches using privileged access credentials followed by ambulatory health care services, the latter of which is seen as the most penetrable business via hacking and brute force credential acquisition

Verizon compared breach incidents by North American Industry Classification System (NAICS) and found privileged credential misuse is flourishing in hospitals where inside and outside actors seek to access databases and web applications. Internal, external and partner actors are concentrating on hospitals due to the massive scale of sensitive data they can attain with stolen privileged access credentials and quickly sell them or profit from them through fraudulent means. Verizon also says a favorite hacking strategy is to use USB drives to exfiltrate proprietary information and sell it to health professionals intent on launching competing clinics and practices. Please click on the graphic to expand it for easier reading.

Conclusion

With the same intensity they invest in returning patients to health, healthcare providers need to strengthen their digital security, and Zero Trust Security is the best place to start. ZTS begins with Next-Gen Access by not trusting a single device, login attempt, or privileged access credential for every attack surface protected. Every device’s login attempt, resource request, and access credentials are verified through NGA, thwarting the rampant misuse and hacking based on comprised privileged access credentials. The bottom line is, it’s time for healthcare providers to get in better security shape by adopting a Zero Trust approach.