So how might the infrastructure of a smart building decrease your organizational risk profile? Can you measure this?
In terms of having an index, I am currently creating an index (like my security awareness course) to rate the level of cybersecurity a building provides to its owners (or lessees). Given we already have sustainability indices for commercial real estate in the form of the CBRE Green Building Adoption Index, my intention is to build a reference cybersecurity metric in how the infrastructure of smart buildings can be compared from the point of those either owning or renting the space. For this index, I will be defining the number of risks, type of risk and potential effects of risk on smart building infrastructural implementations.
Separating control from performance
Physical control of buildings was traditionally seen as separate from enterprise networks. The control systems domain was protected by physical separation, and facilities management was handled as a different domain. However, as global services delivery, data sharing and data acquisition for cost-effectiveness became critical functions within modern business, facilities management became tied to the corporate data network.
Smart buildings now combine legacy operational technology for building automation systems (BAS) together with enterprise IT and IoT devices. Unlike IT environments, which have developed workflows and technologies to address cyber threats, hackers can exploit the vulnerabilities of BAS to enter the IT network and get hold of restricted data located on servers and computers.
The benefits of operation and analytics available for facilities management on how the building performed have given insights into better asset management. But with connectivity has come risk exposure to external exploits and possible attacks.
Life at the Edge
Given edge computing and IoT devices create content for analysis, can they also provide misinformation or redirection for potential attacks on the corporate network? In other words, can the smart building dangle a click bait carrot or honey trap for potential hackers to pull them off the scent of the main system?
Just as we have access layers of data security based on roles within the enterprise, perhaps we should start looking at creating a separate operational data layer for physical control of the building, with the building taking an active role in its own defense. IoT technology, such as sensors, can automatically transfer an office area to ‘vacant’ security mode so potential hackers cannot gain access by moving the area to preset security settings to optimize network protection. This could also mean terminals off, USB ports disabled, and access secured with physical tokens.
Design to cloak or protect
Another way we can create a buffer to protect those assets by a slight disconnect with better perimeter management. One recent approach is the concept of Airwalls. Tempered Networks defines their Airwall edge services as “identity-defined perimeters that enforce access and segmentation for the systems protected within the Airwall”. This creates the possibility to deploy end-to-end encrypted connectivity around operational assets. An Airwall controls and enforces authenticated network communications between protected systems, while denying access to all unauthorized systems. To my understanding, authorized devices for protected access would be physical objects, not passwords. The goal is to remove the access to the IP address information for the potential hacker by creating an air pocket within the enterprise. For those Star Trek fans reading this, imagine a Klingon cloaking device for the ICS.
From the point of standards, there is the development of the IEC 62443 global set of cybersecurity standards to reduce vulnerability. This is set to improve safety, availability, integrity and confidentiality of systems used for industrial automation and control.
How much risk exists from your operational BAC systems?
Smart buildings can be efficient and effective but can also come with cybersecurity vulnerabilities that can be inadvertently introduced when smart technologies are deployed without the necessary consideration of what controls and patches are required to protect them.
In your cybersecurity planning for 2020, what active role does your operational systems play both in protection and in deterrence? Is your smart building helpful with sensor usage and alerts, or does it create hacking opportunities with disconnects and older communication protocols?
Reach out to have a conversation with me if you are interested in the index I am working on, or you’d like some advice on what cyber risk issues to consider in your infrastructural development.
Realise that learning is a continuous process. Companies should analyse technologies that will impact their business and their industry. But should also be aware that these technologies will evolve continually. To handle this learning should also be continuous. Walmart, for instance, has set up more than 100 “academies” in the US that provide continual classroom and hands-on training for various positions. Having the right talent in place is critical to the prospects of any organisation.
Make arrangements for just-in-time learning. Learning works best when people can apply their new-found knowledge and skills almost immediately. Organisations should identify the skills that employees will need in their immediate role. This also helps employees appreciate the value of the training and be open to future upskilling. NUS Business School offers a 3-day course, Leveraging Fintech for Business aimed at leaders and managers, to explore the business impact of Fintech – aimed at entrepreneurs and mid-career financial professionals who wish to upskill and those who are impacted by Fintech. Organisations can provide employees with on-demand learning tools and resources. Tools like mobile apps and online courses can help employees to learn and grow and allow them to engage with the program at their convenience and at their own pace instead of forcing them to adhere to a pre-planned schedule.
Partner if you do not have the right training process. An organisation cannot always be expected to have the right training resources available in-house – it might also prove to be expensive in the long run. Organisations that lack expertise or do not have enough resources to train and reskill employees, should partner with technology providers and dedicated external training programs. SkillsFuture in Singapore has partnered with IBM to train 2,500 Singaporeans on AI skills within the next three years, in a bid to help them apply AI in areas such as human resources, supply chain management, and media.
Technology-enabled automation will displace some workers while at the same time provide a platform for them to grow their careers and play a larger part in the success of the organisations. Companies can enable this transition through investments in training and education and provide a platform for workers to transition to new jobs. With the right tools, companies can continue to forge a long-term and mutually beneficial association with their employees in the face of rapid and increasing digital transformation.
I recently attended a briefing with Ramco Systems – if you haven’t heard of them, they are one of an emerging group of software vendors who are challenging the big application software companies – SAP and Oracle. They put innovation at the centre of their business – aiming to constantly drive improvement for their customers, and bringing companies the benefits of systems that consumers see in their web-based and mobile apps but have been sorely missing from the enterprise application market. To be honest they are a breath of fresh air in a market that needs it – and their endeavours are seeing results both in plaudits from analyst firms and new customer wins.
At the briefing, Ramco demonstrated some of the AI capabilities they have been weaving into their software platforms. And in doing so they have shown the gap between today’s systems and systems that actually work for their clients. ERP, HR, Payroll and other enterprise applications are data sinks – they demand constant input, and while they do a good job in automating business processes, they could do so much more.
Within Ramco they have moved away from email completely for employee inquiries – all interactions now happen with their transactional chatbot, including scheduling meetings, checking leave balances, discovering and understanding personal achievements, raising a travel request and claiming travel expenses – as well as understanding company policies and supporting employees with speculative queries. This same bot is available for clients as they aim towards a zero-UI interface – no more logging onto systems and interrogating applications, running searches. Now you ask a question and get an answer – using an IM client or a voice interface (such as Google Home or Amazon Alexa devices). This is the way systems should serve employees.
Like other enterprise application vendors, they have added an AI capability to their platform – but they are taking the extra step to make that AI work out of the box (or the cloud). For example, with all the information in your HR systems (employee skills, time and attendance, incentives, expenses, payroll) they are looking at making that information accessible and actionable for potential users – creating systems that understand the context and anticipate needs.
In your finance or ordering systems, they are applying machine learning so it understands that ‘client A’ tends to order specific items from specific locations – so ordering agents are guided towards those options versus having to scroll through long lists.
(see images for an example of that in the process)
They are recommending where costs should be allocated or validating inputs based on historical learnings. The systems can catch a mistake, errors or even fraud – saving the business significant amounts of money and of time in error correction or re-work.
Ramco’s vision is that agents only have to manage exceptions in enterprise applications – not every single detail. Complete automation is still an unrealistic expectation, but businesses should aim for 85% automation, with 12% of processes needing intervention for mild intervention and 3% needing deep intervention. In Ecosystm’s experience speaking to businesses that have automated to such a degree, an 85% automation does NOT lead to an 85% saving – as you typically automate the easier cases anyway. But the savings should be real and measurable – up to 50% time saving for accounts receivable or payable teams, for payroll teams, for help desks or for other highly manual processes should be achievable.
And while the business case can be built on the saving, the pay-off also comes in happier and more engaged employees who have the information right at their fingertips to make better business decisions or drive smarter business processes.
So why highlight Ramco’s AI capabilities? For a number of reasons:
For AI to be widely adopted, it needs to be easy and accessible – Many other vendors (the big cloud players in particular) are making AI tools and assets available for customers, but they still have to do the hard work – find a business problem, gather the data, train the algorithm, deploy the algorithm and then train users on the new process. There are hundreds – or even thousands of examples of processes in business that can be made smarter and easier through the use of machine learning and AI – and vendors should be building these capabilities into the products and platforms. Ramco is doing that – they are by no means alone – but they are a good example of a software vendor that is disrupting a market by focusing on helping their customer succeed.
I believe there is a bigger trend going on in the way businesses buy software (and look out for an upcoming report on this topic). More and more I see businesses adopt the best solution for their needs – NOT the one that does 80% of what they want. And the best software is often built by smaller, more agile companies. They build for specific business needs and specific niches – and they focus on providing exactly what customers want. I am seeing a general move away from the big platform providers towards the smaller ISVs. Partly because they cost less (I regularly hear companies say they saved up to 90% by using a specialist provider!) – but also because they provide the best solution – and businesses can no longer compromise when it comes to driving the best customer and employee experiences. Again, Ramco is a part of this change.
You should demand more from your applications provider– an AI platform is not enough. They need to make your actual application smart – they need to be able to automate processes you are already doing. If you have data the system should be able to learn, they need to focus on making the system work for you, your employees and your customers – not the other way around (as is too often the case). AI needs to be a core component of your business applications, not a bolt-on.
Today, many businesses use Tableau (over 86,000), including a lot of Salesforce customers. They have chosen Tableau because it is easy to deploy and use, and like Salesforce own applications, it targets the ultimate decision maker – the business user – and sometimes even the consumer. Recent research into the BI systems integrators in Asia Pacific shows that Tableau is one of the leading analytics platforms for the partner community in the region – the big SIs have many people focused on Tableau. But that dominance is being challenged by a re-energised Microsoft, whose Power BI is also witnessing strong growth – and who is typically the price leader in the market.
For Salesforce customers, there is some overlap between products – their own Einstein Analytics tools do much of what Tableau can do – although Tableau helps customers see insights from data stored both on the cloud and inside their own data centres. It also moves Salesforce closer to the Customer 360 vision – the ability to get a view of customers across the Commerce, Marketing and Service Clouds. Salesforce customers not using Tableau today will get a better user experience by using Tableau as the visualisation platform.
History has shown that it is hard to make such acquisitions successful. Tableau was a huge success because it was independent. The same was for Business Objects and Cognos before their acquisitions. History has shown that when the large BI and analytics vendors are acquired, others move into that space. While Salesforce has announced they will run Tableau as a separate business, it will no longer be independent. Partners will need to be maintained and provided a growth path – and partners are the cornerstone of Tableau’s success. Some of these partners might have strong ties to other software or cloud platforms too such as SAP, Oracle, AWS or Google. Customers of Tableau might feel sales pressure to move to a Salesforce environment – and will likely see Salesforce integration happen at a deeper level than on other platforms.
Tableau’s independence will disappear. However keeping Tableau as a separate business may not be the long term goal for Salesforce – it might be to offer the best application and analytics solution in the market – to make the entire suite more attractive to more potential buyers and users. It may be to take Salesforce beyond the current users in their customers to many other users who may not need the full application but need the analytics and visualisations that the data can provide. If this is the case, then the company is onto a winner with the Tableau acquisition.
The long term goal is not analytics reports delivered to employees. It is not visualisation. It is automation. It is applications doing smart, AI-driven analysis, and deciding for employees. It is about taking the human out of the process. In a factory you don’t need a report to tell you a machine is down – you need to book a repair person automatically – or a service technician to visit before the machine has even broken down. And you don’t need a visualised report to show that a machine is beyond its life expectancy. You need the machine replaced before it fails catastrophically.
Too often, we are putting humans in processes where they are not required. We are making visualisations more attractive and easier to consume when, in reality, we just needed the task automated. While we employ humans, there will be a need to make decisions more effectively, and we will still require tools like Tableau. But don’t let the pretty pictures distract you from the main prize – intelligentautomation.
If you would like to speak to Tim Sheedy or another analyst at Ecosystm about what the acquisition Tableau by Salesforce might mean to your business or industry, please feel free to schedule an inquiry call on the profile page.
While there are many opportunities to use “dumb automation” and save money, reduce or redeploy headcount – or have employees focus on higher value activities or make real differences to customer experiences – there are as many opportunities to make dumb processes smart. Being able to automatically read PDF or paper-based invoices – processes usually done by humans – could be a huge saving for your business. OK – maybe you can’t redeploy 100% of the staff, but 70% is still a big saving. Being able to take human error out of processes will often help to save money at two steps on the process – automating the human input function up front and also getting rid of the need to fix the mistake.
Start Your AI Journey With The Low Hanging Fruit
Ecosystm’s Global Ongoing AI study has shown that most businesses are focusing their AI investments on internal initiatives – on reducing process time, cost savings and driving productivity – which makes the most sense today. They are the easier business cases to build and the easiest benefits to explain.
Perhaps AI is also a chance for businesses to acknowledge that “efficient” does not always mean “good”. Many of the processes we automated or coded to ensure 100% compliance don’t give customers or employees what they are looking for. And maybe making the customer happy 70% of the time is better than not making them happy at all…
If you’d like to dig deeper into Ecosystm’s reports exploring the data from our ongoing AI study – check them out here (you’ll need to register if you have not already – it is free to register, but some content is premium):