Sunday, February 1, 2015

Evolution of Wearables - What is in store?

Many of us are hearing more and more about fitness bands and some are using these. Big players are now rolling out smart watches, which has disrupted the basic fitness bands considerably in a very short span of time, as these smart watches have these basic fitness features within. Wearables like, glasses, jewellery, headgear, belts, armwear, wristwear, legwear, footwear, skin patches, exoskeletons and textiles, etc are also increasingly becoming "Smart". These emerging smart devices can be worn by human beings, which will collect various data based on embedded sensors and provide useful information that will help improve oneself, which could be on physical fitness, health, etc.

As one can understand, wearables is not just limited to the gadget that decorate your wrist and the number of wearable devices in different segments are growing very fast. With rapid evolution around this space, there are devices that are worn around different areas of the body and the following graphic shows the smart devices that are worn in different parts of the human body:

Who are at it?

Amongst many others, companies like Google, Samsung, Fitbit, Jawbone, GoQii, LG, Sony have been into Wearable devices and the competition is heating up as big players like Intel and Apple are betting big on this market.

Fitbit dominated the market for “basic bands,” according to Canalys’ market estimates, with more than 50 percent market share in the second half of the year. The Jawbone UP came second, cutting itself around a fifth of the pie, followed by Nike with its Fuelband.

The market forecast and the trend makes us feel that this wearable space could potentially disrupt many of the traditional devices. Thus many are looking at embracing this market either to see how this could disrupt their product line or to see if they have an opportunity in this space.

NeuroMetrix of Waltham will be jumping into the market for wearable electronic devices. But the company's new Quell device - an over-the-counter version of its Sensus device for management of chronic pain - is an actual medical device that is used to manage pain.

TomTom, the Dutch brand known for its standalone GPS navigators among other things, has brought its line of sports watches to India. TomTom launched four fitness wearables, which include TomTom Runner and Multi-Sport GPS watches, which deliever real time stats such as time, distance, pace, speed and calories burnt to runners, swimmers and cyclists.

Xiaomi said in a press release that local sales of its Mi Band - a fitness tracking bracelet that can be powered for 30 days on a single charge, has surpassed 100,000 units since it was unveiled. The Beijing-based company forecast that more than 500,000 Mi Bands will be sold in Taiwan by the end of the year, giving it the biggest share of the country's wearable device market that is currently led by Sony Corp. and Samsung Electronics Co.

Intel is firing on all cylinders to expand into the growing wearable technology arena such as smart watches and other Internet-enabled wearables. This investment in Vuzix Corporation is yet another effort by the chipmaker in this regard. Intel has unveiled Curie, a low-powered module no bigger than a button, as part of its vision to lead in the wearables field.

Rumors have said that HTC will be launching a smartwatch at the upcoming CES. The initially planned unveiling of the device was back in October, but the date was pushed back to CES 2015. Details of the device are unclear though, as it could be a smartwatch or a fitness tracker.

In addition to all these devices, there will also be wearable technology focusing on health and fitness, prosthetics and smart clothing.

The Trend

Shipments of smart wearables are expected to grow from 9.7 million in 2013 to 135 million in 2018, according to CCS Insight's new global forecast. The forecast predicts that wrist-worn devices will account for 87% of wearables to be shipped in 2018 — comprising 68 million smartwatches and 50 million smart bands with no screen or with a minimal, one-line display.

The smartwatch will be the leading product category and take an increasingly large share of wearable shipments. We estimate smartwatch shipments will rise by a compound annual rate of 41% over the next five years. Smartwatches will account for 59% of total wearable device shipments this year, and that share will expand to just over 70% of shipments by 2019.

The dominant sector will remain the healthcare sector which merges medical, fitness and wellness. It has the largest number of big names such as Apple, Accenture, Adidas, Fujitsu, Nike, Philips, Reebock, Samsung, SAP and Roche behind the most promising new developments.

Google's Android could be critical for developing the smart devices ecosystem, though significant changes will be required before it is suitable for all kinds of wearable devices. Google has already released Android Wear, targeted for smart watches.

Samsung, Google, Apple, with their massive war chests, have come into this market. They’re going to really help elevate the category for consumers. They’re going to help people understand the kinds of benefits that they can get from these products. The next few years, will see activity trackers with a little bit more biosensing data, and smart watches that people are going to have to charge every night.

If Wearables 1.0 was about creating the basic technologies for the wearable devices, Wearables 2.0 was and still is about crafting rich, robust business models based on these technologies. Wearables 3.0 will be all about perfecting, expanding and engaging customers at a level never experienced before. Big players in Wearable Technology and Internet of Things, from healthcare companies to insurance corporations, from high street retailers to music industry, Google, Apple, Samsung, Mercedes, Nike, Audi, just to name a few are all to give for free their devices in exchange for data.

What could be the future?

Though it’s easy to be pessimistic, one cannot ignore the potential that this market has in store. In any event, while we wait for this category to evolve, it’s entertaining to watch the puzzle pieces slowly come together. Convergence is expected, in much the same way that the smartphone extended the basic functionalities of the feature phone and disrupted certain traditional devices like point and shoot camera.

Medical and Wellness segment could be the one which will embrace this category of wearable devices and make health more affordable and self manageable for every one. For instance, one can wear a virtual doctor while on a specific treatment. A better example could be that the advances in wearable devices could lead to a scenario, where a diabetes patient may get appropriate doses of insulin administered into his body automatically based on various data collected by the sensors worn around the body. This could be risky, if the data, so collected are inaccurate and that is one of the major concern that is expected to be addressed in the coming years.

There has to be a marriage of fitness devices and medical management devices to really impact patient health. The future of wearable technology in fitness and health isn’t about the fitness bands and health monitors – it’s about what can be done with the data they collect, which means that these devices have to be supplemented by smart applications that are powered by big data and analytics tools.

A very large percentage of the population already owns a smart phone, which has lot many capabilities, including that of the basic wearable devices. As such, it will be critical that wearables provide a distinct value proposition that is separate and different than the smartphone, although the smartphone will likely still act as the “hub” to collect information.

We’re already starting to see sensor-embedded running vests and smart socks. But we could soon see jackets with solar panels (to recharge your gadgets on the go), 3D printed dresses that everyone can afford, health-monitoring underwear, even clothes that react to light. If we had the ability to change the look of all of our clothes, just by fiddling with our phones, it would mean less spending on new gear and plenty of spare wardrobe space.

Wearables need to move beyond the gamification of fitness to focus on monitoring and improving our health. With extra sensors and smarter and reliable algorithms, future devices should be able to warn us of high blood pressure and dehydration, fatigue and stress. Perhaps then, forewarned by data we understand, we’ll find wearables more compelling.

In Wearable Tech 3.0 Security is paramount. Six months from now and we’ll understand how poor the wearables 1.0 security was, if any! The big players in this market should finally draw, define and release the IoT and Wearables industry Security Standards. Wearable Tech 3.0 is the beginning of a new era where enterprises provide real value to their customers, a key technology benefit in the age of the customer.

Thursday, November 6, 2014

Enterprise Architecture Practice - Capabilities

Enterprise Architecture (EA) function now have an unprecedented chance to lead the way in identifying new business opportunities, thanks to the innovations in the web and mobile technologies and businesses realizing the business advantages of such advancements. EA serves a strategic business purpose by enabling business capabilities to be implemented via IT architecture and related IT delivery processes.

Though Enterprise Architecture is not a very new practice, the maturity level is still not the optimal in most enterprises. Seeing the benefits that the EA function can bring to the table,  many enterprises are attempting to setup the EA practice within, but are in fact struggling to get it right. EA not just science and not just art as well. It is a combination of art and science. Successful EA practice has been found to being able to demonstrate certain key capabilities. In the EA world, there is no such thing as 'one size fits all', as it is highly dependent on the enterprises' business, its objectives, goals, strategies and priorities, which is never the same across enterprises.

While the objective of this blog is to discuss about the key capabilities that the EA function should be able to demonstrate, it is also good to highlight out what EA is not.

What EA is not:
  • EA is NOT a project
  • EA is NOT about review 
  • EA is NOT a one-time activity
  • EA is NOT for IT
  • EA is NOT a strategy
  • EA is NOT all about cost-reduction
  • EA is NOT one-man show

A successful EA practice should consider practicing and demonstrating the following key capabilities:

Staying Relevant

As we all know, it is highly unlikely that an architectural solution that works well for one enterprise will work well for another in the same industry domain. This is because each enterprise has its own vision and mission to win over the competition and constantly wish to stand alone in the crowd in certain key areas. Staying relevant helps the EA function in aligning strategic and operational views of business with the underlying technology and service delivery processes. For this reason, the EA practice should strive to understand the vision, mission and strategies of the enterprise and continue to stay aligned to the same, so that the architectural solutions continue to stay relevant for the enterprise.

Technology & Architecture Vision

No doubt that modern enterprise largely depend on technology and in certain cases, the business in fact is driven by technology. Irrespective of whether technology drives the business or not, technology is a key enabler of the business. So, it becomes essential to have a technology vision, which is aligned to the business vision. It is needless to mention that having a vision will not be just enough, and the same shall be driven down to the operational processes and practices. Every architecture and governance process should derive the technology vision as envisaged and so the solutions continue to stay relevant and yield the intended results. The technology vision and strategy shall be such that leverages both new tech innovations and existing capabilities that will enable the business to achieve the target state. 

The goal of the architecture vision is to articulate how the proposed architecture will enable the business goals, respond to the strategic drivers, conform to the principles, and addresses the stakeholder concerns and objectives.

Transforming and automating operations

While leveraging the existing knowledge and resources is key in saving costs, it is important for the EA function to stay on top of the technology and business innovations and explore opportunities of leveraging the same so that the enterprise stays on course of achieving its target mission and vision. This is where the EA teams should consider leveraging Agile approaches, so that the target reference architecture also stays dynamic and relevant. The EA framework shall have an evolution cycle, so as to improve the framework itself and similarly the architecture solutions should also be continually evolved based on feedback and availability of enabling technologies and innovations.

It is needless to mention here that the EA function shall equally consider the 'Business As Usual' as any transformational initiative should not derail the enterprise from achieving its intended mission and vision.

Being the Change Leader

EA is all about bringing change for the good. i.e. EA programs is all about driving the enterprise from its current state to the target reference state, which is nothing but identifying and driving changes to various resources at various levels, so that the target state is achieved. This is yet another key capability that come down to the old adage of building “better, faster, cheaper” systems that provide agility to change or expand capabilities, in response to ever-changing business requirements. EA function leads the planning for these new system and technology capabilities, ensuring the best solutions to the business requirements by providing blueprints and implementation road maps to the design and delivery teams. They also provide a service to the other organizational functions by ensuring compliance of these solutions at critical design and delivery milestones.

Mitigating risk

As the emphasis shifts from cleaning up the legacy of systems and technologies to better planning and governance of new IS and IT initiatives, we see a corresponding shift in the role of the EA practice. The focus shifts from driving out costs to reducing risks associated with new programs, while ensuring timely delivery of new capabilities. 

Every architectural initiatives shall be subject to a risk review and decisions shall be made based on the business value expected out of it. The changing business and regulatory conditions might also impact the solutions and at times could end up the enterprises not being able to realize the intended value out of it. This where the "Fail Fast" approach would help in making the right decisions. Periodic reviews of the change or transformational projects should be conducted with a view to ascertain whether the intended value is not impacted with the current conditions. Thus being able to manage and mitigate the risks well is a key capability that the EA practice should demonstrate.

Overseeing investments

It is natural for enterprises to look for Return on Investments (RoI), as the capital has a cost. The EA practice shall consider the cost of capital and the investment requirements for various change initiatives and work with the related other functions to ensure that the benefits are quantified so as to ensure the investments yield desired returns. In cases where the benefits are not directly quantifiable, the EA team shall identify such indirect benefits derived out of such investments and shall ascertain the monetary value in a best possible manner. 

Governing the architecture

As said earlier, EA function is not a project and it is a continuous function. EA function shall put in place necessary framework to monitor and manage the architectural activities in a constant basis. Business architects in the EA function monitor the project portfolio, while IT architects govern technology solutions, leveraging reference architectures to build the future state in alignment with strategic road maps. The governance principles shall be applied to various architecture activities with an objective to ensure the strategy alignment, risk management, measuring & monitoring, optimal resource utilization.

Integrating people, processes, and technology
Considering the innovation around the areas of web, mobile, big data powered by social media, modern enterprises are looking forward to leverage these to derive maximum business value. In this direction, to stay competitive and relevant to the customer business, most successful organizations are rapidly moving towards the system of engagement architecture supported by digital collaboration platforms and social strategies devised by EA where EA would create an effective social governance model and an overall enterprise strategy. It necessitates a pervasive social layer that spans many different system of records and departments within an organization. Discussion would also enlighten more focus on expanding social footprint by delivering consistent digital experience and utilizing social content and online communities to increase collaboration with customers and other stakeholders.

Monday, November 3, 2014

Information Security - Cost Analysis

Reports indicate that the Information Security is now a Board Agenda and the security spending by enterprises is on the rise. This is more because of the raise in the data breaches worldwide and the increased hacking and cyber attacks. This impacting all enterprises, be it small, medium or large and across various segments, i.e. not only financial but also all domains. The increased exposure and financial damages associated with security risks have pushed enterprises to increase the budget allocations and mitigate if not avoid such risks.

The following recent predictions of Gartner influence the Information Security spending among enterprises:

  • By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud.
  • Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014.
  • By year-end 2015, about 30% of infrastructure protection products will be purchased as part of a suite offering.
  • By 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures.
  • Mobile security will be a higher priority for consumers from 2017 onward.

In the best interests of the investors, any spending or investment should be backed up with an appropriate cost-benefit analysis. Applying this cost-benefit-justifications to Information Security function is gaining focus but remains a challenge. Quantification forms the basis for being able to perform the cost-benefit analysis. The advantages of quanti fication are its accuracy, objectivity, and comparability. In addition, quanti cation is the basis for calculations and statistical analyses. While costing is a comparatively easier aspect, quantifying the benefits is still a challenge as it depends on the occurrence of uncertain events.

Starting with the idea of a Return on Security Investment (ROSI) several concepts have been developed to support the decision for or against an information measure. On way to do this is to apply the concept of Net Present Value (NPV). NPV-Formula for information security investments could be as below:

The following are the four aspects of Information Security costs:

  • Information Security Management - This is about the costs associated with the Information Security function, which comprises of People, Process and Technology. Though quantifying this aspect of the cost is straightforward, measuring the benefits is not.
  • Incidental costs of Information Security related decisions - As we all know, Information Security is a cross functional task and every personnel and process in the organization need to contribute towards Information Security. As such, implementation of any security control will cause additional overhead in other departments or functions. For instance, regulating the fair use of the Internet will require some extent of involvement from the HR function in the form of policies, code of conduct, ethics etc. Quantifying of both costs and benefits is not as easy.
  • Cost of capital for Security investments - Like any investment, capital invested in security function has a cost and quantifying this element of cost is not at all a challenge.
  • Costs arising out of security incidents - This is more like a Risk Management and all the principles of measuring the risks apply here as well. The risk measure for security incidents can be measured as a product of the probability and the impact. However quantifying this in absolute value requires the identification of the impacted information and / or related resource and the value of such resource. Many people have opined that information is the currency of the organization, but it has a dynamic value, i.e. the value of information depends not only on its significance to the organization but also its significance to others.

A common way of categorising and structuring costs in a repeatable and comparable way is required to manage the associated challenges. Building on that basis it becomes possible to identify cost-drivers and to analyse di fferent security management approaches like the following:

  • Balance Sheet Oriented Approach - where the costs are categorized and quantified under personnel, hardware, software and services. This approach does not take into consideration of the cross functional aspect of the security function.
  • Life Cycle Oriented Approach - where the costs are categorized and quantified against the various life cycle phases of the security function. Typically, the life cycle of the security function would be in the lines of Plan - Do - Check - Assess, in which case the costs are quantified with respect to each of the life cycle phases. This approach takes the project management approach and can be useful for quantifying the incremental cost of a specific security initiative, but this approach will not be useful for assessing the costs for the security management function as a whole.
  • Process Oriented Approach - where the costs are categorized into direct and indirect costs at process level. Direct costs could comprise of People and Technology and the Indirect costs could comprise of cost allocated by various functions towards a specific process, the quantified costs of risk avoidance and risk mitigation. This approach can be customized further to suit the varying needs of the enterprise.
  • Control Oriented Approach - where costs are categorized with respect to individual security control, which can be added up to ascertain the cost for a security area. However this approach has challenges abound in putting a standard approach and framework for ascertaining the costs at control level. The costs that every control comprise of are that of a share in the fixed organizational overhead, in addition to the variable costs of people, technology and the processes.
  • Layer Oriented Approach - where information security costs are categorized against the different layers of the ISMS layers, namely Management System, People & Processes, Architecture & Concepts, Operational Measures and Pre-requisites.

While quantifying the benefits is not very easy, by applying the Quantitative Risk Analysis techniques, the cost of not implementing a specific security process or control can be ascertained, which can be considered as the benefit of implementing the control or process. Another technique that can be useful to categorize and visualize the cost-benefits is the modeling and simulation.