Wibu-Systems Blog https://www.wibu.com/jp/blog.html Tue, 20 Feb 2018 13:24:53 +0100 Tue, 20 Feb 2018 13:24:53 +0100 t3extblog extension for TYPO3 Essentials in Software Monetization Wed, 14 Feb 2018 10:03:00 +0100 https://www.wibu.com/jp/blog/article/essentials-in-software-monetization.html post-83 https://www.wibu.com/jp/blog/article/essentials-in-software-monetization.html Terry Gaul Modern software monetization ensures customers use the services they pay for while taking advantage of cloud adoption and real-time analytics tools. Essentials in Software Monetization by Terry Gaul 14-02-18

“As today’s technology becomes increasingly complex, modern software monetization is essential. The adoption of modern technologies like the cloud have pressured independent software vendors (ISVs) to learn how to better protect their intellectual property (IP)…. To meet new demands, ISVs should look to modern delivery models and monetization methods including a user-centric focus, customer intelligence, and transparency for software usage.”

So writes Olivia Cahoon in a recent article in Software Magazine, Seeking Transparency: Modern Software Monetization. The gist of the article is that modern technologies such as the cloud and delivery models like Software-as-a-Service are giving consumers more options in the way that they use and purchase software. And because consumer preferences continue to evolve in rapid fashion, ISVs must be agile enough to re-package and deliver their offerings to match these dynamic usage requirements.

Marcellus Buchheit, President and CEO of Wibu-Systems USA, noted in the article: “Gone are the days of selling software with a perpetual license in a box. The ability to offer flexible licensing models is an important component in every ISV’s toolbox for optimizing their software monetization strategy.”

We can define modern software monetization as the ability for ISVs to maximize revenue by licensing and delivering their software with creative business models that are best suited for their customers’ requirements while protecting their software from outright piracy and illegal license usage, whether deliberate or inadvertent. Monetization issues are similar across all applications, whether delivered via on-premise, cloud, or mobile platforms.

Deploying usage-based licensing is a critical monetization consideration for ISVs as customers gain increasing say in how they want to consume and pay for their software. Traditional perpetual software licensing agreements are rapidly falling out of favor as often times they place restrictions on product use that do not fit the dynamic business needs of the end user. Many smaller companies, for instance, benefit from the ability to tailor licensing usage and subsequent costs to reduce their upfront expenditures and more closely match their business cycles.

For ISVs, the flexibility to offer licensing models tailored more closely to their customers business needs can help them reach new markets that they might not have been able to achieve with a conventional perpetual licensing strategy. ISVs need to decide whether their existing licensing system can deliver the flexibility they need to keep pace and even stay ahead of the market, or should they consider a licensing solution offered by a 3rd party to achieve their business goals. For example, look at the comprehensive range of license models readily available to ISVs with Wibu-Systems’ CodeMeter licensing platform, including both traditional single user or network licenses as well as consumption and user-based models, such as feature-on-demand, pay-per-use, and subscription licensing.

Software piracy continues to be a major monetization challenge faced by ISVs today. Unprotected applications can allow unauthorized access and theft of IP and personal data; insecure license management systems enable unlawful use of the software; and proprietary portions of source code can be hacked to reverse engineer and build counterfeit products – all resulting in losses in the billions of dollars for ISVs around the globe.

Compounding that issue is the importance of protecting cloud deployed applications and data against IP theft, counterfeiting and reverse engineering. Encrypting source code of the cloud application using strong cryptographic techniques protects IP against piracy and tampering. User authentication mechanisms and secure techniques for creating, storing and delivering licenses in the cloud further protect against unauthorized usage and ensures the proper monetization of the software.

In summary, today’s marketplace requires flexibility in licensing, delivery, reporting, and management while also protecting intellectual property. Said Cahoon: “Modern software monetization ensures customers use the services they pay for while taking advantage of cloud adoption and real-time analytics tools. To maintain customer satisfaction and improve monetization, ISVs should ensure data and software usage is transparent and easily understood by customers.”

Cybersecurity for Medical Device Endpoints Thu, 25 Jan 2018 08:42:00 +0100 https://www.wibu.com/jp/blog/article/cybersecurity-for-medical-device-endpoints.html post-79 https://www.wibu.com/jp/blog/article/cybersecurity-for-medical-device-endpoints.html Terry Gaul The best integrity protection solutions are based on cryptography and the associated use of digital signatures and authentication. Cybersecurity for Medical Device Endpoints by Terry Gaul 25-01-18

With the recent, highly publicized incidents of identity theft, ransomware and malware attacks directed at healthcare facilities, the medical device community is on high security alert. Cybersecurity exploits have resulted in the theft of patient data, intrusions to hospital IT networks, and malicious manipulation of medical devices and systems connected to these networks. The consequences of these attacks are potentially catastrophic: personal identity theft, disruption of critical hospital services, and an overall threat to patient privacy, care and safety. No one in the medical device community would argue that there is an urgent need to secure medical systems, devices and data.

Government organizations, like the FDA and National Institute for Standards and Technology (NIST), are now giving more attention to cybersecurity in the medical area as well.

The US FDA recently published recommendations for both manufacturers and regulators to address medical device cybersecurity. The document, Postmarket Management of Cybersecurity in Medical Devices: Guidance for Industry and Food and Drug Administration Staff, encourages manufacturers to address cybersecurity throughout the product lifecycle, including during the design, development, production, distribution, deployment and maintenance of the device.

Updated guidelines from NIST include specific updates regarding cybersecurity metrics and considerations about supply chain risk management and common terminology used to communicate with outside partners and vendors.

Industry organizations, including the Industrial Internet Consortium (IIC), are involved as well. Earlier in 2016, the IIC released its Industrial Internet Security Framework (IISF) document that identified endpoint vulnerabilities, many of which are prevalent in medical network environments, and ways to protect against them.

Security Considerations for Medical Device Endpoints
An endpoint device includes any computer-based device or system that is Internet-enabled and connected to an IP network. In the medical area, endpoints can be surgery robots, X-ray machines, MRI scanners, dental devices, infusion pumps, patient monitors or any other medical equipment with a computer chip and connection to the Internet. Security experts consider endpoints to be most vulnerable to hackers, particularly in the healthcare environment. Securing medical device endpoints involves many aspects:

  • physical security to prevent uncontrolled changes to or the removal of the endpoint
  • root of trust to provide confidence on the endpoint identity
  • integrity protection to ensure that the endpoint is in the configuration that enables it to perform its functions predictably
  • access control to ensure that proper identification, authentication and authorization protocols are performed
  • secure configuration and management to control updates of security policies and settings
  • monitoring and analysis for integrity checking, detecting malicious usage patterns or denial of service activities, and enforcing security policies and analytics
  • data protection to control data integrity, confidentiality and availability
  • security model and policy for governing the implementation of security functions

Integrity Protection
The term “Integrity Protection” encompasses security measures, namely protection of system resources, programs and data against unauthorized manipulation, or at least identification and display of such modifications. The challenge consists in guaranteeing data integrity, and, if not possible, bringing the system to a safe mode and stopping the execution of any function. The best integrity protection solutions are based on cryptography and associated security mechanisms, such as digital signatures and message authentication.

Secure Boot
Secure Boot functionality utilizes a digital certificate-based chain of trust to help prevent malicious software applications from loading during the system start-up process.

These are just a few examples of security measures that developers have available to ensure the proper use and performance of the medical device in a healthcare setting.

If you are planning to attend MD&M West February 6-8 in Anaheim, stop by Wibu-Systems booth #976 and we’ll tell you more about protecting medical device end points and security.

Monetizing the Medical Device Industry Fri, 19 Jan 2018 07:42:00 +0100 https://www.wibu.com/jp/blog/article/monetizing-the-medical-device-industry.html post-82 https://www.wibu.com/jp/blog/article/monetizing-the-medical-device-industry.html Terry Gaul Medical device manufacturers can leverage software licensing to unlock unique business models that generate new revenue streams. Monetizing the Medical Device Industry by Terry Gaul 19-01-18

Modern day medicine is increasingly dependent upon sophisticated technology that is rapidly changing the landscape of healthcare delivery and demonstrating that its use can make a dramatic improvement in patient outcomes. However, the new generation of medical instrumentation is expensive and a major contributing factor to the upward spiraling cost of healthcare. The Hastings Center, a not-for-profit organization geared towards addressing fundamental ethics issues in healthcare, life sciences, and other areas, estimates that “new or increased use of medical technology contributes 40 – 50% to annual cost increases.”

Medical technology is advancing rapidly as manufacturers develop new and improved software based models with more features and functionality. As a result, product life cycles are much shorter, meaning that equipment purchased 3 or 4 years ago can be outdated in a hurry. To keep abreast of the rapidly evolving technologies, providers need to replace equipment much more frequently than in the past. With such a rapid turnover of equipment, providers are hard pressed to gain an adequate return on their purchase investment and justify the expense. The problem is even more acute for smaller hospitals and medical centers who simply can’t afford the high-priced capital expenditures for new equipment with short life cycles.

With the global spotlight on the high cost of healthcare, pressure is mounting for healthcare organizations to keep capital expenditures low while maintaining and continuing their mission to deliver high quality patient care. This of course is the conundrum: how can healthcare providers utilize and pass on the benefits of advanced medical technology to their patients while maintaining an acute eye towards cost containment?

Software monetization is a key area of focus for medical device manufacturers. Much can be learned from the new software licensing models being successfully deployed in many other markets. The days of the conventional perpetual license, with the large upfront cost, are gone and being replaced by more creative monetization models, such as subscription licensing, that make it more affordable and accessible to larger target groups.

For medical device manufacturers, software is key because many of the rapid advances in equipment features and functionality occur because software is relatively easy to develop (vs. hardware modifications), deploy, and update in the field. Software not only controls the equipment, acquires data, and monitors events, but it can be programmed to simply turn features and functionality on an off as requested or as needed.

Medical device manufacturers can leverage software licensing to not only reduce the upfront costs for healthcare providers, but also to unlock unique business models that generate new revenue streams and open up markets that were previously unreachable. Let’s take a closer look at modern licensing models that can be adapted to medical devices:

Subscription Licensing: The software is licensed for a limited time (Expiration Time), a limited period (Usage Period) or on an annual basis (Subscription). To minimize the upfront capital cost for providers, the equipment can be leased and software licensed only for the specified time requested. For manufacturers, this provides a predictable, recurring revenue stream.

Pay-Per-Use Licensing: Use of the product is metered and providers are charged only when they use the equipment. In this case, users are charged on the basis of the real consumption of licenses per period. This model is similar to “Pay-per-view TV” or online journals who charge on a per use basis. Pay Per Use presents significant cost-saving benefits and allows manufacturers to penetrate untapped markets with an affordable offering.

Feature on demand: The medical device is delivered with the most important basic functionalities at an entry level cost. The system can be upgraded by additional licenses that are used to activate specific product features and models and charged accordingly. Features can be turned on and off as needed, giving customers greater control over their expenditure and allowing them to more readily address the unique needs of individual patients.

Trial: The user can access and try additional features of the software for a limited time, so that customers can test additional features while using the device in real-world conditions. This removes financial risk for the customers and allows them great flexibility.

Let’s take a look at a few real-world use cases.

Agfa HealthCare
Agfa HealthCare is a leading provider of diagnostic imaging and healthcare IT solutions for hospitals and care centers around the world. In the digital healthcare market, computed radiography is an important driver in making medical imaging more accessible, especially for smaller healthcare facilities in emerging countries. However, the upfront capital investment in equipment and software remains an important hurdle for healthcare providers with a relatively modest need for medical imaging.

To address this issue, Agfa HealthCare developed a computed radiography solution that offered a complete digital imaging package, including equipment and software, without upfront investment. They implemented a solution for time-based licensing that allows the healthcare providers to use the computed radiography package in a pay-per-use scenario. Their customers pay as they go, with a fixed down-payment followed by equal and regular installments, thus keeping upfront capital investment low and cost management easy. In turn, the flexible business model made new markets accessible to the company.

Fritz Stephan
Fritz Stephan is a developer of highly specialized technical solutions in ventilation, anesthesiology and oxygen supply. Fritz Stephan’s EVE ventilation systems were developed for a very sensitive group of patients that require gentle and non-invasive ventilation therapy. The ventilation family consists of three models: EVETR is mainly used in emergencies and during transport; EVEIN is a fully-fledged intensive care respirator for patients in the hospital environment; and EVENEO is an intensive care ventilator for the neonatal unit.

The company was looking for a modular licensing solution that would allow them to implement feature-based licensing and enable easy online updates. A scalable licensing model would also allow them to upsell new licenses to their global customer base and conveniently modify the set of features of their devices over the Internet.

To address their need, they structured a scalable licensing model where they can remotely activate features on-demand. This allows them to create new post-sales revenues and deliver responsive pricing models for their customers. Essentially, the device that was initially purchased by the customer stays the same, but it can be upgraded in the field, no matter where it was sold. With EVENEO, the adult features can be easily enabled at a later stage, or the neonatal mode can be activated for EVEIN at any time.

If you plan to attend MD&M West on Feb. 6-8 in Anaheim, stop by Wibu-Systems booth #976 and we can continue the discussion on medical software monetization strategies.

Protecting Medical Devices Fri, 12 Jan 2018 08:00:00 +0100 https://www.wibu.com/jp/blog/article/protecting-medical-devices-with-software-encryption.html post-80 https://www.wibu.com/jp/blog/article/protecting-medical-devices-with-software-encryption.html Terry Gaul Since the IP of today’s of most medical equipment is encapsulated in embedded software, the industry is ripe for attack. Protecting Medical Devices by Terry Gaul 12-01-18

Intellectual property theft is rampant around the globe. In a 2016 study, VDMA, the German Mechanical Engineering Industry Association, reported that nine of out ten manufacturers were victims of piracy, and that in 70% of all cases, reverse engineering was the main trigger. Components, industrial designs, and even entire systems are being counterfeited across all sectors of industry.

The medical device manufacturing community is a prime target for counterfeiting. Take for example the case of an Irvine, CA engineer who in 2016 was charged with stealing and possessing trade secrets from his two former employers, both of whom manufactured medical devices used to treat cardiac and vascular ailments. During his employment, the engineer was found to have travelled to the People’s Republic of China (PRC) multiple times – sometimes soon after allegedly downloading trade secrets from the employer’s computer and emailing information to his personal email account. According to the FBI, the engineer appeared to be in the process of setting up a company with other individuals in the PRC to manufacture medical devices.

In many cases, counterfeiting of the equipment starts with the theft of the intellectual property contained in the software and embedded in the equipment. That was the case when a leading global manufacturer of gambling slot machines found out that their proprietary gaming software was being used on counterfeit slot machines across Europe and Asia. Once the software was stolen, the perpetrator was able to reverse engineer the machine itself and build a functioning slot machine that closely mimicked the original equipment.

Because the intellectual property of today’s surgery robots, X-ray machines, MRI scanners, dental devices, infusion pumps, patient monitors and most other medical equipment is encapsulated in embedded software, the industry is ripe for attack.

Modern encryption technology, however, is a strong antidote that software developers can use to protect medical device software from theft. Encryption is the process of encoding data in such a way that only authorized parties can access it. Encryption denies the intelligible data to a would-be interceptor. In an encryption scheme, the intended data is encrypted using a special algorithm–a cipher–generating ciphertext that can only be read if decrypted. An encryption scheme usually uses a random encryption key, generated by the algorithm. It is theoretically possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. The data can only be decrypted with the key provided by the originator and the key is kept in a secure location.

During the encryption process, the software developer can encrypt the entire executable code, just specific tagged functions, or a combination of both. The encrypted code is then decrypted at runtime with the appropriate key.

Medical device manufacturing companies like Dentsply Sirona, Fritz Stephan GmbH, Agfa HealthCare, and custo med are prime examples of companies who have taken necessary steps to protect their intellectual property with modern embedded software protection mechanisms.


If you would like to learn more about encryption mechanisms and IP protection for medical device IP, stop by our booth #976 at MD&M West on February 6 – 8 in Anaheim.

What Meltdown and Spectre Mean Wed, 10 Jan 2018 08:42:00 +0100 https://www.wibu.com/jp/blog/article/what-meltdown-and-spectre-mean.html post-78 https://www.wibu.com/jp/blog/article/what-meltdown-and-spectre-mean.html Andreas Schaad CodeMeter products are not affected by Meltdown and Spectre, even if a would-be attacker should manage to access the application memory. What Meltdown and Spectre Mean by Andreas Schaad 10-01-18

The recent news about security vulnerabilities in common microprocessors and, by implication, popular operating systems and applications have left many users rightly concerned about their IT security.

What we can say at this point in time is that there are three new vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754), which have become known under the monikers “Meltdown” and “Spectre”.

The possible attacks exploit common performance boosting technology, such as the speculative execution of instructions, combined with side channel attacks to access data in volatile memory. As far as we can tell, this can be done in user mode, making it possible for external attackers to combine this with other common strategies (e.g. phishing). The exact details and proofs of concept were released simultaneously by Google’s Project Zero.

The vulnerabilities have, so far, only be demonstrated under “sanitized” laboratory conditions, and no real-life attacks are known. Despite this, the potential implications seem disastrous: Memory could be accessed at will by processes without the privileges to do so. This could be particularly catastrophic in cases where multiple users share the same hardware (multi-tenancy).

The affected makers of microprocessors and software developers are aware of the issue and have begun to release first patches. There are suggestions that certain trends in chip design will have to be reconsidered in the medium term.

It is not yet known whether code can be manipulated by exploiting these vulnerabilities. We will continue to monitor and proactively evaluate the patches provided in response by the industry (using CVE databases). Where required, we will notify our clients about updates they should install.

To our current knowledge, the functions and capabilities of Wibu-Systems’ CodeMeter products are not affected by the threat and will continue to offer optimum protection for applications against manipulation and illicit use.

As the keys used for software protection never needs to leave the CmDongle, our CodeMeter products will not be affected by Meltdown and Spectre, even if a would-be attacker should manage to access the entire application memory. Our IxProtector technology also supports highly granular encryption, making data available in unencrypted form only when and where it is genuinely needed. This will reduce the potential effects of an attack using Meltdown or Spectre to a minimum. Combined with our Blurry Box technology, this gives us good reason to consider Wibu-Systems the unbeaten leader in the field of software protection and licensing.

Crossing the Licensing Migration Chasm Mon, 04 Dec 2017 12:59:00 +0100 https://www.wibu.com/jp/blog/article/crossing-the-licensing-migration-chasm.html post-77 https://www.wibu.com/jp/blog/article/crossing-the-licensing-migration-chasm.html Terry Gaul Established due diligence best practices provide a roadmap to ensure a successful migration to a modern, flexible and robust licensing system. Crossing the Licensing Migration Chasm by Terry Gaul 04-12-17

Cloud initiatives, SaaS, subscriptions, pay-per-use, and a bevy of new, customer-centric licensing models are wreaking havoc with some ISVs who are struggling to keep up with their own antiquated licensing engine or are unsure as to how to adapt one of these new models and best satisfy their customers. One thing is for sure - when the dust settles, the most competitive ISVs will be those who have employed a flexible license management system that enables them to easily evaluate, implement, and tweak their licensing model to keep pace with ever changing consumer preferences, while at the same time, profiting from creative software monetization strategies that are optimal for their business.

What’s holding back some ISVs is the perception that the migration process from their existing “build your own” licensing system or legacy 3rd party system entails a prolific, resource-intensive and costly effort. And the most efficient migration path is not always crystal clear. Hence, the chasm. Among the many challenges ISVs face is the migration of existing data, especially if they still have to support an existing customer base while undertaking the migration. In most cases, there will be two licensing systems running in parallel for a defined period during the transition.

It has been our experience that the most important factor in a successful migration is for the ISV to be most diligent upfront to gain a thorough understanding of the short term migration issues and the market dynamics and associated licensing requirements that will support long term business objectives.

There are many questions that need to be considered during the due diligence phase of the migration effort: 

  • Make vs. buy: What are the pros and cons of implementing a home-grown solution vs. buying an off-the-shelf licensing system? Are there enough resources and internal expertise to perform the transition most efficiently?
  • Migration scenarios: Patch an existing system or convert to an entirely new system? Run the old and new systems in parallel for a transitory period? For how long?
  • Protection: How should license protection be built into the process to protect against IP theft, reverse engineering, and software piracy?
  • Licensing: Are different licensing models required? Is the licensing process and activations the same for all products? Will there be hardware or software activations, or both? Is there need to create new licenses for older versions of your products? Is there a long term strategic product development plan that includes a roadmap for entering new markets?

As confusing and daunting as the migration process may seem, it should be comforting to know that there are established best practices available that provide a roadmap to efficiently cross the chasm and ensure a successful migration to a modern, flexible and robust licensing system.

For starters, you can read an article that appeared in our KEYnote magazine that describes in detail several different paths that have proven successful in real-world migrations to our CodeMeter protection and licensing platform, or spend an hour in our upcoming Webinar, Streamlining Licensing Migration from 3rd Party Systems, to be held on December 13, 2017 at 6:00 pm CET/9:00 am PST, and see a live demonstration.

Pay-Per-Use licensing: its time has come Tue, 07 Nov 2017 10:59:00 +0100 https://www.wibu.com/jp/blog/article/pay-per-use-licensing-its-time-has-come.html post-76 https://www.wibu.com/jp/blog/article/pay-per-use-licensing-its-time-has-come.html Terry Gaul The pay-per-use model is widely embraced by consumers, has tangible benefits for ISVs and embedded system developers, and is industry-agnostic. Pay-Per-Use licensing: its time has come by Terry Gaul 07-11-17

Pay-per-use software licensing is not a new concept. In fact, as discovered in a recent Google search, the business model was under consideration as far back as 1993 (Host Users Seek License Details, Computerworld, May 24, 1993), when visionaries at companies like IBM perceived potential value in the novel concept. The idea was well before its time, perhaps, particularly given that the commercialization of the Internet and the realization of its powerful impact was just underway and the build out of enterprise IP networks was still in its infancy.

Today, however, the rise in cloud-based computing is driving market demand away from conventional perpetual licensing and toward next generation consumption based services in the form of software-as-a-service, infrastructure-as-a-service, and other subscription models that base pricing on actual service usage. The pay-per-use model has come of age and is being widely embraced by consumers, particularly those with low volume needs or those whose usage fluctuates in and out of peak periods.

The pay-per-use model is relatively straightforward: use of the product is metered and customers pay only for service they use, much like pay-per-view TV or publishers and research firms who sell access to high value content on per-use or per-download basis.

The pay-per-use model has tangible benefits for ISVs and embedded system developers as well as end users.

Benefits to customers include low start-up costs, month-to-month affordability, and convenience. In low usage scenarios, the model makes expensive, specialized software more affordable and accessible to smaller businesses. It is also beneficial to customers in environments where usage fluctuates over time, so when the software is not being used, the customer is not paying for it.

Software vendors, on the other hand, benefit from enhanced customer relationships. The pay-per-use model also provides valuable market information, as vendors gain greater feedback as to product usage and can retool and refine their pricing models and packaging to better serve their customer demands and improve revenues.

As consumers become more sophisticated and selective in their licensing preferences, it is incumbent upon the ISV to be capable of deploying new business models that satisfy their customers, particularly in a highly competitive market. Software licensing now is a mechanism by which vendors can differentiate themselves in the marketplace while enriching their customer relationships and building trust and loyalty for the future.

In the industrial realm, pay-per-use licensing has become more relevant as well, driven by recent developments in machine connectivity, the globalization of manufacturing processes, and the interest in customized manufacturing for production runs of maybe even only single pieces. Pay-per-use allows them to pay on the go for the machine lease, the consumables, the raw material, or the software package they specifically requested, at the time they really need it.

The most successful ISVs will be those who have the tools to roll out a pay-per-use licensing model as easily as they would for conventional permanent or subscription licenses, with automated billing and integration of the process into ERP, CRM, e-commerce and other back office business platforms.

If you are considering adopting pay-per-use licensing, you will be interested in attending our upcoming webinar, Monetizing Software, Machines, and Materials with New Business Models, on Thursday, November 16, 2017 at 9:00 am PST / 6:00 pm CET. The webinar will review different application scenarios for pay-per-use licensing and demonstrate the technical implementation using our CodeMeter License Central platform. You can view the agenda and register here.

Cybersecurity for Government and Industry Thu, 19 Oct 2017 09:52:00 +0200 https://www.wibu.com/jp/blog/article/cybersecurity-for-government-and-industry.html post-75 https://www.wibu.com/jp/blog/article/cybersecurity-for-government-and-industry.html Terry Gaul Cybercrime will cost up to $6 trillion by 2021 - nearly half of today’s US GDP and more profitable than the global trade of all major illegal drugs combined. Cybersecurity for Government and Industry by Terry Gaul 19-10-17

Cybercrime will cost up to $6 trillion by 2021, according to a report recently released by Cybersecurity Ventures. This colossal number is equivalent to nearly half of today’s US Gross Domestic Product (GDP) and more profitable than the global trade of all major illegal drugs combined.

The report links cybercrime costs to damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Beyond the financial consequences, cybercrimes jeopardize the trustworthiness of the connected economy, disrupt global commerce, and threaten critical infrastructure, ultimately putting lives at risk.

BSA | The Software Alliance, a leading advocate for the global software industry, has been an ongoing industry champion of software innovation, anti-piracy, and security and recently released their cybersecurity agenda, Security in the Connected Age. The agenda defines elements of cybersecurity that government policymakers can evaluate and help them to prioritize legislation that will most effectively strengthen policies to protect citizens from cyber threats.  The agenda urges the US government to expand its role in improving cybersecurity, both domestically and abroad, and to work closely with industry to:

  • Promote a secure software ecosystem by creating industry benchmarks, developing tools to understand critical information, and strengthening security research and vulnerability disclosure;
  • Strengthen government’s approach to cybersecurity by modernizing government IT, harmonizing federal cybersecurity regulations, and incentivizing adoption of the National Institute of Standards and Technology’s framework;
  • Pursue international consensus for cybersecurity action by supporting international standards development, as well as adopting and streamlining international security laws;
  • Develop a 21st century cybersecurity workforce by increasing access to computer science education and opening new paths to cybersecurity careers; and
  • Advance cybersecurity by embracing digital transformation, leveraging the potential of emerging technologies and forging innovative partnerships to combat emerging risks.

One key area of emphasis in the agenda is the need to drive IoT cybersecurity through adoption of proven software security best practices. Organizations are encouraged to integrate security-by-design principles into IoT standards and guidance, and develop frameworks for assessing risk and identifying security measures. This is where industry can play a major role through participating in global organizations like the Industrial Internet Consortium, Trusted Computing Group, and the Silicon Trust whose members are working diligently towards developing standards and best practices that address cybersecurity among other important industrial initiatives.

A good example of such an initiative is the IIC Industrial Internet Security Framework (IISF), a technical report developed by members from 25 different organizations. The IISF is the most in-depth cross-industry-focused security framework comprising expert vision, experience and security best practices. It reflects thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.

Creative Software Monetization Strategies Wed, 13 Sep 2017 09:45:00 +0200 https://www.wibu.com/jp/blog/article/creative-software-monetization-strategies.html post-74 https://www.wibu.com/jp/blog/article/creative-software-monetization-strategies.html Terry Gaul The next generation of software monetization is about enabling business models that provide additional opportunity for monetization to drive growth. Creative Software Monetization Strategies by Terry Gaul 13-09-17

“The next generation of software monetization is not just about IP protection nor limited to licensing alternatives (perpetual versus term), but rather about enabling business models that provide additional opportunity for monetization to drive growth.”

I found this statement to be a key takeaway from a recent Gartner report, Disruption in Software Business Models Creates New Opportunities for Monetization. This notion is based on several recent trends in the industry:

  • The transformation of software licensing models from upfront cost with an add-on maintenance contract to more recurring revenue models, like time-based or feature-based subscriptions.
  • The enablement of new pricing scenarios that are more end-user friendly and easier for the publisher to manage entitlements.
  • The granular ability to track application usage, which paves the way for attractive consumption-based pricing models and provides developers with valuable analytics and insights for next generation products.

Gartner highlighted several assumptions that will drive these future transformations:

  • By 2018, 50% of independent software vendors (ISVs) will use concurrent licensing (based on users) as the primary licensing strategy compared with the majority using node-lock models today.
  • By 2019, 80% of ISVs will use multiple licensing models (such as consumption/metered services, capacity, node lock and concurrent) for software monetization.

It’s interesting to note that similar dynamics are driving transformations in the embedded system market segment as well. According to Gartner, embedded developers should consider that: 

  • By 2019, 20% of intelligent device manufacturers (IDMs) will move from no protection for embedded software to a node-lock model as the primary software licensing strategy for monetization beyond the hardware.
  • By 2020, 15% of Intelligent Device Manufacturers will be exploring/piloting concurrent (based on users) and consumption (metered services) software licensing strategies in order to further monetize on embedded software.

With these industry shifts occurring, embedded device developers are realizing the potential benefits of recurring revenue models for themselves as well. Gartner points out that, for example, a medical device manufacturer, can offer hospitals and medical centers with flexible pricing options that alleviate the high upfront capital equipment cost with a subscription-based model that is more manageable. As a result more customers can access the medical equipment they otherwise could not afford.

Agfa HealthCare, a leading provider of diagnostic imaging and healthcare IT solutions, is a good case in point. The company’s digital computed radiography system encompasses the most cutting-edge technology in clinical research, but many small laboratories, orthopedic doctors, and other facilities were hard pressed to afford the upfront investment for hardware and software. To accommodate the needs of the vast low-end market, the company rolled out a time-based licensing model that allows the user to only pay according to the imaging volume they needed, which made the solution more affordable for providers and their patients who could benefit from the state-of-the-art technology while opening up new markets for the company.

As these transformations continue to alter the software licensing and monetization landscape, the next question is what tools are needed and how best to implement these new business models. Do the software publishers and embedded device manufacturers develop and rely upon their own expertise to manage the process or partner with an expert in the field to help them commercialize these models? In the case of Agfa Healthcare, they chose to utilize CodeMeter, Wibu-Systems’ proven software security and licensing solution, to help them fulfill their business vision. You can read the full story here.

Time to Speak a Common Language in the IIoT Thu, 31 Aug 2017 14:07:00 +0200 https://www.wibu.com/jp/blog/article/time-to-speak-a-common-language-in-the-iiot.html post-72 https://www.wibu.com/jp/blog/article/time-to-speak-a-common-language-in-the-iiot.html Marcellus Buchheit Do we all share a common understanding of IIoT terms? Most likely not, and that’s why the IIC continues to update its IIoT Vocabulary Report. Time to Speak a Common Language in the IIoT by Marcellus Buchheit 31-08-17

In our daily lives, how frequently have we heard someone say “let’s make sure we are on the same page”, whether it be during a personal interaction or a business communication? Pretty often I would say, because it is very easy to get caught up in our comfortable jargon and buzzwords that are prevalent in our particular environments, but not be so readily understandable by people outside of our close circles.

With the rapid growth of the Industrial IIoT and the wide diversity of stakeholders and industries involved, “getting on the same page” has become more difficult, yet more important than ever. For example, do we all share a common understanding of terms and concepts like authentication, operational technology, root of trust, vulnerability and other similar terms that are frequently mentioned in articles, technical documents, and other presentations and publications? Most likely not, and that’s why the Industrial Internet Consortium (IIC) continues to update its IIoT Vocabulary Report.

The second version of the report (v2.0) was developed by members of the IIC Vocabulary Task Group which is comprised of software architects, business experts, and security experts and released on July 24. The report contains vocabulary terms and definitions considered relevant to the IIoT. The goal of the document is to enable all stakeholders in the IIoT ecosystem – system architects, IT managers, plant managers, and business decision makers – to communicate with each other effectively. Many of the terms were updated from the first report originally released in 2016 and new terms introduced to keep pace with the rapidly evolving IIoT nomenclature.

Anish Karmarkar, IIC Vocabulary Task Group Chair, and Director, Standards Strategy & Architecture at Oracle, said in an IIC news release: “The Industrial Internet comprises a diverse set of industries and people with various skill sets and expertise. Often, concepts and terminology in one field will have different meanings in another, leading to confusion. Industrial Internet projects succeed when participants can communicate using common vocabulary terms and definitions. The IIC Industrial Internet Vocabulary Technical Report v2.0 ensures all IIoT stakeholders are speaking the same language, avoiding what would otherwise be an IIoT ‘Tower of Babel.’”

Many people think that working on a vocabulary document would be quite boring. In actuality, the opposite is true. The weekly meetings are more emotionally driven than any other industrial internet meetings that I have attended. By contrast, other meetings may have 20 attendees, but the moderator is content to generate just a few responses from the attendees. At a vocabulary meeting, however, we may sometimes have just five attendees but the moderator needs to queue the speakers because people get excited and respond to a comment at the same time! As a result, the meeting requires one’s full attention (unwise to attempt to read your unrelated emails during the discussion, for example). And the content is intellectually challenging. Sometimes people will spend a long time discussing a simple phrase or even a single word, but in the end most decisions are agreed upon unanimously.

Working on the industrial internet vocabulary report is also quite stimulating. IoT continues to be over hyped in the information and industrial world and many words and phrases are “misused”. By presenting a modern vocabulary with a strong logical model behind different words and combinations of words gives the Industrial Internet Consortium a more structured approach to leading the IoT world down the proper path, at least in the communication about IoT.

In all, the report provides a standard definition for more than 140 terms commonly used in IIC reference and architectural documents. The full report, including terms, definitions and sources, can be downloaded here on the IIC website.