Wibu-Systems Blog https://www.wibu.com/za/blog.html Tue, 10 Dec 2019 22:54:18 +0100 Tue, 10 Dec 2019 22:54:18 +0100 t3extblog extension for TYPO3 Flexible Licensing with Process Uniformity Fri, 29 Nov 2019 10:23:00 +0100 https://www.wibu.com/za/blog/article/flexible-licensing-with-process-uniformity.html post-132 https://www.wibu.com/za/blog/article/flexible-licensing-with-process-uniformity.html Rüdiger Kügler With cloud licensing, users can access their software licenses wherever, whenever, and however they need them. Flexible Licensing with Process Uniformity by Rüdiger Kügler 29-11-19

ISVs are pushing the limits of software licensing as more and more applications are being deployed in the cloud. Cloud computing affords a high level of scalability, flexibility, and elasticity that has made a dramatic impact to the way ISVs can license software, enabling new models like on-demand, pay-per-use, and other consumption-based approaches. 

In addition to enabling more economical usage and payment models, the cloud offers end users many additional benefits: users can access their licenses wherever, whenever, and however they need them, from mobile devices or at different locations without having to manually transfer a license file or carry around a dongle; data is better protected in the cloud versus storage on laptops and mobile devices that can be lost or stolen; and software upgrades and maintenance costs are greatly reduced.

For ISVs, however, the transformation to cloud-based licensing doesn’t mean the end of traditional licensing modes. Some applications simply can’t be deployed in the cloud or there may be geographic or cultural considerations that hinder cloud-based delivery. Either way, to stay competitive, ISVs need to be capable of implementing a flexible licensing strategy that gives them the ability to mix and match dongles, machine-bound software licenses and cloud licenses to perfectly suit their requirements and serve their target groups’ needs. It is a great scenario for end users, but for ISVs, there lies a trap: With greater flexibility comes greater complexity.

Consider the different internal workflows that are required to create, deliver, change, and manage licenses using different license containers, whether they be hard, soft or cloud-based, and imagine scenarios where customers want to use all three types because of the diversity of their customer needs. There is a potential nightmare looming.

This scenario is exactly what we took into consideration when we developed and launched CodeMeter Cloud, the most recent addition to the CodeMeter software licensing and protection solution portfolio. CodeMeter was originally developed for dongle-based licensing. The technology later evolved with software-based activation with CmActLicenses and a complete one-stop-shop for managing licenses over the Internet with CodeMeter License Central. Now, CodeMeter has advanced to the Cloud, and notably, using the same delivery and management workflows for any type of license container. CodeMeter Cloud is designed to work in the same way for online and offline licenses. Users who are already familiar with CodeMeter do not have to learn anything new and they can now offer their users a choice – licenses offline on a computer, mobile on a dongle, or online in the cloud. ISVs using CodeMeter for the first time have the flexibility and ease of use they need to satisfy their customers and manage their license efficiently with process uniformity throughout, regardless of the container of choice.

In our Webinar Feeling Right at Home: Uniform Processes for Online and Offline Licenses, we have introduced CodeMeter Cloud and demonstrated the seamless process for creating, delivering, changing, and managing licenses, whether online or offline. You can catch the replay, here.

Rüdiger Kügler

VP Sales | Security Expert

After completing his physics degree course in 1995, he was head of project management for software protection, software distribution, internet banking, and multimedia projects. In 2003, he joined Wibu-Systems and, as part of his role, contributed substantially to the development of Blurry Box® technology.

Leveraging the Promise of the IIoT Wed, 27 Nov 2019 10:20:00 +0100 https://www.wibu.com/za/blog/article/leveraging-the-promise-of-the-iiot.html post-131 https://www.wibu.com/za/blog/article/leveraging-the-promise-of-the-iiot.html Stefan Bamberg With the shift from hardware towards software enabled technologies, IP protection is paramount in the IIoT. Leveraging the Promise of the IIoT by Stefan Bamberg 27-11-19

Just a few years ago, there was some question as to whether the IoT revolution would impact the industrial sector. Today, of course, we know the answer as the benefits for factory productivity and automation inherent in Industry 4.0 were simply too great to be ignored. The next industrial revolution is well underway. Now the question is how much will the impact of the industrial IoT be?

According to a McKinsey study, using IoT connectivity to optimize oil rigs, power grids, factory floors, and thousands of other industrial applications add up to trillions of dollars in economic impact. They estimate that IIoT for factories alone could generate more than $3.7 trillion in economic value by 2025.

One of the key paradigm changes driven by the IIoT is the shift in focus from hardware to software. The integration of embedded software in Internet-connected manufacturing devices, systems, and complete factories has created an environment where features and functionality of smart devices can be adjusted and manipulated by simply controlling the software. This also means functions and features can be readily monetized, which in turn opens up new business opportunities and revenue streams.

In a recent report, Gartner analysts noted that “Technology strategic planners will find next-generation software monetization is not about protection, limited to IP licensing, but about growth from enabling new models with repeatable revenue streams.”

So how are companies coping with the transformation of their longstanding business practices to deliver on the promises of Industry 4.0? In our experiences helping customers navigate this digital transformation, two areas stand out as key enablers: IP protection and licensing and entitlement management.

With the shift towards software enabled technologies, IP protection is paramount in the IIoT, since much of the IP will reside in the software. Thus, it behooves ISVs and embedded system designers to integrate software protection mechanisms to prevent software theft, reverse engineering, and device tampering.

The ease and efficiency in which manufactures can manage software licensing and entitlements in the best interests of their customers is another key. Creative license strategies will enable companies to differentiate themselves and to monetize their software features and functionality in ways that will create new business opportunities.

Let’s take a quick look at how one of our customers used our CodeMeter licensing and protection platform to protect their IP and help them refine their business strategy to take advantage of new licensing models.

ArtiMinds Robotics GmbH, based in Karlsruhe, Germany, is a pioneer in flexible, sensor-based automation solutions, specializing in the development and sales of software to standardize the workflow for robot powered automation. Industrial robots have been a ubiquitous feature of factories and production sites since they first hit the shop floor in the 1970’s. Each next generation has seen the technology evolve to new levels of accuracy, versatility, and efficiency. The IIoT and the arrival of smart factories represent another leap in robotic capabilities. ArtiMinds was well aware of the challenges ahead as well as the potential rewards offered by the IIoT.

ArtiMinds Robot Programming Suite (RPS) combines online and offline programming with a unique approach to create complex robot programs without manually writing a single line of source code. ArtiMinds RPS relies on a template-based programming concept which enables users to choose from more than 60 integrated templates to build the program structure simply via drag & drop. The key element in their proprietary technology lies in the translation of a template sequence into complex robot specific source code.

In order to protect their Intellectual Property, ArtiMinds has implemented CodeMeter from Wibu-Systems, featuring a combination of hardware (CmDongles) and software (AxProtector) tools designed to protect digital assets against piracy, reverse engineering, and tampering. AxProtector fully encrypts executables and libraries for native languages as well as .NET environments and Java. Through a post-build process, it injects best-of-breed anti-debugging and anti-disassembly methods into the compiled code. Its engine remains constantly on guard for security threats, immediately interrupting software execution when hazards are detected.

Furthermore, the integrated tools inherent with Wibu-Systems CmDongles enable easy and comprehensive license and entitlement management. ArtiMinds uses the built-in unit-counters and maintenance period counters, for example, to restrict automated software updates to a valid time-bound update license. The hidden data feature of CmDongles, safe from manipulation or mishandling by the customer or third parties, is an invaluable resource to register robot IDs for robot-bound licenses.

Sven Schmidt-Rohr, CEO of ArtiMinds Robotics GmbH commented: “CodeMeter provides a comprehensive security platform for our industrial robot software suite. It delivers not just protection for our own IP as a vendor and license enforcement capabilities, but a cryptographic framework that allows our customers to protect the automation process IP they build on top of our software suite. This empowers our users to secure their production know-how against threats of all kinds, while still being able to apply this same know-how flexibly in their production. With its many deployment options, CodeMeter supports our software on shop floors with and without connectivity. Its 360° set of security functionalities has convinced us to include CodeMeter as the only commercial 3rd party element in our software suite.”

With the licensing and security features Wibu-Systems has brought to the table, ArtiMinds is in perfect position to roll out and monetize their unique robot programming competencies, helping manufacturers and robot operators around the globe to leverage the promise of Industry 4.0.

For more details, you can read the complete case study.

Security by Default for the Global Economy Wed, 13 Nov 2019 14:50:00 +0100 https://www.wibu.com/za/blog/article/security-by-default-for-the-global-economy.html post-130 https://www.wibu.com/za/blog/article/security-by-default-for-the-global-economy.html Daniela Previtali Encouraging manufacturers to ensure they ship their devices in a secure state is the key objective of the UK government. Security by Default for the Global Economy by Daniela Previtali 13-11-19

The UK government recently launched an initiative to make “Secure by Default and Design” a key element for technological innovation, announcing its intent to make the UK a world leader in eliminating cyber threats to businesses and consumers by developing more resilient IT hardware. The initiative was boosted by the Secure by Default standard that was introduced by the UK Surveillance Camera Commissioner.

The goal of “Secure by Default” standards, in this case, is to provide a guarantee for users that network video security products are as secure as possible in their default settings out of the box. The result of the initiative is a standard that has been written by manufacturers for manufacturers. It includes requirements such as ensuring that passwords must be changed from the manufacturer by default at start-up and have sufficient complexity, and it defines controls about how and when remote access should be given.

Encouraging manufacturers to ensure they ship their devices in a secure state is the key objective for the minimum requirements set forth in the standard. There is much to applaud about the hardware initiative and hopefully similar efforts will catch on globally.

In the software engineering world, Secure by Design is increasingly becoming the mainstream development approach to ensure security and privacy of software systems. In this concept, security is built into the system from the ground up and addresses the cyber protection considerations throughout a system’s lifecycle. This includes security design for the identification, protection, detection, response and recovery capabilities to strengthen the cyber resiliency of the system.

A number of global industry associations and security vendors, like Wibu-Systems, have proposed security standards and software development frameworks, all based on the core security by design foundation. Here are three examples of recent reference security frameworks:

Wibu-Systems will continue to work closely with organization like the IIC and others to share our expertise and develop best security practices for protecting connected devices around the globe. You can read more about our collaborations with several organizations to develop innovative security solutions in this brochure, Security 4.0 By Default and Growth 4.0 By Design

Daniela Previtali

Global Marketing Director

Daniela is a marketing veteran who has dedicated more than twenty years of her career to the service of world-leading IT security vendors. Throughout her journey in this field, she has covered executive positions in international sales, product marketing, and product management and acquired comprehensive knowledge of both digital rights management solutions and authentication technologies. Working from the German headquarters of Wibu-Systems, she is currently leading both corporate and channel marketing activities, innovating penetration strategies, and infusing her multinational team with a holistic mindset.

Cybersecurity and Trustworthiness in IT/OT Wed, 30 Oct 2019 10:34:00 +0100 https://www.wibu.com/za/blog/article/cybersecurity-trustworthiness-and-itot-convergence.html post-129 https://www.wibu.com/za/blog/article/cybersecurity-trustworthiness-and-itot-convergence.html Marcellus Buchheit Nearly 80% of industry professionals regard the growing interconnectedness of OT and IT as a cybersecurity challenge. Cybersecurity and Trustworthiness in IT/OT by Marcellus Buchheit 30-10-19

Earlier this year, ARC Advisory Group, in conjunction with Kaspersky Labs, conducted a survey on the State of Cybersecurity of Industrial Control Systems (ICS) as well as the priorities, concerns, and challenges it brings for industrial organizations. Survey participants were nearly split equally between Operation Technology (OT) and Information Technology (IT) professionals.

Not surprisingly, nearly 80% of the companies surveyed stated that OT/ICS cybersecurity was a high priority and felt the need to invest in more resources, in both systems and ICS staff experts, to adequately address the necessary protection mechanisms. When asked to rank their concerns around an ICS cybersecurity incident, respondents primarily cited the health and safety of their employees (78%), as well as possible damage to the quality of their products or services (77%) as major worries, should the worst happen. The loss of customer confidence (63%) and possible damage to equipment (52%) were also rated as significant concerns.

While there was much data to absorb in the report, one particular point of interest for me was the relationship between OT and IT. Nearly 80% of companies surveyed regarded the growing interconnectedness of OT and IT as a challenge, mainly as a result of the digitalization of OT (industrial networks in particular), which can expose industrial systems and devices that might not be adequately protected to cyberthreats. IT and OT teams often have different security priorities and different goals for maintenance and improvement of their systems. In addition, cultural differences and the lack of communication between departments can exacerbate the problem.

In just the past few years, the convergence of IT and OT has become a well-worn topic of discussion, as there have been a few bumps in the road along the way. Let’s take a brief historical perspective and introduce the notion of “trustworthiness” and how it can serve to smooth the path towards convergence.

OT has been used for many years to implement complex technical processes in industries such as energy generation and delivery, oil/gas, production, transportation and others. OT systems were rarely connected to the Internet as their security capabilities were unable to withstand hacker attacks. As a result, OT systems were unable to take advantage of the benefits of cyber connected systems, such as remote access and administration, centralized data collection and analysis, or cloud-based access to information for process automation e.g. automatic access to weather forecasts to optimize commercial energy usage.   

In the past 20 years, IT learned how to safely connect to the Internet, but only after experiencing frequently increasing security issues and cyber-attacks. Today, we have IT systems capable of remotely accessing all types of private or public information and executing complex operations, such as Software as a Service (SaaS). However, IT systems are still not ready to handle the high security demands of OT systems.

The convergence of IT and OT is required to successfully implement Industrial IoT systems, but the challenges for such a confluence are high, as noted in the ARC survey: Both sides have significantly different priorities, system models, and terminology.

Let’s look at the term Trustworthiness – a paradigm put forth by the National Institute of Standards and Technology (NIST) and the Industrial Internet Consortium (IIC) to address the key system characteristics of cyber-connected IIoT systems. The IIC defines trustworthiness as the degree of confidence one has that a system performs as expected, characterized by 5 key elements: the degree of safety, security, privacy, reliability, and resilience in the face of environmental disruptions, human errors, system faults and attacks.

Trustworthiness is a trait used for years to define the characteristics of both IT and OT systems. For IT, trustworthiness mainly addresses security, reliability, privacy and resiliency, while safety is a lower priority. On the other hand, trustworthiness for OT mainly addresses safety, reliability and resilience. Security is only marginally addressed and privacy is out of any OT scope. Addressing the missing key system characteristics in both IT and OT systems and focusing on the five key characteristics of the IIoT trustworthiness paradigm will solve many IT/OT convergence problems, especially concerning security, safety, and privacy.

If you are interested in taking a more in-depth look at the characteristics of Trustworthiness in regards to the IIoT, the September 2018 edition of the IIC’s Journal of Innovation features nine articles highlighting different aspects of Trustworthiness, including a short introduction and an article on Trustworthiness in Industrial System Design by me.

Marcellus Buchheit

Co-founder of WIBU-SYSTEMS AG, President and CEO of WIBU-SYSTEMS USA

Marcellus Buchheit earned his Master of Science degree in computing science at the University of Karlsruhe, Germany in 1989, the same year in which he co-founded Wibu-Systems. He is well known for designing innovative techniques to protect software against reverse-engineering, tampering, and debugging. He speaks frequently at industry events and is an active member of the Industrial Internet Consortium. He currently serves as the President and CEO of Wibu-Systems USA Inc.

Twice the Growth, 2 Times the Protection Tue, 15 Oct 2019 00:33:00 +0200 https://www.wibu.com/za/blog/article/twice-the-growth-2-times-the-protection.html post-128 https://www.wibu.com/za/blog/article/twice-the-growth-2-times-the-protection.html Daniela Previtali The U.S. software market grew twice as fast as the overall economy supporting 1 in every 10 jobs and will rise even further. Twice the Growth, 2 Times the Protection by Daniela Previtali 15-10-19

“U.S. Software Jobs Grow Twice as Fast as Overall U.S. Jobs.”

That’s a key takeaway from the latest report, Software: Growing US Jobs and the GDP, released in September 2019 by Software.org: the BSA Foundation. The growth number is startling, particularly given the strength of the U.S. economy in the past two years.

In addition to job growth in the software industry, the U.S. software industry economy expanded by 19 percent since 2016, contributing $1.6 trillion to the total U.S. value-added GDP in 2018.

Key findings reported by BSA in the report are:

  • Software supports one in every 10 jobs in the United States. The software industry supports 14.4 million total US jobs across every economic sector, and the software industry directly employs 3.1 million people.
  • Software’s impact on jobs grew twice as fast as the overall economy. Jobs supported by the software industry increased 7.3 percent from 2016 to 2018. By contrast, US jobs grew by three percent over the same period.
  • Software’s economic impact grew by double digits in most US states. In 2018, 39 of the 50 states (plus Washington, DC) experienced double-digit growth. Additionally, software’s economic impact in four states—Nevada, South Dakota, Washington and Wyoming—grew by more than 30 percent from 2016 to 2018.
  • Software jobs are growing quickly beyond traditional tech hubs. The ten states that experienced the fastest software job growth from 2016 to 2018 include Nevada, South Dakota, Wyoming, New Hampshire, South Carolina, and Montana.
  • New innovations are around the corner. The software industry invested more than $82 billion in research and development (R&D) in 2018, accounting for more than 22 percent of all domestic business R&D in the country.

The double-digit growth in the U.S. software industry is great news and we expect similar trends to be realized around the globe as software strengthens its relevance as a key enabling technology across all economic sectors.

For a software security company like Wibu-Systems, the reported industry growth is exciting, but it also means we have to work twice as hard to protect the industry from software piracy and continue to innovate secure licensing technologies that assure ISVs fully gain the software revenues in which they are entitled to.

You can see our latest software security technology innovations and how we protect global software publishers from revenue losses caused by illegal software copying, both intentional and unintentional.

Daniela Previtali

Global Marketing Director

Daniela is a marketing veteran who has dedicated more than twenty years of her career to the service of world-leading IT security vendors. Throughout her journey in this field, she has covered executive positions in international sales, product marketing, and product management and acquired comprehensive knowledge of both digital rights management solutions and authentication technologies. Working from the German headquarters of Wibu-Systems, she is currently leading both corporate and channel marketing activities, innovating penetration strategies, and infusing her multinational team with a holistic mindset.

Main Prio: Improving Customer Relationships Tue, 24 Sep 2019 16:06:00 +0200 https://www.wibu.com/za/blog/article/main-prio-improving-customer-relationships.html post-127 https://www.wibu.com/za/blog/article/main-prio-improving-customer-relationships.html Marcel Hartgerink Embracing the shift in customer preferences led by Industry 4.0 and radically transforming the entire business strategy. Main Prio: Improving Customer Relationships by Marcel Hartgerink 24-09-19

Digital transformation is disrupting industry on a global scale and drastically changing existing business processes, company culture, and customer experiences. Under this impetus, companies are reimagining their business practices to excel in the digital age.

For manufacturers, digital transformation is critical for success. New technologies like artificial intelligence, machine learning, and cloud computing are driving the Industry 4.0 digital revolution (Forbes). According to a 2018 study, Industry 4.0: Global Digital Operations, conducted by global consultancy PWC, “out of 2,000 manufacturers, 86% expected to see cost reductions and revenue gains from their digitization efforts over the next five years.”

The integration of these new technologies via Industry 4.0 is enabling manufacturers to deliver a unique product to their consumers vs. the traditional mass-produced clones, causing a dramatic shift in consumer expectations towards personalized goods and services. Automotive manufacturers, in particular, have leveraged digital transformation to offer their customers a truly customized purchasing experience beyond simply being satisfied with a vehicle available on the dealer’s lot. Now, auto buyers can customize their vehicle with a seemingly endless number of options, from interior and exterior colors, Bluetooth connections, cameras, sensors and the like.

A good example of one company who re-invented its business processes to better serve their customers is Desoutter Industrial Tools, a French manufacturer of advanced electric and pneumatic assembly tools for the aerospace and automotive industries. Recognizing the shift in customer preferences in the context of Industry 4.0, Desoutter engaged in what they called a “radical transformation”, incorporating a high level of flexibility in the way their customers could deploy and repurpose their tools as their needs changed.

One important element of the transformation involved the introduction of more software-driven functions into their product portfolio. This move allowed Desoutter to implement a novel solution that would enable their customers to quickly repurpose their tools as needed without having to discard unused equipment or incur additional costs to acquire new capabilities. At the core of the new process is the concept of Unit Values (UVs). With the purchase of UVs, customers can dynamically draw from their UVs to access only the products’ features and services they need at any time. If they no longer require certain services, they can recover the UVs and convert them into a different service or even redeploy them on another tool. The approach gives their customers a way to immediately reconfigure a workstation, for instance, for another purpose using their available UVs.

One critical aspect of the process was license security. It was essential that UVs could be purchased electronically and protected against hacking or counterfeiting to ensure the appropriate monetization of their software. Integration of Wibu-Systems’ CodeMeter security and licensing technology provided protection for the UVs and the management flexibility necessary to efficiently create and deliver the UVs. As a result, Desoutter’s customers can use an online configurator to select the features they want on a specific tool and then order the UVs they need via an e-wallet in the form of a CodeMeter USB dongle. The customer can activate the service by simply connecting the dongle to a controller.

For Desoutter, the concept was not just about selling as many licenses as possible, but rather providing a solution that met the versatility required by their customers. By embracing digital transformation and re-engineering their business practices, Desoutter has strengthened their customer relationships and given themselves a significant edge over their competition.

I invite you can read the complete case study here.

Rüdiger Kügler

VP Sales | Security Expert

After completing his physics degree course in 1995, he was head of project management for software protection, software distribution, internet banking, and multimedia projects. In 2003, he joined Wibu-Systems and, as part of his role, contributed substantially to the development of Blurry Box® technology.

The Complex Software Licensing Landscape Tue, 03 Sep 2019 09:43:00 +0200 https://www.wibu.com/za/blog/article/the-complex-software-licensing-landscape.html post-126 https://www.wibu.com/za/blog/article/the-complex-software-licensing-landscape.html Rüdiger Kügler The software licensing tools must be readily adaptable to the new purchasing and delivery models of the connected age. The Complex Software Licensing Landscape by Rüdiger Kügler 03-09-19

The digital transformations occurring across all segments of society are unfolding at breakneck speed. From autonomous vehicles and smart cities to digitized healthcare delivery, all facets of our connected world are evolving in ways seemingly unimaginable just a few years ago. With smart technologies built into phones, wearables, home appliances, and just about any other device, consumers are assimilating new technologies into their daily lives as fast as they are introduced.

Digital transformations are also driving cultural change. Consumer preferences are evolving dramatically, particularly in the way products are purchased, delivered, and updated. As a result, tried and true business models are no longer the norm and only those companies who possess the foresight and ability to alter their business practices to cater to the digitized consumer will succeed.

Let’s take a look at the effects these changes are having on the software industry and software licensing in particular. For an ISV, the days of the traditional perpetual license with maintenance contracts are long gone. Software users now expect to pay only for what they use and for the frequency in which they use it, and payment might take the form of a monthly subscription vs. a one-time upfront payment. Software updates and feature upgrades can be delivered via the Internet, and in some cases, users may want to try the software prior to purchasing. And, some consumers may be more comfortable with on premise software applications while others may prefer cloud application deployments.

The scene is just as complex, or perhaps more, for embedded software developers who need to be capable of delivering their software across multiple development platforms, architectures, and operating systems. They also need to be able to deliver updates in a secure fashion, particularly in the IoT and Industry 4.0 world where cybersecurity is paramount.

The bottom line for ISVs and embedded system developers is that the software licensing tools they use must be readily adaptable to the new purchasing and delivery models that are required to address the expectations of the next generation consumers.

Take, for example, the case of Vector, a German developer of advanced software tools and embedded components across a wide range of industries. They sell thousands of product licenses annually for products such as electric car charging, automotive safety and security concepts, Advanced Driver-Assistance Systems (ADAS), autonomous vehicles, AUTOSAR adaptive platform, and an array of other electronic systems. With such a diverse customer base, the company was facing several challenges in managing their license entitlements. First, they wanted to protect their invaluable Intellectual Property from piracy with a secure license delivery mechanism. Secondly, each of the industries that they served had unique licensing preferences and requirements and they were using disparate tools to address their needs. Ultimately, they wanted one integrated solution that would fit into their existing SAP back-office environment.

While their requirements for a modern licensing management system are not uncommon in today’s connected landscape, their array of such highly complex products for so many diverse use cases represented an interesting challenge. Wibu-Systems, in conjunction with our SAP integration partner, Informatics Holdings, provided a flexible license and entitlement solution that met all their requirements.

At the heart of the solution was CodeMeter License Central for the creation, delivery, and management of licenses. With the integration of CodeMeter License Central into Vector’s SAP system, Vector is now able to manage all its licenses centrally with ease, making for leaner support and more efficient sales processes. Depending upon customer requirements, licenses can be delivered securely via software-based binding technology or hardware-based dongles. It is an interesting story with an innovative solution and I invite you to read the entire case study.

Rüdiger Kügler

VP Sales | Security Expert

After completing his physics degree course in 1995, he was head of project management for software protection, software distribution, internet banking, and multimedia projects. In 2003, he joined Wibu-Systems and, as part of his role, contributed substantially to the development of Blurry Box® technology.

What Might MedTech Look Like in 2030? Tue, 20 Aug 2019 12:14:00 +0200 https://www.wibu.com/za/blog/article/what-might-medtech-look-like-in-2030.html post-125 https://www.wibu.com/za/blog/article/what-might-medtech-look-like-in-2030.html Daniela Previtali AI, IoT, and predictive analytics are transforming the healthcare sector and shifting the focus from products to services. What Might MedTech Look Like in 2030? by Daniela Previtali 20-08-19

Digital transformation is changing the healthcare landscape as more and more medical devices come online, both next generation systems and legacy equipment, with many allowing remote access. Digital patient data continues to proliferate beyond the confines of the medical facility as well.

Deloitte recently published a report that took a predictive “Glimpse into the future of connected care with MedTechs”. In particular, the report took a holistic view of what they believe to be the key trends and drivers that will shape the connected care landscape and the uncertainties that will have an impact on the industry by 2030.

There was general consensus that medical device technology is a vital component of the healthcare sector, while the market transforms itself from a focus on products towards a focus on connectivity and integration, based on evolving technologies like AI, IoT, and predictive analytics.

Deloitte envisioned 4 different scenarios where connected care could create and sustain value through 2030.

  • Scenario 1 – Ahead of Diseases: In a world where both MedTech players and the tech players find their niche within the healthcare ecosystem, society will benefit from predictive diagnoses and position itself ahead of diseases.
  • Scenario 2 – Trust vs. Convenience: In the Trust vs. Convenience scenario, MedTech and tech players offer fragmented product and service portfolios that are fighting for every inch of market share.
  • Scenario 3 – Everyone Doing Everything: In the Everyone Doing Everything scenario, newcomers have given up on entering the healthcare market. MedTech players are now trying to build up their own data platforms fed by their various medical devices.
  • Scenario 4 – All About the Patient: In the All about the Patient world, health-related data is regarded as a commodity, but exclusively for MedTech companies. Attempts by outsiders to gain access fail due to high regulatory requirements. Patients benefit from user-friendly devices and advanced predictive diagnosis.

Within these potential scenarios, Deloitte laid out some of the uncertainties that will play a role in how these predictions take shape. One of those uncertainties pertained to the competitive landscape, with question marks as to how far tech giants will be able to enter the MedTech market and whether smaller startups with novel technologies will be able to gain entry and at what success rate? The second uncertainty is the accessibility of standard healthcare data as restrictive data privacy standards, issues with cybersecurity and the lack of standards for interoperability may limit the potential to utilize artificial intelligence and therefore prohibit predictive diagnosis.

While cybersecurity was not an emphasis in the report, at Wibu-Systems, we believe that security of patient data, healthcare software, and connected medical devices in what is becoming known as the Medical Internet of Things will have a huge impact on the MedTech industry between now and 2030 and beyond. Will manufacturers adopt a security by design approach for product development? How stringent will government regulators be in forcing manufacturers to adopt security best practices? How will interoperability, or lack thereof, impact the integration of legacy medical systems? These are just a few of the security-related uncertainties that can be added to the list.

A few years ago, we published an article on Protecting End Point Security of Medical Systems which highlighted many of the vulnerabilities inherent in connected medical systems and how several of our medical device customers are addressing these threats to their systems, software and data with advanced protection, licensing and security mechanisms. The points covered in the article ring as true today as they will in 2030.

Daniela Previtali

Global Marketing Director

Daniela is a marketing veteran who has dedicated more than twenty years of her career to the service of world-leading IT security vendors. Throughout her journey in this field, she has covered executive positions in international sales, product marketing, and product management and acquired comprehensive knowledge of both digital rights management solutions and authentication technologies. Working from the German headquarters of Wibu-Systems, she is currently leading both corporate and channel marketing activities, innovating penetration strategies, and infusing her multinational team with a holistic mindset.

Advice for IoT Device Manufacturers Thu, 08 Aug 2019 16:48:00 +0200 https://www.wibu.com/za/blog/article/advice-for-iot-device-manufacturers.html post-124 https://www.wibu.com/za/blog/article/advice-for-iot-device-manufacturers.html Terry Gaul In its latest publication, the NIST addresses the many cybersecurity risks inherent in IoT device manufacturing. Advice for IoT Device Manufacturers by Terry Gaul 08-08-19

With its many promises and great prospects, the Internet of Things (IoT) warrants much stronger protection then the closed systems of the past. IoT systems rely on public networks, which by definition, are unsafe environments. Hackers are always looking for backdoors and exploits while trying to tamper with data to cause untold damage.

The U.S. National Institute of Standards and Technology (NIST) recently released a draft of security recommendations for IoT devices. Titled Core Cybersecurity Feature Baseline for Securable IoT Devices:  A Starting Point for IoT Device Manufacturers (NISTIR 8259), the draft defines a core baseline of cybersecurity features that manufacturers may voluntarily adopt for IoT devices they produce.

The publication is intended to help IoT device manufacturers understand the many cybersecurity risks inherent in IoT devices and help them provide cybersecurity features that make them at least minimally securable by the individuals and organizations who acquire and use them. The publication also provides information on how manufacturers can identify features beyond the core baseline most appropriate for their customers and implement those features to further improve device security. NIST says this approach can help lessen the cybersecurity-related efforts needed by IoT device customers, which in turn should reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised IoT devices.

The Core Baseline provides a list of six recommended security features that manufacturers can build into IoT devices:

  • Device Identification: The IoT device should have a way to identify itself, such as a serial number and/or a unique address used when connecting to networks.
  • Device Configuration: Similarly, an authorized user should be able to change the device’s software and firmware configuration. For example, many IoT devices have a way to change their functionality or manage security features.
  • Data Protection: It should be clear how the IoT device protects the data that it stores and sends over the network from unauthorized access and modification. For example, some devices use encryption to obscure the data held on the internal storage of the device.
  • Logical Access to Interfaces: The device should limit access to its local and network interfaces. For example, the IoT device and its supporting software should gather and authenticate the identity of users attempting to access the device, such as through a username and password.
  • Software and Firmware Update: A device’s software and firmware should be updatable using a secure and configurable mechanism. For example, some IoT devices receive automatic updates from the manufacturer, requiring little to no work from the user.
  • Cybersecurity Event Logging: IoT devices should log cybersecurity events and make the logs accessible to the owner or manufacturer. These logs can help users and developers identify vulnerabilities in devices to secure or fix them.

For a more in-depth analysis of the nature of IoT security threats and the technical measures designed to protect these connected devices from malicious hackers, you can download our white paper, Licensing and Security for the Internet of Things.

This whitepaper explores the various trends emerging in the IoT and the key strategies for success, which depends not only on superior products, creative marketing, and aggressive sales activities, but security, integrity and reliable licensing as well.

It also outlines the standards that must be addressed and long-term considerations that will impact security, like integration in devices and software, upgrades and updates, secure boot, licensing models tailored to the IoT, license management, access rights and certificates, scalable safeguards and data integrity protection

Terry Gaul

Vice President Sales USA

Terry Gaul is a sales and business development professional with extensive experience in the software and technology sectors. He has been involved with software protection and licensing technologies for more than 20 years and currently serves as Vice President of Sales at Wibu-Systems USA. When he is not helping customers with software licensing, Terry typically can be found coaching his daughters' soccer teams or camping with his family on the Maine coast.

AI in the IIoT is a Matter of Trust Tue, 02 Jul 2019 16:47:00 +0200 https://www.wibu.com/za/blog/article/ai-in-the-iiot-is-a-matter-of-trust.html post-123 https://www.wibu.com/za/blog/article/ai-in-the-iiot-is-a-matter-of-trust.html Marcellus Buchheit What are the challenges, risks, and benefits of AI as it enhances efficiency, reliability, and effectiveness of IIoT processes? AI in the IIoT is a Matter of Trust by Marcellus Buchheit 02-07-19

Artificial Intelligence is a hot commodity in the technology world these days. But what does it mean in the context of the Industrial IoT?

An early definition of artificial intelligence was one of “thinking machines” that could make decisions like humans, and with some people, elicited a fear that these thinking machines could actually replace humans in the manufacturing world. Today’s perception of AI, however, is geared more towards machines that exhibit human reasoning as a “guide to provide better services or create better products rather than trying to achieve a perfect replica of the human mind”, as noted in a Forbes article by Bernard Marr. He added that “It’s no longer a primary objective for most to get to AI that operates just like a human brain, but to use its unique capabilities to enhance our world.”

When applied to Industrial Internet of Things (IIoT) systems, AI has been demonstrated to offer business and technology advancements, such as cost reduction and better performance. Examples include the benefits of predictive maintenance leading to reduced outages, better resource management and scheduling and enhanced insights into system usage. AI has also been used to design physical structures, electronic components, and to perform quality assurance testing of complex systems.

Of course, with disruptive technology advancements like AI comes an entirely new set of challenges and risks for the users of such technology, including IIoT systems. Some of those risks were presented in an article published by the Industrial Internet Consortium (IIC) in their Journal of Innovation (JOI), entitled AI Trustworthiness Challenges and Opportunities Related to IIoT.

At the crux of the JOI article was the notion of trust – trust in that systems operate correctly based on evidence that can be understood. IoT Trustworthiness is defined in the IIC Vocabulary as the “degree of confidence one has that the system performs as expected with characteristics including safety, security, privacy, reliability and resilience in the face of environmental disturbances, human errors, system faults and attacks.”

If the AI system makes it hard or impossible to understand how a decision was made, trust in the system is reduced. The article goes on to describe the various risks and challenges AI can pose to the trustworthiness of an IIoT system.

One example illustrated how AI can be used to probe a system for vulnerabilities by attempting to attack the system itself. The AI system was connected to a video game and subsequently learned how to defeat the game in novel ways. A benign example for sure, but imagine, however, if the system was not a harmless video game but rather an air traffic control system, city traffic light system or nuclear power plant. The dire implications of uncontrolled AI are clear. 

While the technology might expose vulnerabilities to malicious manipulation in IoT systems, AI can also be used to enhance the trustworthiness of a system. The JOI article points out two categories in particular where AI in IIoT is emerging:

  • The use of AI to improve the efficiency, reliability, and effectiveness of processes and tasks that can be fully automated with little risk. These are processes and tasks that are generally mundane, repeatable, static with few variations, or tasks that are very specific and/or localized to specific components in system.
  • The use of AI in processes that are critical, consequential and non-mundane. When the level of risk is high enough, humans must maintain the ultimate decision-making capacity – this is referred to as the “human-in-the-loop” approach or HIL.

The article discusses the challenges, risks, and benefits of AI in IIoT environments in much more detail. You can read the full article here.

Marcellus Buchheit

Co-founder of WIBU-SYSTEMS AG, President and CEO of WIBU-SYSTEMS USA

Marcellus Buchheit earned his Master of Science degree in computing science at the University of Karlsruhe, Germany in 1989, the same year in which he co-founded Wibu-Systems. He is well known for designing innovative techniques to protect software against reverse-engineering, tampering, and debugging. He speaks frequently at industry events and is an active member of the Industrial Internet Consortium. He currently serves as the President and CEO of Wibu-Systems USA Inc.