Transcript.

Erik: Welcome to the Industrial IoT Spotlight, your number one spot for insight from industrial IoT thought leaders who are transforming businesses today with your host, Eric Walenza.

This is an episode of the Ventures and Industrial IoT series brought to you by GE Ventures. In the series, we explore success factors and challenges in industrial IoT markets with CEOs, investors and experts.

Welcome back to the Industrial IoT Spotlight podcast. I am joined again by Mike Dolbec. Mike is managing director of Venture Capital and M&A at GE Digital. Today, we are going to the second part of our conversation with Mike. We will be discussing challenges and opportunities in the industrial IOT space from the end user adoption perspective. Mike has a depth of experience in assessing end user behavior as an investor in IoT startups and through a long career as a technologist and investor.

Our last podcast with Mike, we discuss what's hot versus what's hype. So please look back at that previous podcast. Our next on Friday, we'll be looking at partnering beyond venture.

Now, Mike, looking at challenges and opportunities from the adoption side, maybe as a starting point, what are the challenges that you see traditional companies facing in terms of identifying, selecting, implementing IoT technologies? Certainly, there's the technical side, but there's also the organizational side. I'm interested in your perspective and that aspect as well.

Mike: I have to be careful here because as an investor, I'm not an entrepreneur in this particular scenario. So I'm an investor in companies that are dealing with this issue. And I have a perspective that comes from my investments which may not be representative of everybody's investments.

I invest in companies that we dearly hope they'd be finished their product and finish whatever they're doing and become strategic to GE the way we hope they will be. So the commercial adoption thing is built into our investment diligence process, and then management of the company post investment. In some ways, as far as GE’s relationship with the company, it's a never ending process but it's carefully managed and, and nurtured over time.

If you asked me, hey, Mike, what challenges do your investments see as they try and engage with customers and grow their revenue? Perhaps that's easier thing for me to answer abstractly. I'd say it varies quite widely by each company and their particular situation. So it's an enterprise sale, almost always. In fact, I think in every case, it's an enterprise sale or industrial sale. The sales cycles, the customers are, generally speaking much more conservative industrial buyers at all levels don't handle high concept sales the way other people might for enterprise software. So they have to actually see a working demo often of their use case before they allow themselves to believe okay, it does what you said it was going to do. And I can now work through what that's worth to me.

So getting into a POC or some sort of engagement that has a set of acceptance criteria, like okay, if we do this, and we both agree that the result was what you were looking for, then we'll take the next step. So often, I think their biggest challenge is to make sure that the prospect has a number of things and they spend an extraordinary amount of time. The most successful investments I have qualifying customers upfront, then the qualification steps vary widely.

But it's some version of do you have this strategy that's relevant to my product? Do you actually have a problem that is important that you're trying to solve that you have budget money to allocate towards solving? Is there a way to measure how much better my solution is than whatever way you currently do things? Almost always very important is do you have access to all the data sources see that would be necessary to bring into the experiment here or the evaluation in order to prove that my product does what it's supposed to do for you? Then there's some subtle things that smart salespeople understand, which is do you have a sense of urgency or where are you in the lifecycle of your project?

Okay, you do? Do you have somebody like a Chief Digital Officer, a leader who is supposed to be in charge of journey of digital transformation? Okay, you do. That's great. Does that person have a plan that start small and take baby steps and then start running and so forth? Okay, great, you've got a plan. And all along the way you what you're trying to do is qualify that people are this is more than somebody who's just curious. This is somebody who actually acknowledges they have a problem is trying to solve it, understands what solving it means and what it's worth and is capable of and willing to pay in some amount of time.

I'd say that's finished this long answer with the challenge in industrial is that sometimes particularly in some aspects of cybersecurity, the customers are super, super conservative. And they just can't put any old thing into production because the business continuity of the company they work for is at stake. So, the values and cycles can sometimes be very long. Particularly for a company that's young and unproven and doesn't have a lot of awareness or other large company references when you're just starting out, you get put through the wringer; but eventually, you get to the next stage, which is, look, I've got all these reference customers, they've been through this with me before, you should check with them and make sure that they're happy. And then I'd like to accelerate through this process because I've qualified you as prospect.

Erik: I mean, we see the significant challenge that companies have in evaluating IoT platforms, for example. Because from a marketing perspective, their feature sets are very similar. It's very hard to evaluate differences in platforms without actually doing a POC. But then you get into this quite costly for both sides for the end user and the vendor, but especially for young companies that have limited resources, high risk to take on a large number of customers if they're the wrong, as unqualified or the wrong type of customers and you're then invest in POCs for companies that are not a real potential customer.

Mike: I feel for those kinds of companies because each engagement has a different set of metrics and aesthetics. What's the right platform for this person is very situational versus that company and their situation and you don't get any efficiencies. So it's tough to accelerate that process.

The most novel companies, I met with one in Germany a couple of weeks ago, was very proud of saying, we used to sell that way, we used to sell our features. But now we're partnering with an insurance company, they arm and arm to the customer. And what they sell is the guarantee of improvement. And they sell consultatively to the senior executives of the company who don't care how something works. They just say, if we improve your efficiency or we've saved you money, would you be interested? And of course, generally speaking, the person says, yes, of course, how can you prove to me you'll do that?

And that's a much more interesting conversation that eventually, more or less, they say, okay, well, if we deliver X, then you'll share y with us. And then the rest is implementation. That's a much higher level sales than my thing is faster than their thing, even though that's not exactly how you compare the two.

Erik: I've talked with a small but growing number of companies that are selling to banks instead of directly to the manufacturer. And so they'll find the bank that's loaned the manufacturer a couple 100 million dollars and then talk to them about how they can make sure that they're getting their investment back by helping this company. But companies seem to be having success having these financial discussions as a kickoff place with like insurance companies or banks, and then using that as a partnership to go to the end users and then it's more of a technological or deployment question once you get to that point.

Mike, let's look at security in particular. In the past few years on the industrial side, where do you feel we are today in terms of being able to confidently secure data moving to the cloud or data processed on the Edge?

Mike: Well, I think you're never done. It's a red queen problem to loosely quote Lewis Carroll and Alice through the looking glass. Part of the book I'm referring to is where somebody tells Alice you have to run to stay in place and twice as fast if you want to get anywhere. I can tell you how we think about it at GE, but I can't say that there's no one company that does everything that's required. So we've humbly and soberly looked at the situation that our customers are in, where they're essentially trading off the value of no unplanned downtime and optimized business outcomes does come at some risk of the exposure because the more things are hooked up to the net, and the attack surfaces more exposed.

So the right way to deal with that is eyes open and understand where the risks are and address those across the all the fronts at once. So I think you said data and rest and data in motion, also data in use, which is sort of roughly, you could think about it as you search for something on Google, who else can see your search request and your search results when it come back? That's a simple analogy. Or if you make a database request or part of your code does is the query and the answer in exposed somehow during the journey. It may not be the kind of data you think about, but that's also can be used to attack certain systems.

We think about those issues quite a bit. We think about the issues of industrial equipment, which, as I said before, many of those things are don't have IP addresses and they weren't originally designed thinking that they'd have to protect against very creative people who were trying to attack them or the business processes they're trying to achieve. And then the other thing we try and do is say okay, there's risks at lots of different levels, there's risks in the devices themselves, there's risks in authenticating and making sure they're still what they say they are, even allowing them to connect to a network is risk. And there’re risks inside the tech stack of the edge software in the Cloud stack of the super services we call our own platform.

The best way to attack those risks is to first acknowledge them, and then second, build in from the beginning the FS that you're going to have a secure design lifecycle that security is something you think about as you design a new product, not as an afterthought, you add later because you forgot and discovered some flaw or some chink in the armor. So we think about it all the time. We think about it on behalf of our customers. We collaborate with them and with various governments.

They're even issues of normal cybersecurity systems monitor traffic, they monitor what the devices are doing, and they look for anomalous behavior. But how do you know the information that your monitoring system is receiving is legit? But certainly in some cases where industrial equipment has been attacked, it's been altered in a way that it shows some operator who's casually looking at its behavior that everything's fine, don't worry about me, things are going great. Kind of like the equivalent of the Mission Impossible movie where they slip in a videotape of The Bank Vault, and it's empty and everything's fine. But really what's going on is they're moving around in there take stuff out.

You can't necessarily trust what you're sensing all the time either. So you have to be very careful and re-authenticate that the information you're sensing or the information you're making business decisions on at the time has been an alternative, has some sort of legitimate audit chain back to its source.

Erik: As you said, we're never going to run out of creative people that are is trying to make a profit through security breaches. But as we move into a space where more devices are being connected, companies just have to become more familiar with the thought process that you've just walked through of understanding where the potential breaches could be the potential tactics to secure your data which are just different than they were when it was only desktop computers hooked up.

Obviously, we had years of learning before we got to a place of relative stability, always there are breaches. But companies at least attained a level of understanding of knowing where the risks were and how to balance risk. And that seems to be what we're moving towards, certainly not eliminating risk, but at least understanding it.

Mike: I want to qualify all of my comments by saying we are only one part of a very large IoT market. We're at the exotic and high value assets, very high business value and very high some cases, potential kinetic effects that can be created by misusing certain equipment or simple things can ruin your day like make a million of the wrong thing to turn into scrap because you've changed the recipe for Kentucky Fried Chicken or whatever it is you're trying to make or tennis shoes.

I think modern attackers who attacked industrial equipment don't necessarily need to take over and like they take over your PC and then steal your credit card some piece of data inside the PC., they may leave a piece of industrial equipment intact, and just slightly change the reason that machine is there which is to play some part in a larger manufacturing process or oil refining process or power generation process.

The process is such a tightly orchestrated ballet, that if you throw one ballerina in there with a tennis racket it messes up your whole ballet, even though it is a ballerina. But the goal is not to mess with the ballerina. The goal is to screw up the dance that's accomplished by all the ballerinas by putting it out of balance. The results tend to be a lot worse than losing your credit card. And then there's loss of face, but it could be much more damaging to the business that operates the equipment.

Erik: Yeah, and this is a good transition. Thanks for joining our discussion with Mike Dolbec. The third and final segment of our conversation, we'll be looking at the topic of partnering beyond funding, how companies like GE are working with startups, not just on financing, but also on issues such as providing strategic direction to guide R&D initiatives. So, smaller companies are able to develop technologies to solve a real known problems as opposed to technology for technology's sake and other opportunities to work together of the on the financing side. Thank you. We'll see you soon.

Thanks for tuning in to another edition of the Industrial IoT Spotlight. Don't forget to follow us on Twitter at IoTONEHQ and to check out our database of case studies on IoTone.com. If you have unique insight or a project deployment story to share, we'd love to feature you on a future edition. Write us at Erik.walenza@Iotone.com

Thank you for joining us for another episode of The Ventures in Industrial IoT series. You can learn how GE Ventures goes beyond funding to support their partners in technology development and commercialization at www.geventures.com