These are not two subjects that get put together very often but there is an ever growing connection between IT Pros and the Internet of Things (IoT) devices that are starting to proliferate in organizations.
During our annual IT/Dev Connections conference in Dallas last week, I had the opportunity to sit in on a session that tied together several aspects of IoT that make it of critical importance to IT Pros. The presentation was done by Anthony Bartolo, a member of the Microsoft Azure Cloud Ops Advocate team, and contained some great insight into this subject.
Anthony sat down with me and talked about what is becoming a very important subject and area of awareness for IT Pros.
IT Pro Today Podcast Episode 7 Transcript
Richard Hay: RH
Anthony Bartolo: AB
RH: Hello everyone and welcome to episode seven of the IT Pro podcast, this is Rich Hay from itprotoday.com. Good to be with you here, we just finished up our IT Dev Connections Conference in Dallas, Texas last week. And I had an opportunity to sit down and talk with another member of the Azure Cloud Ops advocate team, this time I got to sit down with Anthony Bartolo, he's one of the folks that Rick Klaus mentioned in episode six when I interviewed him at Ignite. But we had an opportunity to sit down, after I sat in and attended a session he did about IT Pros in IOT. It's not two subjects that come together often, but after sitting in on his session and then talking to him, which you're gonna hear in a minute, it is very obvious that IT Pros have to become more versed and aware of IOT, in an of things, and what impact it could have on their networks and things like that.
You've heard the term shadow IT before, well he told some really good stories in his session about some shadow IOT, and how large companies have had well meaning folks come in and put things on the network that then created holes because of lack of password or security because they go buy it straight off the shelf and use it as is. So it was a very insightful session, and so I asked Anthony if he would sit down with me for a little while and talk about the importance of IOT when it comes to IT Pros. So that talk follows this right now, so thanks for listening on another episode of the IT Pro podcast. Here you go.
RH: All right, I'm sitting here with Anthony Bartolo, I'll have you tell a little bit about who you are. What do you do at Microsoft?
AB: So I am part of the newly formed Cloud Advocates team, alongside Rick Klaus, Pierre Roman, Phoummala, Sonia Cuff, Michael Bender and Neil Peterson. And we are here to be the listening post for IT professionals. You know, I've had the opportunity to speak at conferences and thank you for the opportunity to speak here at IT Dev Connections. But for me the real exciting piece is sitting with individuals as passionate as yourself, and understand how you're training people in technology, what challenges are you facing? And I have then the opportunity to ingest that and bring that back into Microsoft, into engineering, and say, this is how these services or these solutions are being deployed and utilized. And this is how we can make it better for people to have an easier time implement a new solution or to enable other opportunities that wasn't thought of before.
RH: Right. So what's your background? What'd you come to before Cloud Advocates?
AB: Oh, I bounced around from a lot of places. Level one mechanic. I worked on cars and started my whole journey, I still work on cars with my dad from time to time. I started in the mobile sector, so for about 15 years I was the mobile guy, everything from Windows phone to Blackberry to Palm, to Android and iPhone. Went to Microsoft about 10 years ago to do the then Windows mobile and Windows phone piece. I was at Samsung for a while to do Android for business. Then started to dabble in the IOT side there too, because at that time was very fledgling for Samsung in terms of IOT. And then came back to Microsoft to focus on mobility, but more so on identity management and security. And slowly evolved in terms of the uptake on IOT and the proliferation that's been occurring with IOT in the home, in the business. Been speaking at CES, the consumer electronic show for the last seven, eight years. And you start to see it creep up and grow. You know you have those big TV displays that all the manufacturers have, and then you have all these little IOT devices that are going on. And I was attending a couple of the sessions where it just really peaked for me on IOT-wise. Great solution, they can do all these type of things, but when you asked the question about security the response back is, we're not worried about that right now. We're worried more about adoption and making it easier for people to adopt these solutions, plug n' play, add it to your network and away you go. We'll worry about security when it's down pat.
RH: And maybe not the best approach in this day and age of data security and stuff like that. And in fact, here at IT Dev Con you gave a great talk that put two subjects together we don't typically hear matched, IT Pros and IOT. And in that session you talked about those kind of risks, these devices that are coming on. And as we were talking before we sat down to start recording we were talking about shadow IT. And you mentioned that this is kind of a variation, kind of a branch off of shadow IT. Explain that a little bit.
AB: We're seeing an evolution of shadow IT now. Right? shadow IT traditionally has been, what can I do for myself to make my life easier in my day to day activities? Now you're having scenarios where the business decision makers are looking at data, and they're seeing this data come in and they say, I wanna capture more. I wanna have predictability on X. I wanna know why my customers go to this end of the store. I wanna know why this product is selling so much better than the other product. And they'll look at the development shops and say, hey can you make sense of this data? Can we gather more data? How do we capture this? And so, you know, least path of resistance, they show up at like your local electronic store and grab whatever devices, whatever like a Raspberry Pie and they build something from scratch, or off the shelf and plug n' play and away you go. And they added to the infrastructure without telling IT. And IT is there whittling away and sometimes they will have notification, hey this has come up, in the much larger sized organizations. But in the mid-sized organizations, not so much. And so all this information starts flowing through this device, it's benefiting the business from an aspect of captured information, but could it be that it's now inflicting on the policies set in place and the rules set in place in terms of security? It's not being thought of because we're being innovative, we're being bold, we're going out and capturing this information. We're not worried about somebody else coming in and sniffing out that information. We're not worried about what that could also affect on the backend in terms of infrastructure. Perfect story, and I love to tell stories on IOT, was the Atlantic City Casino that got hacked. There was these fish tanks that were inside of the casino and the third party company that manages the fish tanks wanted to have a better automation solution so that they don't have to keep visiting the casino. And so they literally went to the pet store and bought these off the shelf automatic thermostats that could be controlled over the web. And so they took the thermostats, literally plugged it into the wall, plugged the RG45 directly into it. Plugged it into the fish tank and like oh this is awesome I can monitor all the fish tanks remotely, I don't have to go keep visiting to check the tank. They connected it directly to the backend.
RH: Off the casinos network.
AB: So it's a hard line connection into their router. Right? Literally plugged into the wall. So it's not wifi, you're negating all the security capabilities what so ever, it's directly into the hard wire into the router. And then somebody's sniffing around and they find the IP addresses for these thermostats. And find out that this network in the casino and starts digging through. Now you have unfederated access because you've got this gateway, you know the third party company is managing these thermostats through the gateway and, wow I got full access into the router and I can see everything. The estimated total is $5 million worth of information for the high rollers, for the casino.
RH: So not stealing money, stealing data. Stealing information about the people who spend a lot of money at that casino.
AB: Data is the new bacon. Right? We're in a scenario where data is the money maker now, right? What you can do with data is the opportunities are endless, for good and for bad. And it's been interesting in terms of IOT, what the perceptions are in terms of I can read this data, I can get this information, I can know how many people are walking into my conference. It's like, how does that then relate to the environment? Perfect example for this hotel, so we're at the Fairmont Dallas, beautiful hotel. The south building is actually seven degrees colder than the north building. So, in relation in terms of the data, in terms of the IT Dev Connections Conference, that correlation could also affect the attendees per sessions.
AB: So, hey now we have to track to say, why is there 10% less attendees at these sessions that have been at this room, as opposed to the other side? And then have that correlation.
RH: Tie that to the temperature.
AB: Right. So then that's the thing. Right? So there's so many outcomes that you can come and build to that.
RH: You're saying there is benefit to understanding and knowing the data.
RH: The hazard is, is how you get that data.
RH: And so you talked about in your session about how IT Pros, IOT's mainly not something they're thinking about. I think IOT is a phrase, internet of things is a phrase that people don't necessarily tie the connection that this device is an IOT. Edge computing is another term Microsoft uses for these devices. So, you had some really great advice for IT Pros on how they can take control of this process and kind of step in there and maybe prevent that type of breach in a casino. And you told a great story about a food chain up in Canada, a grocer, who they put these boxes in to monitor the refrigerators and ended up having some issues as well.
AB: So siloing in organizations in terms of IT Pros stick with IT Pros, Devs stick with Devs. You know, it's a bit of a challenge, right? And when it comes to IOT, IT Pros throw their hands up in the air and say, listen this is not a VM, this is not a network thing, this is a developer building all the solution, I have no interest in doing. And, you know, IT Pros should look at possibly becoming IOT Pros. Right? Because the fact that these devices are touching your network, they're capturing information that's pertinent to your organization. It's no difference than your sequel database or your document DB database residing wherever that may be, regardless the data it's there. It belongs to your organization which means there is a monetary value to it and it needs to be safe guarded. These devices are new entryways. If mobile devices are a concern at all, you know, access to your infrastructure, why wouldn't IOT devices be the same right? And so you're looking at these devices coming in and the IT Pro scratches their head and says, this is an additional cost I have to look at, right. So case in point, the grocer up in Canada deployed these gray boxes, so these clone pc's in the manager's offices. They're doing the regulation on the condensers inside of the refrigeration units. And everything is over dial up. So this is done through a third part company, a third party company's managing this infrastructure. Everything is through a dial up and they're saying this is secure because it doesn't touch the infrastructure for the organization, so IT Pro doesn't need to be involved. Right? Because it's not touching their network. And lo and behold, we have somebody who's doing freaking, testing out phone numbers, finds out this one number, dials in. Oh, these are set points. This must be for a refrigeration unit. What happens if I set the set points to this? And literally take out the refrigeration unit. $80,000 worth of damage because they brought in and they've blown up the refrigeration unit. Now the only person that has a notification that refrigeration unit's gonna die is the third party company. And that means that third party company's only watching that one grocer and nobody else.
AB: So how do they know that this is gonna go down and it's gonna be a problem? And who was the first department that was called when this hack was found out?
RH: Probably IT.
AB: It was IT. And IT's going, I have no idea that this is even going on. Right? IT has to have a seat at the table. Not only does the business decision maker and the developer need to realize this, IT has to realize this as well. They're also the culprit in this. All have to come together in terms of what is the outcome? What is the desired plan that you wanna put forth to implement a proper solution, right? Too much we're seeing all the business decision maker wants this to happen, the developers go in and code everything up. We're not talking Dev Ops here, we're not talking any other collaboration here, it's just a go and do it. And that's where the whole shadow IT piece comes in the pipe because there is no communication between the IT Pro and the Dev in respect to this. They go and do it and then later on when there's a problem IT is blamed for it. Right? We talk about IT being seen as a cost center. And that whole aspect of that mentality sticking with the developers and the business decision makers and an IOT solution, yeah we're not gonna bother them because it cost too much. We're not gonna implement, we can do it ourselves. That's why that relationship has to be there, because stuff like the grocer getting hacked, the IT professional would've said, hey we can put in the network securely, here's how we can do it, and architect the plan.
RH: Yet, they have the technical knowledge to be able to do these things.
AB: Not only that, but where the data resided was a Windows Vista box, running SQL 6.5 so to this day, right. When we needed to acquire the data to do some analytics they actually send out USB keys to the locations to pull the information back. Right? Like it was completely, you're scratching your head-
RH: Ancient technology.
AB: And this is not a small grocer. It's a pretty big grocer. And it's because IT wasn't involved in terms of the makeup and the architecture of the solution.
AB: Had they been involved from the get-go they would've known, okay here's how we secure this, here's how we can have backups stored in the Cloud, on Prem, wherever that may be. And then even the whole data exercise and understanding what the data can do, why wouldn't IT be involved in terms of the capabilities of what more you can move forward with? You know, having that different point of view and perspective makes a world of difference in terms of-
RH: In fact, and you're talking about breaking down those silos, which is a big problem in any business. And you're not communicating across as opposed to vertically, it creates these kinds of situations.
RH: Now during your session you talked about some news that was announced at Ignite, IT Pros. Okay I'm an IT Pro, you're telling me it's important for me to understand IOT. What kind of resources, I understand Microsoft's got some new resources for that.
AB: Yes. So at Ignite we launched Microsoft Learn. And what's great about that solution is it is free. And I actually built a full on module on the IOT for IT Pros. So specifically targeted to IT Pros just to get started in terms of the conversation, the capabilities of IOT Hub and IOT Suite. And even provision-
RH: Now you're talking about services on Azure.
AB: Correct. They're all services on Azure. The solution, the demo that I provided it's completely replicated into Microsoft Learn, so there's no guess work, everything can be duplicated in terms of what I've done in the demo. You don't even have to go out and buy a bread board or a raspberry pie or what have you, 'cause it's emulated for you. So there's an emulation tool that brings up a raspberry pie, it runs a simple demo in terms of capturing weather data and you're ingesting that data into the IOT Hub. Everything is step by step, you don't need an Azure subscription to get it started, you just go in, it's a sandbox, it can do the implementation of the emulated raspberry pie right into the IOT Hub, ingesting information using the provisioning tool it will provision out this is what the template or markup of this. In essence, it's a template for the raspberry pie. What I want it to do, what I want it to capture. You can use this new solution called Device Twinning, which was announced at Ignite. Device Twinning now I can have a staged environment. So I have 100 of these devices that are out there capturing weather data and I want to change it to also incorporate humidity. And so before I do this on a full scale implementation, the IT Pro can set up a staged environment using the Device Twin, so it's in essence the running device.
RH: It's a digital-
AB: It's a digital twin.
RH: -of your physical infrastructure.
AB: Correct. And I can actually go through then and give that staging area to the developer to run tests on and build out the solution, blow away ad nauseum as required, spin it up as required to do full on testing. And once it gets to that point where now we wanna deploy, now you just push it on as live and it pushes it out all through the devices. And it's seamless. So it's a great management solution tool. And then from the security perspective the announcement of Azure Sphere. So the tri level security mechanism. Secure hardware, so the MCU's inside of the bread boards that sells the IOT devices, the hardware spec is done in such a way where it's then attached to Azure Sphere software, the OS, that will run on the raspberry pie or other devices that are out there that support the MCU technology. Raspberry pie is not quite there yet, it will probably be there in future iterations.
AB: But the OS running on top of the bread board, right? And then you have the gateway, the Azure Sphere gateway that is the third, hey is the OS and the MCU inline? Is it in check? Have they been tampered with? No. Then I'll ingest the information.
AB: And what's beautiful about the solution is, then from that point, that information can go to any Cloud. Obviously we'd love for it to go to Azure, you know, that's real world-
RH: You're saying that can go to AWS, Google, it doesn't matter where it's destination is.
AB: We understand that more organizations just gonna use one Cloud. They're gonna wanna use multi Clouds because they wanna have redundancy, they wanna have that capability. So the B to that solution is, it manages the security aspect of ensuring that the devices haven't been tampered with or the data's not being siphoned. And after that point, you plug it into whatever Cloud solution you want to, but knowing that your end points to that IOT device are secure.
RH: So with all of this said, what would be your one take away piece of advice to an IT Pro who maybe has a [inaudible 00:17:29]? You mentioned Microsoft Learn, great resource to go start learning about this stuff. But what's the one kind of thing you would say to an IT Pro you were sitting down across from that is just starting to get into this stuff? They're settle in their IT Pro role, but now it's time to expand, it's time to knock down those silos, what's that next step?
AB: You gotta find out what's going on. You have to go and talk to the business. My biggest concern while delivering that session was when I asked, how many people are currently involved in an IOT project, or in the middle of an IOT project at their organization? Nobody - No hands went up. That has to happen first. Right? You gotta go out there and you have to find out what your business is trying to do. A lot of businesses are looking at this. And it's like, everything from banking, to retail, to education, to military, to you name it. So there's gotta be something going on. 80 billion devices currently in the world deployed on IOT. Pretty sure-
RH: The likelihood is your business is doing something.
AB: Correct. And if it's not, then it's fine and you have an interest in IOT, then look at your own environment. What could you fix, or what data would be important to you? Something as simple as a server room temperature gauge, right? And I'm not saying the control of the temperature gauge, but what about your monitoring? Let's look at retail. Retail Christmas time it gets busy, you have on prem servers and hybrid solution, and they're spinning hot. And you're noticing that during Christmas time you gotta turn down the thermostat even further to cool down the room. How about if you were able to predict that? Right? And then show a cost saving to the organization and say, hey I did some predictive analytics in terms of the data from last year when the servers spun up hot because of the hot Christmas season. Now I'm doing that analytics in terms of how do I predict so I can set the temperature gauge accordingly to save the organization.
RH: To introduce some automatics in there.
RH: To adjust.
AB: So if it is an area that an organization is not looking at IOT for a solution, look at your own environment. But, come up with a plan. Don't just go out there and grab devices and start playing with them. Do that just from a hobbyist standpoint, but come up with a plan. Present that plan to the business decision makers at your organization. And get acceptance and then build out, how are we gonna build this out? Do it as a pilot project. Right? Having that seat at the table is really important for the IT professional because the fact that they understand what's going on in their organization. They can capture the data securely, and they can ensure that these devices that are connected to the network are also secure. So there is no data leaks and there's no employee map.
RH: Perfect. Yeah, and that's the best overall for your bottom line.
RH: For the business bottom line. So Anthony, do me a favor, let people know where can they find you at? Where do you hang out at for people to interact with you?
AB: So I hang out a lot on Twitter. So it's @wirelesslife. We have a new blog that's coming up, so itopstalk.com. And what's great about that blog is it's a new type of format where it's a forum and a blog.
RH: Lots of opportunity for interactions.
AB: Yeah bring us your questions. The team itself can also be contacted via Twitter. Via #azops, which is our hashtag where we're starting to have questions come in. And we're gonna be at conferences at a conference near you, so again, here at IT-
RH: Part of what you guys are doing, it's like you're here at IT Dev Con this week, you not only brought content and presentations, but you're here to interact with folks and talk to folks about what's going on.
AB: Correct. We'll be on the Ignite roadshow tour that's coming up as well. It's starting in November, so we will be around the world, which is awesome. And just online. We're everywhere.
RH: Gotcha. Well I appreciate you taking some time to talk to me about a very important subject for IT Pros. And that's the IOT side of things. So thanks again, I appreciate it.
AB: Thank you.
RH: Thanks Anthony.