Securing Your Digital Future: Cyber Trust As Competitive Advantage

Justin Somaini and Dan Wellers

The accepted wisdom in the cybersecurity field today is that there are two types of companies in the world: those that know they’ve been hacked, and those that don’t.

No enterprise is immune from cyber threats, and the list of big, scary data breaches continues to grow. The vast majority of companies in Europe (92 percent) have been hacked in the last five years, according to a recent survey by specialty insurer Lloyd’s of London. The average total cost of a breach is $4 million, according to a 2016 study by the Ponemon Institute.

Yet, categorized as risk to avoid rather than opportunity to pursue, cybersecurity has never been a terribly sexy topic in the C-suite. It’s an added expense—and one that slows down efforts to leap ahead technologically. The significant attention it receives tends to be of the negative variety when things go horribly wrong. Even as companies have embarked on their digital transformation efforts, security has remained an afterthought—tacked on after a big new investment in advanced analytics, cognitive systems, or Internet of Things (IoT) technology. Very soon, however, that reactive approach will seem antiquated.

A coming mind shift

Spending on IT security has been increasing in the last two years, even as overall technology budgets have been decreasing, according to 2016 report by the SANS Institute. But it’s not just a lift in spending that’s called for, but also shift in thinking.

In today’s age of rapidly developing transformational technologies, keeping on top of emerging security and privacy threats is more challenging—and more critical—than ever before. As companies collaborate with a wider network of partners and meet new demands for 24/7 operations and greater transparency with customers, cyber security risks multiply. The scope, scale, and impact of cyber attacks will grow in concert with increasing digitization:

  • 4.2 billion records were exposed in more than 4,000 known data breaches in 2016, according to Risk Based Security.
  • Cyber insurance premiums could increase tenfold to $20 billion annually by 2025, according to Marsh & McLellan.
  • The cost of data breaches will reach $2.1 trillion globally by 2019—nearly four times the estimated cost of breaches in 2015, according to Juniper Research.
  • Cyber attacks could cost the world up to $90 trillion in net economic benefit by 2030 if cyber security doesn’t keep pace with growing interconnectedness, according to a study published by the Atlantic Council and the Zurich Insurance Group
  • Cyber risk is expanding beyond the virtual world to the physical one. Hackers used highly destructive malware to bring down three Ukranian power distribution companies in 2016, for example, cutting power to 80,000 people.
  • The expanding universe of Internet of Things devices is particularly vulnerable to exploitation as companies may not update them after installation and many devices are not able to receive security update patches, according to AIG. In fact, an IoT hack took down Amazon, Twitter, Netflix, and other major sites in October 2016.
  • Connected devices pose particular concern in healthcare, an industry that already faces 340 percent more cyberattacks than the average industry and that fails to monitor 75 percent of hospital network traffic, according to a report from Raytheon and WebSense Security Labs.
  • Cyberattacks are one of the top ten global risks of highest concern for the next decade, right alongside such threats as water and food crises, natural catastrophes, social instability, and national governance failures, according to the World Economic Forum.

Just a third of companies today are sufficiently prepared to prevent a worst-case attack, according to Oliver Wyman and only a quarter currently treat cyber risk as a significant corporate risk. But as cyber risk expands and the attacks result not only in financial and reputational damage but also in physical destruction, danger, or loss of life, trust will become a competitive advantage. Therefore, those companies and organizations that want to dominate their markets will approach security as a strategic investment, proactively embedding cybersecurity strategy into business strategy.

As companies continue their digital transformations, they need to adopt more flexible and ubiquitous cyber defense measures to meet the more extreme threats they will face. Failing to do so risks unanticipated costs, operational shutdowns, reputational damage, and legal consequences.

A zero-trust approach

Unfortunately, there is no off-the-shelf solution to manage the entirety of a company’s cyber risk. As companies continue to introduce more digital innovations, they must continuously adopt and adapt cyber security measures commensurate with the growing threats they’ll face.

In a global economy, security can only be as good as the regulations, compliance, and enforcement in the countries where an organization operates—and those vary wildly around the world. What’s more, even when a company’s leaders take a more proactive approach to investing in cyber security protection and response, its partners and suppliers may not. Nearly 80 percent of companies fail to assess their customers and suppliers for cyber risk, according to a survey by Marsh & McLellan. And hackers certainly will be proactive about finding the weakest link in a value chain. Meanwhile, as enterprises adopt a growing legion of internet-connected devices and sensors, cyber security risk will be distributed even more widely.

Organizations must evolve from the attitude that perimeter security, achievable by firewalls or anti-virus protection, is enough. As interconnectivity and interdependency increases so too will the adoption of zero-trust networks. The zero-trust approach questions the assumption that a company can be made safe and sound within the confines of its own “secure” corporate network. Instead, a zero-trust approach places controls around data assets themselves and creates increased visibility into how they are used across a digital business ecosystem.

A new approach for a networked world

But, as SAP CEO Bill McDermott wrote to customers in 2016, “Information security is a journey without a destination. The security threat in the enterprise is relentless and multiplying, and the attackers are getting more sophisticated.” A zero-trust network is not enough. When the question is not if, but when, a significant breach will occur, how a company manages this inevitability becomes critical.

The key is to develop a robust approach to measuring, controlling, and responding to cyber risk. We recommend a three-pronged strategy to manage the threats in the expanding enterprise ecosystem:

  1. Prevent. This aspect of cyber security strategy remains as important as ever, and companies must evolve their preventative strategies, from their security policies and educational approaches to the actual access controls they put in place.
  1. Detect. In an evolving cyber threat environment, there is no foolproof prevention approach. Selecting and deploying appropriate intrusion detection systems for the timely detection and notification of compromises is critical.
  1. React. Detection is useless without a response. Companies that approach cyber security as a competitive advantage will put incident response plans in place in much the same way they would plan for recovery from a natural disaster.

Building trust, not walls

The Great Wall of China may have succeeded as an exercise in power or a feat of construction. But as a security strategy, it was a failure. Similarly a cyber security strategy focused on building strong enough borders around the company will fail. It’s impossible to keep all the bad guys out.

As more of a company’s data and its business processes become distributed, it’s cyber security strategy must become much more far-reaching. The good news is that even as digital technologies increase cyber security risk, they can also help mitigate it. Many cloud providers for example, are taking a more robust approach to security strategy that their customers might. New technologies like machine learning and big data analytics can strengthen security protections. Of course, the hackers can—and will—take advantage of these powerful technological advancements as well. Cyber risk experts will tell you the dark web is teeming with attack tools that enable hackers to take advantage of outdated security approaches and corporate vulnerabilities. They’ve been quick to take advantage of new automation tools in order to carry out more sophisticated and layered attacks on corporate and state assets.

Companies who embrace trust and security as competitive advantages will build security into their digital ecosystems at each layer:

  • Secure Products: Incorporating security into all applications, ensuring the protection of content and transactions.
  • Secure Operations: Investing in hardened systems, security patch management, security monitoring, end-to-end incident handling, and a comprehensive cloud operations security framework.
  • Secure Company: Creating a security-educated and aware workforce, end-to-end physical security of assets, and a comprehensive business continuity framework.

Forward-looking companies will follow these principles not only within their own organizations but expect them from their network of partners, supplier, and customers. The hackers of today and the future aren’t working alone and neither should the companies they’re targeting.

The risk of full-blown cyber catastrophes is real. The WEF has warned that large-scale cyber attacks could cause significant economic damage, geopolitical tensions, or widespread loss of trust in the Internet.

A report from the Atlantic Council and Zurich Insurance Group found as soon as 2018, there could be damage from massive cyber attacks equivalent to 1.5 percent of global GDP that is “certain to drastically increase risks and drag down net profits for companies that are most exposed to cyber-attacks..” The worst case scenario could result in a state of perpetual cyber crime and cyber warfare, increasingly vulnerable critical infrastructure, and losses of $90 trillion globally, according to the report.

A collaborative network approach will be critical to combatting such a persistent global threat with implications not just for corporate and personal data, but strategy, supply chains, products, and physical operations. Trust will be the most important currency in the digital future—one that companies will have to earn and work diligently to keep.

Read the executive brief The Future of Cybersecurity: Trust as Competitive Advantage.


Comments

Justin Somaini

About Justin Somaini

Justin Somaini heads the Global Security unit at SAP. With more than 17 years of information security experience, he is responsible for SAP’s overall security strategy, ensuring that SAP and our customers have a consistent and convenient security experience. In his role Justin develops, implements, and manages SAP’s overall policies, standards, and guidelines as well as ongoing SAP security initiatives to meet the emerging international IT and cyber security environments and data protection and privacy laws worldwide. Before joining SAP in 2015, Justin was Chief Trust Officer at Box, the world's leading enterprise software platform for content collaboration. Prior to Box, Justin held the role of Chief Information Security Officer (CISO) at Yahoo!, driving security planning and operations for the company. Prior to Yahoo!, he was CISO of Symantec. Justin holds a Bachelor's of Science degree in Management Information Systems from Drexel University, Philadelphia.

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

Apathy, Not Hackers: The Real Enemy Of The Cloud And Emerging Tech

Paul Kurchina

The cloud is quickly moving past the hype to deliver tangible and transformational value. Across the board, cloud-based products and services are growing to the point where more than 92% of all workloads will be processed in cloud data centers by 2020. The cloud is also enabling heavy-hitter, emerging technology along the way, including advanced analytics, containers, artificial intelligence, cognitive computing, and virtual reality. And even the Internet of Things (IoT) is gaining momentum in the cloud as it sets to impact the world in the next decade 5-10x more than the entire existence of the Internet.

According to Mark Weatherford, senior vice president and chief cybersecurity strategist of vArmour, there are no signs of the cloud’s influence slowing down. In his upcoming Webcast “The Cloud, IoT, and Critical Infrastructure: It’s Not Too Late for the Cyber,” sponsored by Americas’ SAP Users’ Group (ASUG), he will share a much-needed reality check:

“Today is the slowest day in your life in terms of technology. If you think the pace is frantic now, just wait until Q4 … or 2018 … or 2020. The rate of change in business is going to be faster every year for the rest of your working life.”

Even though there is so much potential, very few business leaders understand how the cloud – and the technology it supports – will impact their company. Why? It’s most likely because their organizations are still outmatched in their ability to combat cyberattacks of any kind.

The truth about the cloud, virtualization, and cybersecurity

In no other area of the business are companies fighting to protect their business from so many ill-intended actors, ranging from international organized crime rings to terrorist organizations, politically charged hacktivists, and cyberspies acting on behalf of global nation states. Although there are high-stakes risks in the cloud, this doesn’t mean that locking down your IT systems and data to limit information-sharing and real-time insight is the answer.

Thomas Friedman, American journalist, author, and three-time Pulitzer Prize winner, poetically laid out the dangers of this lack of know-how in one of his recent New York Times columns:

“We’re moving into a world where computers and algorithms can analyze (reveal previously hidden patterns); optimize (tell a plane which altitude to fly each mile to get the best fuel efficiency); prophesize (tell you when your elevator will break or what your customer is likely to buy); customize (tailor any product or service for you alone); and digitize and automatize more and more products and services. Any company that doesn’t deploy all six elements will struggle, and this is changing every job and industry.”

To realize Friedman’s vision, businesses must somehow whittle down a seemingly infinite number of digital options to find technology that best fits their needs. But, as Weatherford suggests, the key to investing in the right technology is focusing on nine fundamental areas of strategic security:

  • Identity and access: Monitor privileged-account usage while allowing only authorized users to access critical systems and countering threats.
  • Network: Ensure that all networks in the IT landscape are secure.
  • Applications: Identify risks to all applications.
  • Security breaches: Understand the threat landscape and plan the right strategy to protect the business.
  • Compliance: Adhere to all application obligations as the company reduces its compliance burden.
  • Supplier risk: Track whether suppliers are adequately safeguarding organizational assets.
  • Business continuity: Strengthen protections to ensure continuous operations during a crisis.
  • Mobility: Secure mobile applications.
  • Cloud: Assess any security risks as a result of a cloud migration.

Weatherford also warns that insiders need to be better trained to prevent unintended security breaches. “The real danger is the uneducated user who is more likely to click on a link or push a button that shouldn’t be touched in the first place,” he said. “Educate, educate, educate. Drill, drill, drill. This is all necessary to raise the bar on security.”

In our increasingly digital world, hope is not a strategy, but a reasonable security program is. Maybe, one day within the next 10 years, security will become a top priority that everyone understands and acquires as a natural skill. But until then, let’s put a little more attention, time, and care into the security of the IT architecture and data while engaging technology that can drive significant competitive advantage.

For more cybersecurity insights and advice from Mark Weatherford, senior vice president and chief cybersecurity strategist of vArmour, join us on October 23 for the Americas’ SAP Users’ Group (ASUG) Webcast “The Cloud, IoT, and Critical Infrastructure: It’s Not Too Late for the Cyber.”

Comments

Paul Kurchina

About Paul Kurchina

Paul Kurchina is a community builder and evangelist with the Americas’ SAP Users Group (ASUG), responsible for developing a change management program for ASUG members.

Will A Digital Renaissance Man Save Cybersecurity?

Derek Klobucher

The cyberattacks we’ve seen to date have been child’s play relative to what’s possible, according to a government expert. We could soon see how bad it can get – and our best defense may be highly capable cyber warriors.

Organizations are scrambling to react in the wake of high-profile attacks, such as a devastating ransomware attack on the UK’s National Health Service in May. Recently Equifax’s interim CEO took to The Wall Street Journal as a sort of mea culpa for a massive data breach of the American consumer credit reporting agency this summer, and the U.S. Securities and Exchange Commission announced a new cyber unit. “Sometime in the next few years, we’re going to have our first category one cyber-incident,” Ian Levy, technical director at the UK’s National Cybersecurity Centre, said at an information security event in September, referring to an attack so severe it would require a national government response.

“Cyber-related threats to trading platforms and other critical market infrastructure” are among the unit’s jurisdiction. And that’s good because plenty of threats exist.

There’s a vulnerable app for that

Stock trading is among your smartphone’s myriad capabilities. But many of the most popular trading apps are susceptible to cyberattack, according to Seattle-based security adviser IOActive.

 “Cybersecurity has not been on the radar of [the people within] the fintech space in charge of developing trading apps,” said Alejandro Hernández, an IOActive cybersecurity consultant. “Security researchers have disregarded these apps as well, probably because of a lack of understanding of money markets.”

These apps enable users to monitor market performance, as well as conduct bank transfers, make purchase orders, and more. But the 21 apps that Hernández evaluated – available via the Apple Store and Google Play – included four that sent passwords in cleartext and others that did not sufficiently encrypt data, among other issues. But the good news is that some people are learning their lesson.

“Innovate to stay ahead of the hackers,” a recent cybersecurity study recommends. “The app developed by a brokerage firm who suffered a data breach many years ago was shown to be the most secure one,” Hernández stated.

Think like a cyber criminal

Cyber-weaknesses are still prevalent where banks, payment systems, and messaging networks meet, according to a Committee on Payments and Market Infrastructures study. And the financial burdens of cyberattacks on businesses around the world seem to be growing, research from Accenture and the Ponemon Institute indicates.

This year’s average cost of cybercrime globally jumped by 22.7% over last year to $11.7 million per organization – or a whopping 62% increase from five years ago, according to the research. Financial services bore the brunt of cyberattacks, averaging annual costs of $18.28 million.

“Innovate to stay ahead of the hackers,” the study recommends. “Invest in the ‘brilliant basics,’ such as security intelligence and advanced access management … [and] spend on new technologies, specifically analytics and artificial intelligence.”

Layer up

Staving off a “category one cyber-incident” will require organizations to focus on risk management – and putting faith in their people, according to the NCC’s Levy. “People create the value at these organizations … [so] build technical systems for normal people.”

That’s important because your organization may not be up against a simple hacker – or an unscrupulous competitor. The complexity, duration, and skill sets necessary for the cyberattacks against the SEC, Equifax, and others hint at the possibility of state sponsorship, said Joshua Douglas, Raytheon’s chief strategy officer of cyber services, on Fox Business.

Thwarting tomorrow’s cyberattacks will require Renaissance men and women, highly capable cyber workers who are well versed in ethics and technology, as well as contextual thinking and clear communications, according to a cybersecurity expert.

“I think most companies are focused on the outside very heavily, which is good,” Douglas said. “But I think that we fail to realize that once an outsider makes it in, that you don’t have that second tier or third tier of support and security to protect the most important assets.”

Renaissance to the rescue

Massive cyberattacks – category one or otherwise – should inspire us to a higher level of innovation, akin to the 20th Century space race, according to national security news website Defense One. Echoing Levy’s call for faith in people, cybersecurity will demand highly capable cyber workers who are well versed in ethics and technology, as well as contextual thinking and clear communications.

“As we expose cyber operators to ever-more vast amounts of sensitive information – and entrust them with some of the most destructive digital tools imaginable – we must continue to ensure that their technical skills are matched by character traits such as integrity and loyalty,” Defense One said. “Only such digital-age Renaissance men and women will be able to rise to the cyber challenges of our time.”

Lackadaisical approaches to security may create long-term problems for your business. See The Future of Cybersecurity: Trust as Competitive Advantage.

Follow me @DKlobucher.

Comments

Derek Klobucher

About Derek Klobucher

Derek Klobucher is a Brand Journalist, Content Marketer and Master Digital Storyteller at SAP. His responsibilities include conceiving, developing and conducting global, company-wide employee brand journalism training; managing content, promotion and strategy for social networks and online media; and mentoring SAP employees, contractors and interns to optimize blogging and social media efforts.

Diving Deep Into Digital Experiences

Kai Goerlich

 

Google Cardboard VR goggles cost US$8
By 2019, immersive solutions
will be adopted in 20% of enterprise businesses
By 2025, the market for immersive hardware and software technology could be $182 billion
In 2017, Lowe’s launched
Holoroom How To VR DIY clinics

Link to Sources


From Dipping a Toe to Fully Immersed

The first wave of virtual reality (VR) and augmented reality (AR) is here,

using smartphones, glasses, and goggles to place us in the middle of 360-degree digital environments or overlay digital artifacts on the physical world. Prototypes, pilot projects, and first movers have already emerged:

  • Guiding warehouse pickers, cargo loaders, and truck drivers with AR
  • Overlaying constantly updated blueprints, measurements, and other construction data on building sites in real time with AR
  • Building 3D machine prototypes in VR for virtual testing and maintenance planning
  • Exhibiting new appliances and fixtures in a VR mockup of the customer’s home
  • Teaching medicine with AR tools that overlay diagnostics and instructions on patients’ bodies

A Vast Sea of Possibilities

Immersive technologies leapt forward in spring 2017 with the introduction of three new products:

  • Nvidia’s Project Holodeck, which generates shared photorealistic VR environments
  • A cloud-based platform for industrial AR from Lenovo New Vision AR and Wikitude
  • A workspace and headset from Meta that lets users use their hands to interact with AR artifacts

The Truly Digital Workplace

New immersive experiences won’t simply be new tools for existing tasks. They promise to create entirely new ways of working.

VR avatars that look and sound like their owners will soon be able to meet in realistic virtual meeting spaces without requiring users to leave their desks or even their homes. With enough computing power and a smart-enough AI, we could soon let VR avatars act as our proxies while we’re doing other things—and (theoretically) do it well enough that no one can tell the difference.

We’ll need a way to signal when an avatar is being human driven in real time, when it’s on autopilot, and when it’s owned by a bot.


What Is Immersion?

A completely immersive experience that’s indistinguishable from real life is impossible given the current constraints on power, throughput, and battery life.

To make current digital experiences more convincing, we’ll need interactive sensors in objects and materials, more powerful infrastructure to create realistic images, and smarter interfaces to interpret and interact with data.

When everything around us is intelligent and interactive, every environment could have an AR overlay or VR presence, with use cases ranging from gaming to firefighting.

We could see a backlash touting the superiority of the unmediated physical world—but multisensory immersive experiences that we can navigate in 360-degree space will change what we consider “real.”


Download the executive brief Diving Deep Into Digital Experiences.


Read the full article Swimming in the Immersive Digital Experience.

Comments

Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation. Share your thoughts with Kai on Twitter @KaiGoe.heif Futu

Tags:

Blockchain: Much Ado About Nothing? How Very Wrong!

Juergen Roehricht

Let me start with a quote from McKinsey, that in my view hits the nail right on the head:

“No matter what the context, there’s a strong possibility that blockchain will affect your business. The very big question is when.”

Now, in the industries that I cover in my role as general manager and innovation lead for travel and transportation/cargo, engineering, construction and operations, professional services, and media, I engage with many different digital leaders on a regular basis. We are having visionary conversations about the impact of digital technologies and digital transformation on business models and business processes and the way companies address them. Many topics are at different stages of the hype cycle, but the one that definitely stands out is blockchain as a new enabling technology in the enterprise space.

Just a few weeks ago, a customer said to me: “My board is all about blockchain, but I don’t get what the excitement is about – isn’t this just about Bitcoin and a cryptocurrency?”

I can totally understand his confusion. I’ve been talking to many blockchain experts who know that it will have a big impact on many industries and the related business communities. But even they are uncertain about the where, how, and when, and about the strategy on how to deal with it. The reason is that we often look at it from a technology point of view. This is a common mistake, as the starting point should be the business problem and the business issue or process that you want to solve or create.

In my many interactions with Torsten Zube, vice president and blockchain lead at the SAP Innovation Center Network (ICN) in Potsdam, Germany, he has made it very clear that it’s mandatory to “start by identifying the real business problem and then … figure out how blockchain can add value.” This is the right approach.

What we really need to do is provide guidance for our customers to enable them to bring this into the context of their business in order to understand and define valuable use cases for blockchain. We need to use design thinking or other creative strategies to identify the relevant fields for a particular company. We must work with our customers and review their processes and business models to determine which key blockchain aspects, such as provenance and trust, are crucial elements in their industry. This way, we can identify use cases in which blockchain will benefit their business and make their company more successful.

My highly regarded colleague Ulrich Scholl, who is responsible for externalizing the latest industry innovations, especially blockchain, in our SAP Industries organization, recently said: “These kinds of use cases are often not evident, as blockchain capabilities sometimes provide minor but crucial elements when used in combination with other enabling technologies such as IoT and machine learning.” In one recent and very interesting customer case from the autonomous province of South Tyrol, Italy, blockchain was one of various cloud platform services required to make this scenario happen.

How to identify “blockchainable” processes and business topics (value drivers)

To understand the true value and impact of blockchain, we need to keep in mind that a verified transaction can involve any kind of digital asset such as cryptocurrency, contracts, and records (for instance, assets can be tangible equipment or digital media). While blockchain can be used for many different scenarios, some don’t need blockchain technology because they could be handled by a simple ledger, managed and owned by the company, or have such a large volume of data that a distributed ledger cannot support it. Blockchain would not the right solution for these scenarios.

Here are some common factors that can help identify potential blockchain use cases:

  • Multiparty collaboration: Are many different parties, and not just one, involved in the process or scenario, but one party dominates everything? For example, a company with many parties in the ecosystem that are all connected to it but not in a network or more decentralized structure.
  • Process optimization: Will blockchain massively improve a process that today is performed manually, involves multiple parties, needs to be digitized, and is very cumbersome to manage or be part of?
  • Transparency and auditability: Is it important to offer each party transparency (e.g., on the origin, delivery, geolocation, and hand-overs) and auditable steps? (e.g., How can I be sure that the wine in my bottle really is from Bordeaux?)
  • Risk and fraud minimization: Does it help (or is there a need) to minimize risk and fraud for each party, or at least for most of them in the chain? (e.g., A company might want to know if its goods have suffered any shocks in transit or whether the predefined route was not followed.)

Connecting blockchain with the Internet of Things

This is where blockchain’s value can be increased and automated. Just think about a blockchain that is not just maintained or simply added by a human, but automatically acquires different signals from sensors, such as geolocation, temperature, shock, usage hours, alerts, etc. One that knows when a payment or any kind of money transfer has been made, a delivery has been received or arrived at its destination, or a digital asset has been downloaded from the Internet. The relevant automated actions or signals are then recorded in the distributed ledger/blockchain.

Of course, given the massive amount of data that is created by those sensors, automated signals, and data streams, it is imperative that only the very few pieces of data coming from a signal that are relevant for a specific business process or transaction be stored in a blockchain. By recording non-relevant data in a blockchain, we would soon hit data size and performance issues.

Ideas to ignite thinking in specific industries

  • The digital, “blockchained” physical asset (asset lifecycle management): No matter whether you build, use, or maintain an asset, such as a machine, a piece of equipment, a turbine, or a whole aircraft, a blockchain transaction (genesis block) can be created when the asset is created. The blockchain will contain all the contracts and information for the asset as a whole and its parts. In this scenario, an entry is made in the blockchain every time an asset is: sold; maintained by the producer or owner’s maintenance team; audited by a third-party auditor; has malfunctioning parts; sends or receives information from sensors; meets specific thresholds; has spare parts built in; requires a change to the purpose or the capability of the assets due to age or usage duration; receives (or doesn’t receive) payments; etc.
  • The delivery chain, bill of lading: In today’s world, shipping freight from A to B involves lots of manual steps. For example, a carrier receives a booking from a shipper or forwarder, confirms it, and, before the document cut-off time, receives the shipping instructions describing the content and how the master bill of lading should be created. The carrier creates the original bill of lading and hands it over to the ordering party (the current owner of the cargo). Today, that original paper-based bill of lading is required for the freight (the container) to be picked up at the destination (the port of discharge). Imagine if we could do this as a blockchain transaction and by forwarding a PDF by email. There would be one transaction at the beginning, when the shipping carrier creates the bill of lading. Then there would be look-ups, e.g., by the import and release processing clerk of the shipper at the port of discharge and the new owner of the cargo at the destination. Then another transaction could document that the container had been handed over.

The future

I personally believe in the massive transformative power of blockchain, even though we are just at the very beginning. This transformation will be achieved by looking at larger networks with many participants that all have a nearly equal part in a process. Today, many blockchain ideas still have a more centralistic approach, in which one company has a more prominent role than the (many) others and often is “managing” this blockchain/distributed ledger-supported process/approach.

But think about the delivery scenario today, where goods are shipped from one door or company to another door or company, across many parties in the delivery chain: from the shipper/producer via the third-party logistics service provider and/or freight forwarder; to the companies doing the actual transport, like vessels, trucks, aircraft, trains, cars, ferries, and so on; to the final destination/receiver. And all of this happens across many countries, many borders, many handovers, customs, etc., and involves a lot of paperwork, across all constituents.

“Blockchaining” this will be truly transformational. But it will need all constituents in the process or network to participate, even if they have different interests, and to agree on basic principles and an approach.

As Torsten Zube put it, I am not a “blockchain extremist” nor a denier that believes this is just a hype, but a realist open to embracing a new technology in order to change our processes for our collective benefit.

Turn insight into action, make better decisions, and transform your business. Learn how.

Comments

Juergen Roehricht

About Juergen Roehricht

Juergen Roehricht is General Manager of Services Industries and Innovation Lead of the Middle and Eastern Europe region for SAP. The industries he covers include travel and transportation; professional services; media; and engineering, construction and operations. Besides managing the business in those segments, Juergen is focused on supporting innovation and digital transformation strategies of SAP customers. With more than 20 years of experience in IT, he stays up to date on the leading edge of innovation, pioneering and bringing new technologies to market and providing thought leadership. He has published several articles and books, including Collaborative Business and The Multi-Channel Company.