Interview with Lars Nagel, Managing Director of IDSA
"COMPANIES CAN EXCHANGE INFORMATION AND STILL STAY IN CONTROL OF THEIR DATA"
TEXT: FLORIAN STREIFINGER, E&E, 15.06.2018
In order to obtain added value from data, companies are usually dependent on the exchange with other companies. This is something that many companies have been reluctant to do up till now because their concerns about disclosing trade secrets are too great. International Data Spaces is there to dispel these fears. Lars Nagel, Managing Director of the International Data Spaces Association, explains how this works in an interview.
Picture: Andreas Oertzen
The picture of data as the oil of the 21st century has been around for years. So far, however, this has mainly been the case in the consumer sector. Why is the industrial sector still not doing more?
Indeed, industrial companies are still quite reluctant to use data. There are simply too many open questions as to how data should be handled as an economic asset. Many companies still have a great lack of knowledge on this point and, of course, uncertainty as a result.
So, in your opinion, it is mainly due to legal concerns? Is it not rather a lack of ideas on how to actually use the data?
Both are certainly true. Companies want to exchange data, as is already happening in B2C or C2C. After all, they notice what added value and sales are generated there. At the same time, however, they do not want to simply reveal their business secrets or know-how without knowing what is actually happening and without benefiting from it. This is where we come in with our International Data Spaces (IDS) proposal. The IDS enables two or more companies to agree on a secure and regulated exchange of data and at the same time ensures that each of the companies remains master of its own data. The economy urgently needs regulated handling of information. Of course, you are absolutely right that in many cases the specific ideas are missing. In the industrial sector, hopes are high but little is being implemented. However, some companies are already earning money with data and are not only optimising their processes.
Which companies and projects do you mean by this?
Deutsche Telekom, for example, offers a data marketplace with the Data Intelligence Hub. The French company Datex is also pursuing such a business model. Around 3,000 companies are already active on its platform. And it is not products that are traded there but data.
In the consumer sector, a few providers, such as Google or Amazon, dominate the data business. Do such data octopuses also arise in industry?
That is what I am assuming. There are already some platforms, such as the Mindsphere from Siemens, where many companies are already represented. They have a very large lock-in effect. This means that the inhibition threshold for users to leave is very high. In my opinion, most projects and the main data exchange will therefore be concentrated on a few platforms. But there won't be just one platform, there will be several. Industrial Data Spaces aims at breaking down these proprietary ecosystems by enabling data exchange between them. There has to be interconnectivity between the systems. Since most major vendors such as Siemens, SAP, Telekom and DXC Technology are members of the IDSA, we can have intensive discussions with them about this.
Do these companies have any interest in opening up their platforms at all?
Of course, the companies are currently trying to get as big a piece of the pie as possible, and so far they are not very interested in an exchange between the platforms. That's completely legitimate. In my opinion, however, they have also realised that they have to open up after all. The world will operate differently in the future and they know that. This is currently becoming apparent in the consumer sector. Users are increasingly reluctant to accept dependence on individual platforms. They want to be more self-determined again. And this is also the case in industry.
Let's talk about the ownership of data. What data does a company own?
Ownership of data in itself is very clearly regulated. I don't think the question of ownership is particularly relevant. If a sensor detects a temperature of 28 degrees, then it is not decisive to whom the value of 28 degrees belongs. This does not help anyone anyway. What is relevant is the context in which it was recorded, i.e. at which point, at what time, which values were measured before and after, and which environmental conditions prevailed. Who owns the individual data is clearly regulated. But they are only interesting in combination. To do this, companies have to network with each other, because none of them can collect all the information on their own. In order to develop a serious business from this, it must be clarified, of course, what proportion each company has contributed and how this is paid for. This is the really exciting question
Let us briefly stick to the legal problem. If a machine manufacturer uses a module in a device, do the data collected from these components belong to the manufacturer of the device or of the module?
In this case, the data belongs to manufacturer of the machine and not to that of the module. This is normally regulated in the contract concluded between the two of them. The same applies if the machine is subsequently used to assemble something else, for example a car. This is also contractually regulated. If, in turn, a person drives this car, the ownership of the data collected is also contractually stipulated. The legal situation is therefore absolutely clear. Currently, the recorded information belongs to the automobile manufacturer. Whether this is desirable is rightly being discussed at the moment. I do not necessarily think it is a good thing.
So we need adapted laws on data ownership?
There is no point in adapting the current laws or issuing a new one on data ownership. Instead, we need mechanisms on which parties in any economic environment can fundamentally agree. The details in the automotive industry are certainly different from the ones in medicine or banking, but the basis should be the same. And to return to your previous question: the interesting thing is what the component manufacturer actually wants to do with the data. The amount of information to be gathered there is simply not very high. You cannot draw any major conclusions, if the current flows with one or five volts, for example. Nobody is willing to pay for that. It only becomes interesting, if something specific can be read from these data. At this point, we need a mechanism by which the companies involved can agree on how to use the data. Whether they are both interested in using the data or whether they even want to use them together in a common business model. We are then talking about data management.
The Industrial Data Space (IDS) is said to be one of those mechanisms. What exactly is it about?
The IDS is a reference architecture for an ecosystem in which data can be exchanged securely and confidentially. The data in this system can be provided with conditions for use and these can also be enforced. The big advantage for companies is that they can share information without losing control of their data.
How exactly does this work?
Technically, the whole thing runs via a secure IoT gateway, the so-called connector. It serves as an interface and can merge with other connectors to form a peer-to-peer network. The exchange does not take place via a cloud where the data is stored by a third-party provider, but directly between the companies involved.
The connector also allows you to specify exactly how the data may be used, i.e. how often someone can access them, which values they can see, whether they can save and pass them on and, of course, whether costs arise for their use. The connector is available in four variants, depending on how secure the exchange must be. For most applications, the basic version is certainly sufficient. It has all the basic functions, i.e. enables secure information transmission and implements the defined data usage conditions. Companies that want to know exactly which chip records or requests the values need the Trusted Connector with a Trusted Platform Module (TPM). If the system is to be checked 24 hours a day for intruders and manipulations, the Trusted Plus Connector is necessary. There is also a free, open variant for testing purposes.
But this also means that companies have to install an additional device.
Of course you need the connector. But usually, this is a classic gateway which most companies need if they want to export data anyway.
The only difference is that this gateway must be IDS-compliant and IDS-certified, i.e. correspond to the reference architecture. Afterwards, the user only needs a digital identity and can get started. We therefore advise companies to make their products IDS-compatible in the first place. For example, SICK, which is very active in our association, is already doing this. They have integrated the Trusted Connector into their sensors.
Networking also increases expectations of IT security. How do you ensure this at IDS?
It is very important that it is about a peer-to-peer network and not a data lake, not a cloud. Only the involved parties exchange data bilaterally and there is no central instance that can be corrupted. The connectors also contain a number of security mechanisms. They are based on container technology, the data is in a different container than the applications. So, they cannot corrupt each other.
In most cases, Docker software is used for this purpose. Moreover, the connectors use end-to-end encryption. Identity management is also important. Each connector and user needs its own digital identity certificate to ensure that they really are that particular component or company.
Do you see the Industrial Data Space as a marketplace where companies buy and sell data?
We are just the enabler for this. As mentioned at the beginning, such marketplaces are already being developed, for example by Telekom. Our goal is to use the IDS architecture to ensure that these marketplaces really work as they are supposed to. That not just a retailer sells information and the buyer uses it in any way they wish, which can then lead to a court case. We offer a technical solution that keeps the entire data supply chain under control, from data producer to data user.
At the end of 2014, the Fraunhofer Gesellschaft launched a research project to create a safe data space. The International Data Spaces was born. It is intended to enable companies to share data without having to give up sovereignty over their data. The International Data Spaces Association (IDSA), now the International Data Spaces Association, was founded at the beginning of 2016 to involve companies in the implementation. Its 85 members include SAP, Siemens, SICK and ZVEI. Lars Nagel has been Managing Director of IDSA since its foundation. He studied mechanical engineering and previously worked for Fraunhofer Institute for Material Flow and Logistics and in the software industry.