In my previous blog, I looked at the explosive growth of digital twins. Estimates suggest the number of organizations using digital twins will triple by 2022. In this blog, I’m going to cover what you need to consider when creating a digital twin and the essential role of identity and access management (IAM) in addition to the core functions of an IoT platform to ensure successful delivery.
The concept of the digital twin is made possible by the advances in Internet of Things (IoT) technology. It is now straightforward to attach sensors and actuators to a physical object– such as a part within an asset or the entire asset itself – to capture contextual and operational data and control the object from its digital twin.
This is often characterized as a bi-directional flow of data from the physical to the digital and back. But, that’s telling half the story. Every digital twin will involve multiple threads of information. This is not simply between the physical object and its twin, but also between the twin and the enterprise systems – such as CAD, ERP, MES, PLM– that help create the initial model and supply supporting data, in real time or near real time, to build a complete picture of the object or asset.
In addition, data flows between the asset, its digital twin and everyone that needs access to the twin to view, manage or manipulate the data it holds. The more advanced analytics and simulations you perform through the digital twin, the more people will be involved in the process.
Why identity comes first when creating a digital twin
My colleague John Notman has written about the Identity of Things (IDoT) and how IAM is essential for creating digital twins, but I’d like to take this a step further. This disruptive technology calls for an identity-driven IoT platform as the foundation for the digital twin to facilitate and secure all the connections between people, systems and things that exist in the digital twins’ ecosystem.
This identity-centric IoT Platform must be able to do this at scale and enable the seamless integration between different digital twins – especially where large-scale deployments can quickly run into thousands of separate, but often inter-related, twins.
This identity-first approach to developing a digital twin is important because the twin represents a single point of vulnerability for both your physical and digital assets. You are, in effect, replicating everything in software and transferring that data over the cloud. The twin, and the IoT devices it’s connected to, are integrated to other enterprise systems so your sensitive data and intellectual property are at risk of security breaches.
The failure to properly identify IoT devices creates unacceptable risk in three areas: a lack of visibility into the device’s activity or having secure access to the data it is creating, giving too much access to the device that, at best, creates noise on the network and, at worst, provides an opportunity for bad actors, and maintaining access to the device beyond its allotted lifecycle, again offering a backdoor for hackers or disgruntled employees.
You need to think ‘identity-by-design’ when starting to create your digital twins.
Three steps to creating your digital twin
Beginning to create a digital twin can appear daunting, but can be broken down into three stages:
- There are two main elements to the design of a digital twin: First, you need to select the enabling technology you need to integrate the physical asset within its digital twin to enable the real-time flow of data from the IoT devices and integration with operational and transactional information from other enterprise systems.You need to be clear about the type of device you require, the modeling software needed to create the 3D representation of the asset and who is going to have access to the information within the Digital Twin or gain control of the physical asset through it. Secure IoT device management is crucial for overcoming the risks associated with identifying the devices on your network. It provides the capabilities to authenticate, provision, configure, monitor and manage each device. An identity-driven IoT platform allows you to do this quickly and securely at scale.
- This leads to the second element in design. You must understand the type of information required across the life cycle of the asset, where that information is stored and how it can be accessed and used. It’s important that information is structured in a reusable way that can be quickly and effectively exchanged between systems. An identity-driven IoT platform can manage the identity of every element involved in the digital twin and provide messaging services to automate the secure communications between these people, systems and things.
- You must decide the function of your digital twin. Is it simply for monitoring the asset? Do you want the twin to control and alter the asset? Do you want to make data from the asset available for advanced analytics to assist with predictive maintenance? Or, do you want to use the data and models within the twin to perform simulations to help with operational performance and product development?
- The answer to these questions will determine the types of devices you attach to the asset and whether you use more sophisticated devices that allow information processing to move to the edge. It will also determine your integration and data preparation, and will identify management requirements. The more sophisticated the application for the digital twin, the more comprehensive these capabilities. For example, most twins will look to exploit analytics to improve operational performance and decision-making. Controlling how data is ingested, stored, prepared and presented is essential to enable you to apply advanced analytics.To achieve high quality results, you have to guarantee the quality of data coming from your IoT devices. Each IoT device, including its rights to transfer and accept data, is verified. Taking an identity-by-design approach builds these capabilities into your digital twin from the outset.
- Most digital twin implementations start small, such as monitoring the performance of a single part within an asset, but expand over time. This happens in two ways. First, organization brings a number of smaller digital twins together to give a complete picture of an entire machine, asset or business process. Second, organizations add more sophisticated capabilities – such as simulations – into an existing digital twin.
- In either case, you don’t want to rip and replace but to layer up the functionality within the digital twin to meet these evolving requirements. You need to be able to securely add functionality to scale while maintaining performance to meet the extra data that needs to be gathered and managed.
An identity-driven IoT platform enables you to quickly and securely extend the capabilities of your digital twin though extensive integration and open APIs that allow new devices and applications to connect and interact with the twin.
In the next blog in the series, I’ll look at how organizations can move from traditional modeling and monitoring of assets into the world of digital twins. If you’d like to know more about how OpenText™ can help you get the most from deploying digital twins, please contact us.