Full Stack Innovation : Kudelski brings IoT Security to Car Dealerships with RecovR
March 1, 2021

Full Stack Innovation : Kudelski brings IoT Security to Car Dealerships with RecovR

Edition 129 of Momenta's Digital Industry Leadership Series with RecovR's Hardy Schmidbauer

Momenta : Good day and welcome to edition 129 of our Digital Industry Leadership Series. I’m pleased today to have Hardy Schmidbauer, SVP of IoT for Kudelski Group, the world’s leader in digital security, headquartered in Switzerland. Hardy is a seasoned executive and entrepreneur in the wireless semiconductor and IoT sectors with a 20-year career spanning from executive management, to design engineering, marketing, business development and startup founder. He’s played an instrumental role in the development of the wireless and IoT ecosystem through management R&D and marketing roles in support of LoRa, LoRaWAN and other wireless protocols. Among the other companies he has worked for, Silicon Labs Semtech Corporation and DSP Group, Hardy holds an MBA from Santa Clara University and a Master of Science in electrical engineering from the Oregon State University.

Hardy, Welcome to our Digital Industry Leadership Podcast.

Hardy: Thank you, it’s great to be here and great to catch up again.

Momenta: As well, yeah. As I like to say on a lot of these podcasts, it’s great, I’ve finally cornered you into doing one of these, because you and I have touched based over, what, three companies now? And over several years in the many different roles you’ve played, so thank you for taking the time. I always like to start this off by asking the question, what would you consider to be the red thread through your professional journey?

Hardy: Sure, I think the theme of my career has been taking initiatives from a very early stage and growing them into a sizeable business, I think the challenge of getting something off the ground and making it into a sizeable business is extremely motivating to me. I think also I’ve been lucky in my roles to be allowed to work directly with volume end customers on multiple different IoT verticals to solve real world problems. I think I’m very fortunate to have been exposed to so many different IoT verticals because it gives you a very unique and I think valuable perspective.

Momenta: You know what I love about your journey is really – well I’ll just call it generally full stack, right? You came up through a semiconductor heritage, Honeywell, DSP, Silicon Labs; how did that early work lead you to play ultimately a leading role in LoRaWAN at Semtech?

Hardy: In all my work in the Semtech industry was around wireless connectivity, and I started with Bluetooth and DECT,  and then moved into the sub-gigahertz applications with Integration and Silicon Labs, and Semtech. I spent a lot of time in the field, working with major customers of how to solve their challenges, and there was one kind of theme there, is that everybody was trying to do a home-grown protocol and really facing the same development issues, and issues around legacy and interoperability.

From a semi-conductor perspective, it’s a nightmare to support all of these different proprietary protocols that each major customer was trying to develop on. With LoRa we had something unique, and it became quite clear to really scale you needed to have standardization, and an ecosystem were quite essential. I think at the point in the market when we started LoRa and LoRaWAN, the market had also realized this, and was looking for a technology that would lead to standardization and solve some of the challenges of range and mesh networking.

Momenta : Well you guys obviously have done well, because anybody who has watched the Semtech stock has realized a 52-week, and I think you’ve probably a lifetime high for the value of that stock, and so very well-done.

Hardy: Yes, it’s an interesting story of Semtech Wireless, I think when I started it was less than $5 million in revenue, and now it’s well over $100 million in revenue, so I think it’s a great story for wireless in the semi-conductor industry.

Momenta: You know, I was talking with somebody at Semtech not too long ago who said, ‘We ought to just rename the company as LoRa by Semtech! So, in 2016 you co-found TrackNet with several former colleagues, and I think this is ultimately where we ended up first meeting you as well. Ultimately you exited that company to Semtech, so what was the inspiration for founding TrackNet, and what was your key product there?

Hardy: Sure, in starting the LoRaWAN ecosystem, and working with a number of companies on trying to develop the business case to deploy LoRaWAN on a very large scale, it became quite clear that deploying on a tower-type model deployment like cellular used was not going to be attractive from a return-on-investment perspective. At that point in time there were very few complete solutions that could scale to volume with LoRaWAN, so the goal of TrackNet was really to build complete solutions that would organically build and grow the network coverage, with no upfront cost, or operational cost. So, the solutions we focused on were the industrial automotive lot management solution, and a consumer security and tracking solution for Smart Home.

The lot management solution we developed is, I think, is one of the largest IoT deployments now in North America, over 500,000 units, that’s been deployed by Cox for one of their businesses called Manheim. The consumer solution never really took off, but Amazon has now adopted a similar strategy with their sidewalk offering. So, at the time we started tracking it, we were calling it the inside-out deployment model of really being able to build network coverage from household to household, or solution to solution, and then just be able to supplement with tower coverage, but not having to rely completely on a big upfront investment with tower coverage.

Momenta: So, after you sold the company to Semtech, I know you went back there and worked in a strategic capacity for a little over a year, and then early last year made the jump over to Kudelski Group where you are SVP of IoT. Can you tell us a bit about that company and your mandate there?

Hardy: Kudelski is a super-interesting company, I joke that it’s the biggest company that no-one’s ever heard of, but the Kudelski Group started more than 70 years ago, they started under the name of Nagra and were pioneers in the audio-recording industry, so I think pretty much every movie between the 50s, 60s and 70s, used Nagra audio-recorders. And then we also did audio-recording devices for the CIA, FBI and most of the major spy agencies over that same time period.

Today there’s four main divisions within the Kudelski Group, we have our digital television business unit which provides security to 15 to 20 of the largest TV networks deployed globally, so everything of how you secure your set-top box, through to how the streaming over the air works. We still manage today, there’s over 400 million set-top boxes globally, which from an IoT perspective is an extremely large deployment. We also have a cybersecurity division which mainly focusses on managed security services for large corporate networks, or governments, or utilities.

Then we have our public access division which goes under the brand name of SKIDATA, and I think probably everyone listening to this podcast has gone through SKIDATA equipment at some point; we provide access control systems for ski resorts, for large venues and stadiums, and also for parking. So, if you’ve been to any Vale Resort you’ve gone through Kudelski equipment to get on the ski-lift, and your lift ticket is coming from Kudelski, a lot of the major sports venues use the Kudelski technology, for example the Staples Centre, and we also do quite a few of the large airport parking facilities globally as well.

What was super interesting about Kudelski for me joining the company, is to me they had all of the pieces of the puzzle and expertise in-house to be successful in IoT, from very strong software development, not afraid to invest in hardware, they have operations in deployment teams, and these are a lot of the things I saw other companies struggle with was really putting all the pieces of the puzzle together for IoT, and then having the quality and the operations team to really scale it up. So, to me that’s why Kudelski was such an exciting opportunity.

Now I’m leading up the IT division which is the 4th division, and our goal here is to grow to over 100 million in revenue and make it a major division of the company over the next couple of years. Right now, we have the major portion of the R&D investment inside of Kudelski to make that happen.

Momenta: You know, it’s interesting, there’s a number of Swiss companies, since I live in Switzerland here, that have very large presence but are always a quiet force in the market in some sense, from the brand perspective, so Kudelski certainly would service add. And I am an active user of SKIDATA since I live in a ski resort in Switzerland, so in one form or the other! But when you think about the different lines you’ve mentioned, and you use the term IoT to qualify one or two, it’s interesting, does IoT really oversee all of these or truly is adjacent?

Hardy: No, there’s four main divisions and IoT is one of those four divisions, the other ones are standalone divisions, whether it’s our DTV business, digital television, Kudelski security, or the public access division. I think you could argue that a lot of the elements that technology used in those other business units are directly applicable to IoT, and I think that’s why there’s such a large investment into IoT from Kudelski management, is they see the opportunity to leverage a lot of the technology and expertise that they have within the IoT space.

Momenta: So, if it doesn’t cover those four, what are some of your key used cases, and perhaps even at this early stage wins that you guys are working on?

Hardy: So with Kudelski IoT we have three main product lines, we have IoT Services, we do security assessments for companies who want to test their product or their solution before they go to market. We also do design services as well for companies who need software or security expertise in the design of their solution. We have our IoT system which we call Keystream, which is a security and device management solution for how to securely provision/manage the firmware updates over the air and manage the security lifecycle of different technologies that are utilized for IoT. And then we have our IoT solutions which are complete solutions that we are developing in-house and offering to the market.

So, key customer wins for each of those; for IoT System, Keystream we announced last year a win with Canoo which is a billion-dollar electric vehicle company developing the EV space for really the rental market, so they don’t intend to sell the vehicles, its intended to be a rental only. So, in that solution in a rental market that’s very hard to manage the keys, or the key fob, so we are working with them to replace the key fob with your cellphone as the digital key; so how do you grant security and access to a specific individual, and once you have access how do you do rights delegation? So, you want to go to dinner, and you want the valet to be able to park your car, you need to be able to assign rights, or temporary rights to the valet to be able to utilize your car. So, we’re using Bluetooth as a connectivity for that, but Keystream is behind all of the security and the provisioning, the remote feature authorization and access control of that solution.

We’re also working quite a bit with Keystream in the semiconductor industry, so we’ve done a number of different projects with u-blox where they’ve integrated our technology into their modules and also their chipsets, both on the cyberspace and now working on the GPS space as well, and you’ll see probably a number of announcements coming this year for further integration and offerings with other semiconductor providers as well.

For IoT solutions, very exciting today, we announced our first solution RecovR, and for IoT services we do, I would say, for about a third of the semiconductor industry we evaluate their silicon before they go to market, we also do that for a number of industrial and consumer product companies. Those engagements though are kept confidential due to the potential sensitive nature of the security of those solutions, so we typically don’t publicize that but we’re doing quite sizeable business on the services just on inner security assessments, and pretty much everybody that we work with the ends up being a repeat customer, we end up looking at all of their products before they go to market.

Momenta: Tell us a bit about RecovR, because I’ve noted you’ve just showed yourself as a general manager for them recently. What is the focus of this business, and how are you setting up these new business lines?

Hardy: RecovR is a new solution and brand under Kudelski IoT, we just launched that today, that’s a dealer-like management solution and theft recover solution, mainly targeted at the US market for the time being, but will be adapting that to other geographies in the second half of this year.

In the US market car dealers typically have a very large amount of inventory, you don’t have the same type of model in Europe, but dealers will typically have 500 to 600 cars in inventory on the lot, and they really struggle to keep track of that inventory, but they don’t necessarily want to pay for a lot management solution. So, we’ve tried to disrupt both the technology of that industry as well as the business model. So, we’ve done a very efficient low-powered design for a battery-operated device, most competition in that market is a wired-end device which is becoming more and more unattractive, just because of the labor that has to be invested up-front, and a lot of the car manufacturers are not allowing things to be wired into the vehicle system at all.

So we provide the lot management for free to the dealer and then they sell it through to the consumer as a theft recover solution, and we have a number of financial benefits for the consumer if their car is stolen and not recovered, as well as I think very convenient features of lock the location of the vehicle, so you get alerts if your car moves unexpectedly, or if you just forget where you parked when you went to the airport.

Momenta: What a brilliant business model in terms of providing it for free so the dealers get the benefit, and then of course they hopefully get the spiff if they pass it through to the consumers as well, and the consumers get a nice benefit. So, yeah, it’s already the whole full stack, if you will, capabilities that Kudelski’s bringing to this, including the business model is also beginning to show itself, so I understand why it was so compelling to go there. Let’s kind of push the perspective out a little bit, because I know you’ve been in this IoT and IoT security space for quite a while; what do you see is some of the key opportunities for IoT security over the next five years?

Hardy: I think security and to some extent IoT is still in its infancy. I’ve seen it change quite drastically even over the last six months since joining Kudelski. But I think the challenge of security in IoT is you ask five people what security is needed, and you probably get six different answers OF what is needed in an IoT solution. So, I think there’s a lot of market education that is going on around security.

I think to date most people have really just been focused on getting a solution that can scale and have an ROI, and sometimes neglecting security. But I think as volumes ramp up, security is becoming a higher and higher priority, and I think you’re seeing a lot of security vulnerabilities publicized in the market now, which is also I think raising the priority and the importance of security within IoT, but I think within a lot of industries. I think the pandemic has also accelerated that sum as well.

But I think you’re going to see security become over the next 18-months a major requirement across the IoT industry, and I think it’s not very well done today I would say, in a lot of the solutions. But I think things like Niss just published a lot of new regulations and guidelines on security, and so you’re starting to see a lot more regulation around security as well, it’s somewhat industry specific at the moment, but I think certain industries will move faster than others, but we’re seeing already a lot of new regulations around security and automotive where things that didn’t have security in the past, such as wireless power, now starting from 2021 having to have security embedded in a solution to be accepted by any of the major auto manufacturers.

Momenta: And around the time we’re recording this of course, we’re just a couple of weeks in to the SolarWinds hack, and I think this has raised visibility of cybersecurity across the board, certainly not just in the operational technology areas, but enterprise IT and Government, military as well, so a very relevant topic and I’m sure influencing a lot of the future changes taking place.

HardyI think the Garmin one has also, I think, raised a lot of awareness right, where they had the ransom attack against their backend, and all of their devices that they had basically in the field stopped working. I think that also really brought the concern to the front of a lot of company’s minds about the reputation damage and potentially also the financial risk associated with that.

Momenta: Yeah, very much so, and actually just this morning I read a story about a water district in Florida where somebody managed to hack in and was trying to raise the chemical lie-level if you will of the water, effectively trying to poison it remotely, and it’s just fascinating when you think about the impact, especially the OT systems that are unsecure can have in that regards. So, I suspect we’re going to be hearing more and more about such things.

I’ve just finished another podcast, that actually by the time this publishes will already have gone out, and that’s with Duncan Greatwood at Xage Security, and he goes pretty much in-depth, they focus on OT security more than anything else, but pretty much in-depth on some of the impact of the SolarWinds hack, so well worthwhile listening to that.

So moving more toward Hardy on a personal level, you’ve been a successful entrepreneur and a corporate leader; what do you enjoy more and why?

Hardy: Before I answer that, just one more comment on the security. Our Keystream solution is designed exactly to prevent those type of attacks that we’ve just mentioned. So, I’m quite excited, I think it’s a little bit ahead of the market, but I think it’s going to play a critical role in really allowing IoT solutions to scale, and for management to feel comfortable about the security and the security life cycle of those solutions, so I’m quite excited about that product line and product launch as well.

Momenta : Excellent.

Hardy: As far as being a startup entrepreneur or corporate leader, I’m going to take the easy answer and say both! I think it really depends on where you are at in your career and really what your interests are. I think the startup experience for me was extremely valuable, I think to become a better corporate leader it gives you a very interesting perspective, and I think you have a lot of appreciation that maybe you take for granted a little bit when you’re in the corporate world, such as legal help, operations, and things like that, that then when you’re in a startup you get to do all of that yourself. But I think they both have their place and I think it’s good to really do both at least at some point in your career

For new technologies that are a bit higher-risk I think everybody should try to make that jump at some point and do a startup in an entrepreneur, and whether that works or doesn’t work, I think that will make you a better corporate leader later in your career.

Momenta: Yeah, I’d fully agree, they do say a startup is the best MBA! Versus taking two years out to truly take an MBA I think you did the right thing by starting TrackNet running during the time. I’m sure you didn’t intend on selling it to Semtech but certainly Cisco had historically made a great practice out of buying the companies that their internal entrepreneur started and then sold back, so there’s something to be said for that type of entrepreneurialism. Perhaps it’s what we call venture studioing today without the structure per say, but yes, I’d fully agree.

So, finally, what books, people, and/or resources inspire you?

Hardy: I had the opportunity this year to take part in World Economic Forum for the first time, and it was I think inspiring to see leaders such as CloudSwap, discussing different elements of business and economy, but also really trying to drive change for the benefit of humanity, and discussing strategies about how to solve inequality, climate change, vaccine rollout, so mixing the business with also the benefit for society.

But I think really what inspires me is the people around me, I think my family, the great teams and people that I’ve had the opportunity to work with, I think on a daily basis that’s what really inspires me to do better and continue to grow my career and my knowledge.

Momenta: Very good. Since we got you at least virtually to Davos I guess for the World Economic Forum, perhaps we can get you physically to come to some to Switzerland one of these days and stick around! It’s a great place to be I can tell you.

Hardy: It is a great place, and that’s definitely my plan to hopefully someday end up permanently over there, so.

Momenta: Well, it helps to be working at a Swiss Headquartered company, so you’ve got step one done!

Hardy: Yes it does.

Momenta: So Hardy, thank you so much for this insightful interview today.

Hardy: Thank you; it’s been an honor and great to catch up again and hope we can do it again soon.

Momenta: As well on all fronts. So, this has been Hardy Schmidbauer, SVP of IoT for Kudelski Group, and if I can say a full stack innovator. Thank you for listening, and please join us next week for the next episode of our digital leadership series. Thank you and have a great day.