Report from a Workshop on 22nd November 2016
Twenty-five movers-and-shakers from the IoT market convened in London to discuss the state of play of the Internet of Things at a “lunch-and-learn”. Those present were mainly CxO’s, representing a roughly 50:50 mix between IoT vendors and IoT customers, covering the entire IoT value chain from chips to services, and a wide range of real-world applications from management of energy, water and traffic, to home safety and security. All present had already either achieved serious scale in IoT (1m+ devices in the market) or are commercially committed to achieving that.
Pilgrim Beart, CEO of DevicePilot, kicked the event off with a brief history of IoT: How it starting with each company being forced to follow a DIY approach, then moving to the era of all-in-one IoT platforms, and now starting to mature into a true ecosystem of off-the-shelf parts. So - just as with Web development - connected product companies should soon be able to compose their IoT propositions largely from off-the-shelf pieces, which is efficient and allows everyone in the ecosystem to benefit from scale. But what are the parts?
The day’s workshops produced three deliverables which captured the state of play in today’s IoT market:
- Recent IoT Developments
- Ongoing IoT Challenges
- The IoT Ecosystem (i.e. what are the pieces?)
1. Recent IoT Developments
The general consensus was that in the past year ‘bullshit’ was diminishing, or in other words, IoT is better defined and there is a lot more clarity in the space. In light of this, there has been an increase in the perception by both the public and enterprises that IoT can be beneficial. However, some participants weren’t as convinced, believing that there was still a lot of confusion and hyperbole surrounding IoT. While this may be the case – the fact that so many developments were listed by attendees shows that there has been a positive shift with IoT as a whole.
Companies have also been forced to put more thought into security because of the Mirai Botnet. This was perhaps surprisingly seen as a positive development, as vendors are now charged with ensuring their hardware, software and networking tools are all properly secure. It might create a new space created for IoT aggregation devices: All data transfers, transactions and communication between the IoT devices and the rest of the world would have to go through these devices which would have inbuilt intelligence and security. Either way, there will be additional costs which are likely to be passed on to the end user or consumer.
There has been a growth of IP-enabled assets over the past year or so, and gaps in the ecosystem are slowly being filled. This is down to two main reasons: manufacturers and established IoT companies are realising they need part of their own ecosystem filled, as they can’t get from ‘a’ to ‘b’ without specific technologies or components; and secondly, new start-ups are innovating in many of these niche areas in order to fill those needs.
There has been a lot of consolidation in the space, some through mergers - Centrica’s acquisition of FlowGem is just one example. Technology and utility companies have been eager to obtain IoT capabilities by acquiring start-ups. This further supports the notion that IoT is becoming a core part of many companies’ strategies – moving away from the idea that it’s merely a buzzword.
There has also been an increase in standardisation; with many of the big technology vendors teaming up to agree on IoT standards – although several working groups means that there is still a lot of competition and debate as to what should be the ‘defacto’ IoT standard. But convergence towards IP standards such as 6LoWPAN and CoAP through the Internet Engineering Task Force are helping companies in what remains a huge challenge in the IoT space. Extensions to both IP standards are still at various stages of the standardisation process.
Meanwhile, many of those within the IoT ecosystem are becoming more ‘open’ or technology agnostic to ensure there is more room for integration and better interoperability.
Now that there are demonstrable use cases available – those new within the space are able to replicate the way to market. But new models are also emerging, helped with the rise of microservices. These could remove the need for monolithic IT architectures of old – and allow IoT devices to react to the actions of other devices, or indeed people.
Use cases for consumers are increasing – with the mainstream acceptance of voice control demonstrated by Amazon’s Echo. Alexa is far more sophisticated than the likes of Siri and Cortana, and is making consumers believe there are genuine use cases for IoT in their lives. The connected home, with the likes of Google-owned Nest is another powerful driver for wider consumer adoption of IoT.
2016 has seen significant developments in the types of technical capabilities available to companies looking to exploit IoT.
This includes better IoT cloud services, more intelligent IoT devices through ‘Edge’ and ‘Gateway’ computing, and big data analytics services that are scalable.
One attendee suggested that the biggest development of all was multiprotocol platforms - it wasn’t long ago that there were a lot of single protocol platforms in the space.
Other significant developments include the introduction of meshing that actually works – be it 6LoWPAN or Google Wi-Fi, and the emergence of software-defined radio technology such as Lime SDR. Low power wide-area networks (LPWAN), and chips for LoRaWAN, NB-IoT, NWave and SigFox, as well as new services that are exploiting these technologies, are other notable advances in the area.
There is no doubt that a lot of the developments above have been because of costs plunging in a number of areas including hardware such as Raspberry Pi, Arduino, m:bit and ARM mbed, cheaper comms technologies such as SigFox, and cheaper low-power consumption hardware.
2. Ongoing IoT Challenges
During many of the conversations at the workshop, there were references to developments which could also be recognised as challenges.
For example, the development of Mirai botnets may have alerted manufacturers and other enterprises of the security threat of IoT, but it remains a challenge to secure these devices. The scale of potential breaches can be devastating, and it is unlikely that this problem will go away. In fact, it is likely to become worse before it becomes better; in the last few days hackers have allegedly offered a massive Mirai Botnet of 400,000 bots for rent. The Botnet would already be geared to carry out devastating DDoS attacks.
Indeed many attendees have already seen first-hand some of the issues that IoT hardware and software has. One such attendee said that every IoT development kit that he had seen used default passwords on Mirai’s list. In addition, one IP camera was infected by malware just 90 seconds after installation. The time-frame was so short that the user wouldn’t even have time to change the default password in time.
Although many of the gaps within the IoT ecosystem may have been filled, there are still a number of challenges. For example, companies need to ensure that the business picks quality partners and suppliers. As so many of the firms within the IoT sphere are still at a start-up or SME level, they are susceptible to going bust, and so due diligence is a must.
There must also be wariness of those companies – usually the big technology vendors – which claims to be able to provide ‘all-in-one’ IoT services solutions; as with all aspects of technology, no one firm can be the best – or even perhaps ‘good’ – at everything.
Enterprises who want to exploit IoT as customers need to break siloes within their businesses as it will require employees from different departments to collaborate. In the same way, companies within the IoT ecosystem must also break down barriers within their organisations so that they can better understand the full IoT journey – and most importantly how the technology is being used by the end user.
Understanding the customer’s needs is just one aspect of education that remains a challenge within IoT today. Those working in the space need to define what IoT really is. They may also need to educate – or advise – the customer, in order to ensure that their technologies meet the customer’s expectations.
With so much growth in connected devices, it is harder for customers (or indeed suppliers) to choose which technologies to use, and this is why it is critical that they have employees who understand the IoT ecosystem properly. They will also need some domain expertise – but are likely to work alongside people with very different viewpoints. A big challenge is for those in hardware to think about more than just the hardware technology – and this will require some training and perhaps a leader to ensure they’re thinking outside of the box.
Although there may be new business models being introduced all of the time, finding the right one isn’t easy, and nor is moving to a new product. Many of those within firms who have to sign off a project may be reluctant to do so when they look at the ‘cap ex versus op ex’; IoT is usually a long-term programme, and firms are often wanting short-term projects which immediately show value, particularly so they can appease investors/shareholders.
One problem is that for pilot programmes of IoT, which still require a reasonable amount of investment, the return on investment may be minimal. The programme needs to be scaled up in order to get more data and therefore potentially more value of having such a project in place. Milton Keynes Council is a great example of an organisation that has been lucky to have had outside investment for several IoT pilot projects– some of which haven’t had the desired effect. Their project manager has been on record to say that the council has been lucky that it could trial these technologies – such as smart bins – first, and then decide whether they were worth scaling up. Most public sector organisations are unlikely to have the same luck.
Another issue is the question of who ‘owns’ the data; is it the supplier, the customer, or someone else on the IoT ecosystem that has access to the data. Data is of course the most valuable resource that comes out of IoT – the companies within the ecosystem that have access to it, and use it to improve their offerings are likely to be those that are still here in the years to come. In some sections of IoT there is also the dilemma of who pays for open data. For instance, insurance companies with access to smart home data; who do they pay, if anybody, and how can that arrangement be drawn up?
This is just one part of what is likely to be the most complicated ecosystem that many companies are involved in. The question of how to share the value across that ecosystem is another significant challenge.
Timing is another critical aspect; when is the right time to go forward with an IoT strategy or implementation. Some companies are biding their time, waiting for the technology to mature so that there is more standardisation and better security, as well as a number of case studies to prove IoT’s worth. This is why there has been slow adoption within industry, but mass adoption for consumers. Benefits for consumers are perhaps easier to find. However, this has also led to some bizarre product launches in the IoT space, whereby nearly anything is connected to the internet, without any specific reason (the toaster, for example). This subset of IoT is better known as ‘the internet of shit’.
There are still many aspects of IoT which need improving. Interoperability between devices and services is still an issue, as is the reliability and latency of comms. The stability of new services – particularly as updates are likely to come thick and fast, and investment will be needed continuously – is also an area of concern.
For some large-scale IoT use cases there are issues with the maturity, longevity and durability of IoT solutions. As cheaper hardware and comms solutions are likely to continue to arrive on the market, vendors face a constant challenge to ensure their solution is the best on the market. In terms of longevity, battery life can be a particular hindrance if a solution was meant to last for longer than 20 years, for example.
Power consumption is also a challenge for IoT and slowly there are new solutions that aim to reduce the amount of power used by IoT devices or sensors. However, this can then lead to another challenge of reliability, particularly with regards to radio frequency range.
Balancing costs and security is another challenge – do IoT developers need to bake security into their solutions? And another balance has to be found between customisation and scalability.
Those looking to reap the rewards of IoT are likely to want to see an improvement in the quality of firmware, while testing, provisioning and preparing for the end of life of these IoT solutions are other areas that are yet to be addressed.
Workshop attendees suggested that there needed to be vast improvement in analytics capabilities in order to truly benefit from IoT. Edge analytics solutions are improving, while machine learning solutions are still on the edge, and better tools are needed. But better people are needed too; one attendee suggested that there is a lack of analytics expertise on the market. They believe there should be a ‘storyteller’ who can understand what data needs to be analysed and what benefits the data can give to users.
3. The IoT Ecosystem
The IoT ecosystem will consist of off-the-shelf parts – so what are the parts? The workshop identified the following:
- Product Design and Product Management
- Who is the customer!
- Market research
- IP components
- Silicon IP
- Sensors and Actuators
- RF designs and front ends
- Power source
- Power management
- Energy harvesting
- Manufacturing (CEMs)
- Edge device (RTOS or Kernel)
- Gateway/Hub (e.g. Linux)
- Interop Compliance (standards)
- Regression esp. for devices (inc. virtualised) and services at scale load
- Provisioning systems
- Embedded comms stacks (6LoWPAN, Bluetooth, WiFi etc.)
- (E-)SIM providers
- Network operators
- Comes with stack?
- Penetration Testing
- Trust providers
- Risk Manager
- Sales & Marketing
- Brand Promotion
- Device Management
- Lifecycle management
- Operations monitoring data
- Ecosystem Analytics
- Node Integrity
- Network Health
- Customer-facing portals
- Cloud platform/infrastructure (AWS, Azure etc.)
- Cloud applications
- Database management
- Billing Providers + Payment
- Data sets (knowledge)
- Data storage distribution
- Data visualisation
- Rules engines
- Machine Learning
- Search engines
- End customers
- Early adopters (pioneers)
- Stakeholders (e.g. there are many in a smart city)
- Channel ecosystem
- Systems Integrators
- Installation engineers
- Maintenance/Servicing engineers
- Government regulators
- Contract owners/providers
- Legal EULA insurance
Some quotes heard on the day:
- “It feels like I’m at an IoT AA meeting, where we can get everything off of our minds”
- “Every IoT dev kit I’ve seen uses default passwords on Mirai’s list”
- “Someone installed an IP camera which was breached by Mirai just 90 seconds after installation – that is before they could even change the default password”
- “I know a CTO who because they were a software engineer, was more focused on the software side of things like testing, leaving hardware to one side… [CTOs] are usually going to lean one way or another”
- “The internet-connected Kettle is still the most pointless IoT device I have ever heard of”
- “There is a lot more clarity now with IoT”
“Because of the Mirai botnets – it is clear that these things are actually hackable and people are taking notice now”
It is clear that over the last year, IoT has taken a step in the right direction. Many of the initial obstacles have been overcome – but as the space continues to develop, new challenges continue to arise.
Perhaps most importantly, the IoT is now seen as less ‘internet of shit’ and more as practical projects that form part of companies’ wider strategies and part of everyday consumer lives.
About the writer
Sooraj Shah is a freelance tech journalist who regularly contributes to Infosecurity Magazine, TechWeekEurope, Computer Weekly and more.