For IoT development organizations and consumers alike, 2018 holds promise for creation of more useful IoT applications. All the pieces are in place for serving up more IoT applications for consumers and enterprises. At the same time, a variety of factors work against the success of these applications. Among the very many reasons to be hopeful and to be concerned about the IoT in 2018, here are:
Four reasons to be excited
Four reasons to be worried
It's easier than ever to build IoT devices
It seems not so long ago that developers would need to piece together the components of a wireless sensor design, taking an MCU from here, a radio transceiver from there, and combine them with sensors and an AFE to build a wireless sensor device. In 2018, developers have a wide array of wireless MCUs, smart sensors, IoT-ready modules, and dev boards targeting the IoT. Developers can find ultra-low-power wireless MCUs such as Texas Instruments SimpleLink that support multiple wireless technologies (Figure 1). Along with ultra-low-power cores, wireless MCUs typically offer features such as flexible power domains and autonomous peripherals to support battery operation for years.
Figure 1. Multi-standard wireless MCUs such as the Texas Instruments SimpleLink CC26xx integrate processor core and radio transceiver to simplify design of connected products. (Source: Texas Instruments)
Smart sensors have made life easier for developers, who no longer need to worry about the details of the sensor signal chain and all the signal conditioning, sampling, and compensation design elements that go into it. What's particularly exciting is the emergence of multi-sensor devices that not only combine suitable signal chains but also provide the basis for sensor fusion, which merges data from multiple sensors to produce data not available from any single sensor. Smart sensors such as the Bosch Sensortec BMX055 combine MEMS sensors with dedicated signal chains, providing digital results that a host MCU can access through the supported SPI or I2C interfaces (Figure 2). As with most other devices of this type, the BMX055 works with the vendor’s sensor fusion library to provide more complete results such absolute orientation information.
Figure 2. Devices such as the Bosch Sensortec BMX055 largely eliminate the complexity of multi-sensor data acquisition. (Source: Bosch Sensortec)
Along with a few additional components, engineers can create a basic IoT design largely by combining one of these ultra-low-power multi-mode wireless MCUs with an appropriate smart sensor or set of sensors. As much as high-integrated MCUs and sensors speed hardware design, it still takes time to build them into a deliverable platform, and time is a precious commodity in the competitive IoT market. Regardless of which component for wireless sensor design they offer, hardware vendors increasingly provide comprehensive development kits that implement complete IoT system designs including multiple sensors, wireless options, and interfaces (Figure 3). Programmers can use the included software drivers and samples to begin testing their application code, while hardware designers build on the associated reference design. Thanks to a steady stream of comprehensive IoT development kits, IoT application development teams will rarely have to wait to begin software development and cloud integration in 2018.
Figure 3. Development kits such as the STMicroelectronics STM32L4 Discovery kit IoT node offer a rich set of sensors and wireless options. (Source: STMicroelectronics)
IoT platforms have dramatically lowered the barrier to entry to cloud-based applications
While emerging hardware solutions continue to simplify IoT device design in 2018, the continued emergence and evolution of IoT platforms hold equal promise for complementary cloud services.
Cloud-service offerings are evolving rapidly to cover the full extent of the IoT data chain from sensor devices in the periphery, local edge devices, cloud interface, and cloud application. In fact, developers can approach the cloud as a bottom-up interface from their device solutions or as a top-down extension of their IoT software applications.
Increasingly, traditional hardware providers offer cloud services designed to connect easily with their devices. While most IoT development kits include APIs and sample software demonstrating cloud integration, an increasing number offer quick access to cloud services provided by the vendor or in partnership with a third-party cloud provider. For example, the Renesas RX65N MCU Wi-Fi Connectivity Kit comes pre-integrated with access to the Renesas IoT Sandbox built on Medium One (Figure 4).
Figure 4. Hardware vendors such as Renesas package cloud services with development kits. (Source: Renesas)
Other vendor-provided cloud offerings are intended for production deployments rather than just development aids. For example, Samsung merged its Connect Cloud and Artik cloud services into a single platform, called the SmartThings Cloud. In Samsung’s view, developers building applications such as Marriott’s “IoT Hotel Room of the Future” can quickly connect Samsung Artik modules to the SmartThings Cloud and take advantage of features such as security built into the Artik hardware modules and extending through the IoT data chain.
Hardware vendor cloud offerings provide an important service in helping developers complete the cloud-segment of their IoT development project. Yet, these offerings typically lack the full set of services required to support enterprise-level IoT applications. In fact, enterprise cloud service providers including Amazon Web Services (AWS) and Microsoft Azure have been aggressively continuing their top-down approach in extending enterprise services into the IoT.
The integration of FreeRTOS into the AWS IoT service demonstrates a particularly deep penetration into the IoT periphery. Developers simply download the appropriate FreeRTOS distribution and import it into their hardware development environment as appropriate. For example, developers using STMicroelectronics STM32L4 Discovery kit IoT node select the predefined configuration from the AWS management console and import it into STM32 System Workbench (Figure 5).
Figure 5. Amazon Web Services integration of FreeRTOS in its IoT tool chain further simplifies deployment on the cloud service. (Source: Amazon Web Services)
IoT big data analysis is becoming more accessible
In many respects, hardware devices and cloud platforms serve as the base foundation for data generation, transport, and storage. Turning data streams into useful information requires appropriate software tools, and IoT developers can find a broad array of offerings from IoT service providers. Tools range from display panels showing streams of data much like an oscilloscope signal trace to more sophisticated analytic suites.
One of the key value propositions of the IoT is to provide streams of data from which enterprises can identify key events and take appropriate action — preferably with minimal latency between data generation and identification. Indeed, developers can take advantage of a growing array of tools for big data designed for this purpose.
Among those tools, machine learning tools have evolved rapidly and promise to improve the ability to recognize patterns in complex data sets. In fact, IoT developers can begin to move ML-based recognition filters to edge devices. Google's TensorFlow Lite, a compact version of its TensorFlow machine learning tool, allows developers to generate models able to run successfully on resource-constrained devices (Figure 6).
Figure 6. Google’s TensorFlow Lite architecture provides a path for machine-learning model deployment on mobile devices and small embedded systems. (Source: Google)
IoT security is gaining traction
To be excited about IoT security in 2018, it helps to be an optimist. As mentioned later, there’s plenty to worry about when it comes to security. The good news is the industry has at least recognized the need for architectural solutions beyond a scattering of point technologies for encryption, authentication, secure boot, and the like.
One of the reasons for optimism is the growing emergence of security efforts such as Microsoft’s Project Sopris and ARM’s broad commitment to security starting at the top. In the company’s Security Manifesto, ARM CEO Simon Segars called for greater shared responsibility for security – a view shared by many corporate decision makers as noted later. Along with this call for a collaborative approach to security, ARM has offered an outline for an architectural approach. Here, ARM proposes use of threat models and security analyses to drive implementation of specific services based on an overall Platform Security Architecture definition (Figure 7).
Figure 7. ARM’s approach tailors an architectural plan to implement the security foundation required to meet specific threat models. (Source: ARM)
Few IoT applications will progress beyond mere data collection networks to become useful real-time information assets
Hardware and software vendors have made it easy to connect sensors to the cloud, but creating a useful IoT application requires so much more. Developers need to merge each layer of the IoT application architecture into a seamless whole. Ideally, developers could turn to a few standard interfaces or standards-based components to create this unified architecture. In fact, developers face a stew of standards not only at the common platform level but also associated with each target application segment (Figure 8).
Figure 8. IoT development touches on a diverse set of standards bodies addressing common platform issues such as telecom as well as those targeting vertical segments. (Source: AIOTI – the Alliance for Internet of Things Innovation)
Even if built on a suitable set of standards, IoT applications present significant architectural challenges in ensuring basic performance characteristics such as availability. With large numbers of physical devices connected through uncertain communication channels to cloud services, high-availability design is no easy task. The ability to insulate the peripheral sensor net and the cloud application from the failure of the other is not a common skill. Even less common is the ability to “design for failure” – a best practice for cloud deployments even with the kind of auto-failover and auto-scaling monitors available from the leading cloud providers.
After a sufficiently robust IoT platform hierarchy is in place, similar problems relate to the ability to turn data into useful results. It’s still no easy task to drink from the multiple firehoses of data expected in enterprise IoT applications. If developers simply aim the data streams at a corporate data lake, the enterprise loses the benefit of timely analysis. If developers incorporate streaming analytics for near real-time results without deeper analysis needed for filtering, the data could be compromised by outliers and simple stochastic variation. Along with other emerging tools for big data, machine-learning can offer a solution but the industry suffers from a shortage of data scientists able to use them effectively.
Of course, solutions for these and more pressing challenges are available. The potential stumbling block in turning data collection networks into IoT applications arises from the very novelty of massive enterprise IoT applications and correspondingly lack of widespread experience in building them.
A surfeit of wireless options and emerging technologies will complicate design decisions
IoT developers can draw from a wide variety of wireless connectivity options such as NFC for short-field, Bluetooth for short range, Wi-Fi for medium range, LoRa or Sigfox for long range, and LTE for wide-area. In many respects, the eventual choice is not so difficult in concept because each connectivity option serves a specific set of requirements — Bluetooth for interacting with mobile devices, Wi-Fi for connecting local devices in the home or office, LoRa or Sigfox for connecting widely dispersed devices with a hub/edge device, LTE for connecting geographically isolated devices, and so on.
In practice, IoT developers find themselves on the cusp of deployment of next-generation connectivity solutions that could leave their systems at a disadvantage. For example, emerging support for Bluetooth V5's mesh capabilities and IPv6 offers an attractive solution that can extend Bluetooth support to medium-range services.
Perhaps the biggest gamble for developers relates to the timing of deployment of wideband services. Carriers have begun to deploy LTE narrowband services such as LTE Cat M1 and NB-IoT, which offer simpler, lower throughput capabilities than more familiar LTE services. As a result, implementation in chips such as Sequans Monarch devices (Figure 9) offer low power operation while providing the advantages of wide-area connectivity and sufficient throughput for typical IoT requirements. Even greater uncertainty exists concerning 5G services. Promising a unifying framework for connectivity, 5G services are beginning to enter the carrier deployment phase. Of course, developers constantly deal with tradeoffs between what’s the most promising technology and when will it be practicable.
Figure 9. Reduced requirements in narrowband LTE lets semiconductor manufacturers implement this protocol in low-power devices such as the Sequan Monarch IC. (Source: Sequans Communications)
Confusion about security technology and practices will erode the potential utility of the IoT
News about serious security breaches and zero-day vulnerabilities in systems has unfortunately become commonplace, and the attacks are coming closer to home both figuratively and literally: The Triton penetration demonstrates that even a sophisticated industrial safety system exposes attack surfaces, and warnings about session key reuse in Wi-Fi systems show how accepted authentication protocols can be made vulnerable.
Security breaches and zero-day faults will not vanish. If anything, the complex systems and interfaces associated with an IoT application present untold attack surfaces that make the IoT a particularly inviting target. Consumers using connected products seem to recognize the risk but value the services they receive so highly that they’re not willing to disconnect. A recent Cisco survey of 3,000 consumers suggested that consumers see a high value in the IoT but have very little trust that their data collected by the IoT is secure. In fact, 42% said that the IoT is so integrated into their lives that they would have difficulty disconnecting temporarily or permanently. Of course, consumers may well change their tune in the event of a serious breach.
For development organizations, security (and its twin, privacy) are the threat hanging over most IoT implementations. Fundamentally strong hardware-based security mechanisms for encryption and authentication are necessary but not sufficient precursors to strong security and to more robust platforms providing a root of trust for system software and applications. Although vital, even that increased level of trust needs more sophisticated methods for detecting and deflecting attacks, but the Triton compromise shows that even those monitoring systems are only one facet in a broad approach to security.
For many IoT development organizations, however, the challenges in implementing security arise from multiple sources including cost, data volume and velocity, and more, according to Gemalto’s recent study involving 1,050 IT and business decision makers and 10,500 consumers. One source of confusion about security suggested in this survey should be of particular concern to every stakeholder in an IoT application. Among security challenges, 26% of decision makers and 41% of consumers in the Gemalto study said that it is not clear who is responsible for security (Figure 10).
Figure 10. A Gemalto survey reveals IoT security challenges as viewed by corporate decision makers (left) and consumers (right). (Source: Gemalto)
In a separate study of decision makers, Vodafone found that each participant in an IoT application shared some measure of responsibility for security (Figure 11) – recalling the basic premise behind the ARM Security Manifesto (link to that page in this article) . Indeed, security is a complex undertaking with multiple facets – not only in technology and protocols but also in the way consumers, developers, and providers approach the connected product.
Figure 11. In Vodafone’s survey, respondents indicate that each participant in an IoT application bears some level of responsibility for security. (Source: Vodafone Group)
Results will demonstrably lag IoT hype, leading to an IoT winter of disfavor
In the 1980s, the artificial intelligence industry succumbed to what’s become known as the AI winter when AI companies were unable to convert promise into reality. The IoT could well face a similar dissipation of interest if enterprises, venture capitalists, and industry experts see a lack of real progress despite years of promise.
A possible warning sign lies in a recent McKinsey survey of 50 executives in organizations that have all launched some enterprise IoT initiative. According the study, executives noted multiple capability gaps related to some of the most promised features of enterprise IoT applications (Figure 12). The question remains, how long with corporate executives tolerate an inability to integrate IoT applications into business work flows, harness data, and provide useful results.
Figure 12. A McKinsey survey of executives notes significant capability gaps in IoT implementation. (Source: McKinsey & Company)