IoT can offer many benefits to the enterprise, but it can be a challenge to implement. Learn the requirements and use best practices for a successful deployment.
The internet of things provides organizations with real-time information and business insights that, when acted upon, can ultimately make them more efficient. IT administrators, architects, developers and CIOs considering an internet of things deployment must have a thorough understanding of what the internet of things is, how it operates, its uses, requirements, tradeoffs and how to implement internet of things devices and infrastructures.
Key concepts of IoT are as follows:
A focus on real-world data. Where an enterprise routinely deals with documents, PowerPoints, images, videos, spreadsheets and many other forms of static digital information, IoT devices produce data that typically reflects one or more physical conditions in the real world. IoT devices can not only help a business to learn what's happening, but also exercise control over what's happening.
The vital importance of immediacy in real-time operation. Where routine data -- such as a memo document -- can exist for days or months without ever being used, IoT devices must deliver data for collection and processing without delay. This makes related factors, such as network bandwidth and connectivity, particularly important for IoT environments.
The resulting data itself. IoT projects are often defined by the larger project or business purpose driving IoT deployment. In many cases, IoT data is part of a control loop, with a straightforward cause-and-effect objective. For example, a sensor tells a homeowner that their front door is unlocked, and the homeowner can use an actuator -- an IoT device designed to translate control signals received from the network into real-world actions -- in the door to lock it remotely.
How does IoT work?
IoT isn't a single device, software or technology. IoT is an amalgam of devices, networks, computing resources and software tools and stacks. Understanding IoT terminology usually starts with the IoT devices themselves.
Examples of consumer, enterprise and industrial IoT devices include smart TVs and smart sensors outfitted to conference rooms and assembly line machines.
Things. Every IoT device -- a thing or smart sensor -- is a small dedicated computer possessing an embedded processor, firmware and limited memory and network connectivity. The device collects specific physical data and sends that data out onto an IP network, such as the internet. Depending on the sensor's work, it might also include amplifiers, filters and converters. IoT devices are battery powered and rely on wireless network connectivity through individual IP addresses. IoT devices can be configured individually or in groups.
Connections. The data collected by IoT devices must be transmitted and collected. This second layer of IoT involves the broad network, along with an interface between the network and back-end processing. The network is typically a conventional IP-based network, such as an Ethernet LAN and the public internet. Every IoT device receives a unique IP address and unique identifier. The thing passes its data to the network using a wireless network interface, such as Wi-Fi, or a cellular network, such as 4G or 5G. As with any network device, data packets are marked with a destination IP address where the data is to be routed and delivered. Such network data exchange is identical to the everyday exchange of network data between ordinary computers. The destination for this raw sensor data is typically an intermediary interface such as an IoT hub or IoT gateway. The IoT gateway usually serves to collect and collate the raw sensor data, often applying early preprocessing tasks, such as normalization and filtering, to IoT data.
Back-end. The enormous volume of real-time data produced by an IoT sensor fleet and collated at the IoT gateway must be analyzed to yield deeper insights, such as exposing business opportunities or driving machine learning. The IoT gateway sends its cleaned and secured sensor data across the internet to a back end for processing and analysis. Analyses are performed using extensive computing clusters, such as Hadoop clusters. This back end might be located at a corporate data center, a colocation facility, or a computing infrastructure architected in the public cloud. There, the data is stored, processed, modeled and analyzed.
What are the layers of an IoT architecture?
The discussion of sensor, connection and back-end layers can help business and IT staff understand IoT technology, but such discussion also demands a consideration of IoT architecture. Although the scope and detail of an IoT architectural plan can vary dramatically depending on the IoT initiative, it's vital for leaders to consider how IoT will integrate into the current IT infrastructure.
There are four major architectural issues:
Infrastructure. The physical layer includes IoT devices, the network and computing resources used to process the data. The infrastructure discussion often includes sensor types, quantities, locations, power, network interface and configuration and management tools. Networks involve bandwidth and latency considerations to ensure that they can handle IoT device demands. Computing handles the analysis on the back end, and organizations might need to deploy extensive new computing resources to handle additional processing or use on-demand resources, such as the cloud. Infrastructure discussions also involve a careful consideration of IoT protocols and standards such as Bluetooth, GSM, 4G or 5G, Wi-Fi, Zigbee and Low-Power Wireless Personal Area Network.
Security. The data produced by the internet of things can be sensitive and confidential. Passing such data across open networks can expose devices and data to snooping, theft and hacking. Organizations planning an IoT project must consider the best ways to secure IoT devices and data in flight and at rest. Encryption is a common approach for IoT data security. Additional security must be applied to IoT devices to prevent hacking and malicious changes to device configurations. Security involves various software tools and traditional security devices, such as firewalls and intrusion detection and prevention systems.
Integration. Integration is getting everything to work together seamlessly, ensuring that the devices, infrastructure and tools added for IoT will interoperate with existing systems and applications -- such as systems management and ERP -- already in place in the organization. Proper integration requires careful planning and proof-of-principle testing along with a well-researched selection of IoT tools and platforms, such as Apache Kafka or OpenRemote.
Analytics and reporting. The very top of an IoT architecture requires a detailed understanding of how IoT data will be analyzed and used. This is the application layer, which often includes the analytical tools, AI and ML modeling and training engines and visualization or rendering tools. Such tools can be acquired from third-party vendors or used through cloud providers where data is stored and processed.
IoT architecture components include the network, communication bus and an analytics and aggregation platform.
Business use cases for IoT
The vast array of small and capable IoT devices has found meaningful business applications in major industries. Consider some of the expanding use cases in five important industries:
Home (commercial or end user). IoT devices appear in homes for energy management, security and even some task automation:
Thermostats and lighting can be scheduled and controlled through internet applications.
Motion activated sensors can trigger video and audio streams to homeowner smartphones.
Water sensors can watch basements for leaks.
Smoke, fire and CO2 detectors can report danger to users.
IoT actuators can lock and unlock doors remotely.
Smart refrigerators can track contents, and automated vacuums keep the home clean without direct human intervention.
Manufacturing. IoT devices have found broad adoption in all manner of manufacturing and industrial settings. Examples of the industrial internet of things (IIoT) include the following:
IoT tags can track, locate and inventory enterprise assets.
IoT devices can help monitor and optimize the use of energy, such as lowering lighting when human-occupied areas are idle or lowering temperature settings during off hours.
IoT sensors and actuators can support process automation and optimization.
IoT devices can monitor all types of machine behaviors and parameters during normal operation, enabling ML to guide predictive maintenance to optimize process uptime.
IIoT is used in many industries and sectors, including robotics, manufacturing and smart cities.
Public (health and safety). IoT sensors with cellular-class connectivity can operate collaboratively across metropolitan areas to serve a wide range of purposes:
IoT devices can detect the presence of vehicle traffic, enabling cities to adjust street lighting on idle streets and off hours.
Crime prevention efforts might include camera-based surveillance while connected audio detection can direct police to areas where gunfire is detected.
Cameras can be used to determine and optimize traffic, while transponders and cameras can read license plates or toll boxes to direct toll collection and management.
Interconnected parking systems enable cities to track parking spots and alert drivers to available spots through an app.
Sensors can watch bridges and other structures for stress and problems, enabling early detection and remediation.
Sensors can monitor water quality, enabling early detection of contaminants or pollutants.
Medical and health. IoT is present in remote patient telemetry and other medical uses:
IoT is present in countless wireless wearable devices, including blood pressure cuffs, heart rate monitors and glucometers. Devices can be tuned to watch for calories, exercise goals and remind patients of appointments or medications.
IoT enables early warning devices, such as fall detection, that alert health providers and family members and even provide location information for the potential issue.
The remote monitoring of IoT helps health providers track patient health and adherence to treatment plans, and perhaps better correlate health issues with telemetry data.
Hospitals can use IoT to tag and track the real-time location of medical equipment, including defibrillators, nebulizers, oxygen and wheelchairs.
IoT in staff badges can help locate and direct staff more efficiently.
IoT can help with other equipment control -- such as pharmacy inventory, refrigerator temperatures and humidity and temperature control.
IoT hygiene monitoring equipment can help ensure that medical environments are clean and help reduce infection.
Retail. IoT and big data analytics have found extensive use in retail sales and physical store environments:
IoT devices can tag every product, enabling automated inventory control, loss prevention and supply chain management -- placing orders based on sales and inventory levels.
Cameras and other surveillance technologies can watch shopper activity and preferences, helping retail stores optimize layouts and organize related products to maximize sales.
IoT devices can support touchless and scan-less checkout and payment, such as near field communication payment.
IoT can add business value to several industries, including construction, manufacturing, retail and transportation.
What are the business benefits of IoT?
When business leaders research and consider IoT adoption, it's easy to find lists that cite the benefits of IoT, such as more efficient operations and long-term cost savings. Although this can be true, such conversations are mainly tangential to the principal overarching benefits of IoT: knowledge and insight.
Accurate and timely decisions demand knowledge and insight that can be difficult or even impossible to obtain. Businesses strive for such knowledge and insight, using it each time a sales manager forecasts the next quarter's revenue or a production manager decides whether to shut down a key machine in a vital production line for routine maintenance. The stakes are far higher when state inspectors discover structural defects in long-neglected municipal infrastructure or physicians struggle to keep an aging patient healthy.
IoT provides better immediate knowledge through measuring and reporting specific real-world conditions. It's modern instrumentation. The real-world condition can be examined and responded to in real time. If a heart rate monitor alerts to an excessive heart rate, the patient can slow down and relax to lower the heart rate to an acceptable level, take appropriate medication, contact their physician for further guidance or even call for medical assistance. If a traffic monitoring system sees a backup on a major highway, it can update travel apps of the prevailing conditions and enable commuters to select alternate routes and avoid the congestion.
But the real power and benefit of IoT is the long-term insights that it can provide to business leaders. Consider the vast number of IoT sensors that can be distributed throughout equipment, vehicles, buildings, campuses and municipal areas that enable better long-term insight through advanced analytics -- the back-end computing processes capable of evaluating and correlating a huge quantity of seemingly unrelated data to answer business questions and make accurate predictions about future circumstances. The data collected can also be used to train ML models, supporting the development of AI initiatives that achieve a deep understanding of the data and its relationships.
For example, the varied sensors distributed in an industrial machine can be analyzed to detect variations in operation and condition, which might suggest the need for maintenance or even predict an impending failure. Such insights enable a business to order parts, schedule maintenance or make proactive repairs while minimizing the disruption to normal operations.
IoT can provide valuable insights to the business but deploying it can be costly and time-consuming.
What are the challenges of IoT?
IoT projects can bring strong benefits to the business regardless of the deployment scope. But IoT can also pose serious challenges that a business must recognize and consider before undertaking any IoT project.
Project design. Although IoT devices readily implement a variety of standards, such as Wi-Fi or 5G, there are currently no significant international standards that guide the design and implementation of IoT architectures -- there's no rulebook to explain how to approach an IoT project. This allows for a great deal of flexibility in design, but also allows for major design flaws and oversights. IoT projects should generally be led by IT staff with IoT expertise, but such know-how shifts day to day. Ultimately, there is no substitute for careful, well-considered design and demonstrated performance based on copious testing and proof-of-principle projects.
Data storage and retention. IoT devices produce enormous amounts of data, which is readily multiplied by the number of devices involved. That data is a valuable business asset that must be stored and secured. And unlike traditional business data, such as emails and contracts, IoT data is highly time sensitive. For example, the vehicle's speed or road data conditions reported yesterday or last month might have no timeliness today or next year. This means IoT data might possess a radically different lifecycle than traditional business data. This requires a significant investment in storage capacity, data security and data lifecycle management.
Network support. IoT data must traverse an IP network, such as a LAN or the public internet. Consider the effect of IoT device data on network bandwidth and ensure that adequate, reliable bandwidth is available. Congested networks with dropped packets and high latency can delay IoT data. This might involve some architectural changes to the network and addition of dedicated networks. For example, rather than pass all IoT data across the internet, a business might opt to deploy an edge computing architecture that stores and preprocesses the raw data locally before passing only curated data to a central location for analysis.
Device and data security. IoT devices are small computers connected to a common network, making them vulnerable to hacking and data theft. IoT projects must implement secure configurations to protect devices, data in flight and data at rest. A proper and well-planned IoT security posture might have direct implications for regulatory compliance.
Device management. One often overlooked problem is the proliferation of IoT devices. Every single IoT device must be procured, prepared, installed, connected, configured, managed, maintained and ultimately replaced or retired. It's one thing to deal with this for a few servers, but another problem entirely for hundreds, thousands or even tens of thousands of IoT devices. Consider the logistical nightmare involved in battery procurement and replacement for thousands of remote IoT devices. IoT leaders must employ tools to manage IoT devices from initial setup and configuration through monitoring, routine maintenance and disposition.
IoT security and compliance
IT and business leaders must embrace the considerations of security and compliance in any IoT deployment. IoT devices present the same basic security vulnerabilities found in any networked computer. The problem with IoT is volume:
Some IoT devices might overlook a full complement of security features or implement weak security standards, such as no default password.
There can be tens or even hundreds of thousands of IoT devices involved in an IoT deployment -- each posing the same potential weaknesses.
IT admins must employ tools capable of discovering, configuring and monitoring all IoT devices in the deployment.
Every IoT device must be configured to enable and use the strongest possible security features.
IoT security can pose problems for businesses because weak default security is multiplied by countless of devices that all rely on human monitoring and management efforts. The attack surface can be enormous. Thus, IoT security comes down to three principal issues:
Design. Selecting IoT devices with the strongest available security features.
Process. Implementing tools, policies and practices that successfully discover and properly configure every IoT device, including device firmware upgrades when available.
Diligence. Using tools to monitor and enforce IoT device configurations, along with security tools suited for detecting intrusion or malware in IoT device deployments.
Still, IoT devices are plagued by a range of potentially devastating attacks that include botnet attacks, weak DNS systems that can allow the introduction of malware, ransomware, the potential attack vectors caused by unauthorized and unsecured devices on the network and even the threat of physical security.
Security risks carry corresponding risks to an organization's compliance posture. Imagine what happens when patient data is stolen from a medical IoT infrastructure or a business can't manufacture products because hackers have infected the IoT infrastructure with ransomware. Such events create potential compliance headaches for business leaders and regulators. Any discussion of IoT security must include a careful evaluation of compliance.
IoT is still evolving. There are no common, broadly adopted standards for designing, configuring, operating and securing an IoT infrastructure. In most cases, all a business can do is document design and process decisions and attempt to correlate them to other IT best practices. One example is to choose IoT devices that adhere to existing technological standards, such as IPv6, and connectivity standards, including Bluetooth Low Energy, Wi-Fi, Thread, Zigbee and Z-Wave. It's a good start, but often not enough.
Fortunately, additional compliance standards are emerging from industry-leading organizations, such as the IEEE. IEEE 2413-2019 is the IEEE Standard for an Architectural Framework for IoT. The standard offers a common architectural framework for IoT across transportation, health care, utility and other domains. It conforms to the international standard ISO/IEC/IEEE 42010:2011. Although such standards don't guarantee compliance by themselves, organizations that follow the established frameworks and practices can strengthen existing compliance postures in IoT implementation.
IoT services and business models
Getting countless individual IoT devices set up can be a daunting task, but processing that data to divine useful business intelligence can bring its own problems, too. As the IoT industry evolves, the IoT ecosystem is expanding to bring new support for IoT implementation and facilitate new business models.
One of the biggest issues with IoT is simply getting it to work. Infrastructure demands can be extensive, security is often problematic, and processing can add new complexity for the business. IoT vendors are addressing these problems with a growing number of SaaS platforms designed to simplify IoT adoption and eliminate many of the deep investments typically needed for gateways, edge computing and other IoT-specific elements.
IoT SaaS operates between the IoT device field and the enterprise. SaaS handles many of the important elements that an enterprise must otherwise provide. For example, the SaaS offering typically handles mundane infrastructure tasks, such as data security and reporting. But the SaaS offering will often include much of the high-level processing and computing, such as analytics, with additional support for ML. This relieves the enterprise data center from this IoT burden, and the business can focus on receiving and using the resulting analyses.
IoT SaaS offerings provide similar features,
IoT SaaS offerings provide similar features, so carefully consider the pricing to select the provider best suited to the number of IoT devices, data volumes and analytical needs of your organization. Typical IoT SaaS providers include Altair SmartWorks, EMnify, Google Cloud IoT Core, IBM Watson IoT Platform, Microsoft Azure IoT Hub and Oracle IoT.
IoT isn't just changing the way businesses operate. It's enabling a variety of new business models that let organizations derive revenue from IoT projects and products. There are at least four types of business models that IoT can facilitate effectively:
Salable data. The raw data gathered by IoT devices can readily be monetized. For example, the data gathered by a personal fitness tracker might be interesting to health insurance companies seeking to adjust rates based on consumer fitness activity.
Business-to-business and business-to-consumer. IoT is all about collecting and analyzing data, and such analytics can be used to identify and optimize brand loyalty or drive additional sales based on business needs or consumer activities identified by IoT devices.
IoT platforms. The data and analytics yielded by IoT can form the foundation of platforms that offer AI services -- think Alexa. Those platforms continue to learn and improve, and the services offered can be integrated by third-party businesses for a fee.
Pay-per-use. Businesses such as bicycle or scooter rentals are readily facilitated by IoT technologies where equipment can be located by GPS and found by users with corresponding apps, then accessed, used and paid for automatically. IoT data can analyze utilization and maintenance patterns to optimize the business process.
What are the requirements for implementing IoT?
There are numerous technical issues for IoT, including the selection and deployment of devices, network connectivity and building adequate analytical capabilities and capacity. But all those considerations relate to the actual building and operation of an IoT infrastructure. For many organizations, the initial questions are far simpler; why do it, and how should we start?
As with any IT project, an IoT initiative must start with a clear strategy that outlines the purpose of the project and clearly states its goals. Such an initial strategy might also underscore the intended value proposition -- such as increased productivity or decreased costs through predictive maintenance -- of the project to justify the financial and intellectual investment required.
With a strategy in mind, the business usually moves into a period of research and experimentation to identify IoT products, software and other infrastructure elements. Project managers then implement limited proof-of-principle projects to demonstrate the technology and refine its deployment and management tactics, such as configuration and security. At the same time, analysts evaluate ways to use the resulting data and understand the tools and computing infrastructure needed to derive business intelligence from the IoT data. This might involve using limited data center resources for small-scale analytics, with an eye to public cloud resources and services as the IoT project scales.
A business can approach an IoT project in three ways:
The effort might be experimental, assembling a platform and allowing users to find value.
The effort might be more formal, employing a clear project blueprint and project timeline.
The effort might represent a complete commitment to IoT across the organization, though such an effort usually requires more expertise and confidence in IoT compared to others.
Regardless of the approach, the key is to remain focused on the value IoT brings to the business.
A comprehensive IoT deployment strategy will help the organization avoid challenges during implementation.
What are the risks and challenges of implementing IoT?
Although the risks are generally well understood, the sheer volume and diversity of IoT devices requires a greater level of attention and control than a business might otherwise exercise. The most detrimental risks of IoT environments include the following:
Inability to discover all IoT devices. IoT tools and practices must be capable of discovering and configuring all IoT devices in the environment. Undiscovered devices are unmanaged devices and can provide attack vectors for hackers to access the network. In a broader sense, admins must be able to discover and control all devices on the network.
Weak or absent access control. IoT security depends on the proper authentication and authorization of each device. This is strengthened by each device's unique identifier, but it's still important to configure each IoT device for least privilege -- accessing only the network resources that are essential. Reinforce other security measures by adopting strong passwords and enabling network encryption for every IoT device.
Ignored or overlooked device updates. IoT devices can require periodic updates or patches to internal software or firmware. Ignoring or overlooking a device update can leave IoT devices susceptible to intrusion or hacking. Consider update logistics and practices when designing an IoT environment. Some devices might be difficult or impossible to update in the field and might even be inaccessible or problematic to take offline.
Poor or weak network security. IoT deployments can add thousands of devices to a LAN. Each new device opens a potential access point for intrusion. Organizations that implement IoT often implement additional network-wide security measures, including intrusion detection and prevention systems, tightly controlled firewalls and comprehensive antimalware tools. Organizations might also opt to segment the IoT network from the rest of the IT network.
Lack of security policy or process. Policy and process is vital for proper network security. This represents the combination of tools and practices used to configure, monitor and enforce device security across the network. Proper documentation, clear configuration guidelines and rapid reporting and response are all part of IoT and everyday network security.
An example of how an IoT system works from collecting data to taking action
Steps for implementation
There is no single ubiquitous approach to designing and implementing an IoT infrastructure. But there is a common suite of considerations that can potentially help organizations check all the boxes to successfully architect and deploy an IoT project. Important implementation considerations include the following:
Network connectivity. IoT devices can offer several alternatives for connectivity, including Wi-Fi, Bluetooth, 4G and 5G. There's no rule that requires all devices to use the same connectivity, but standardizing on one approach can simplify device configuration and monitoring. Also decide whether sensors and actuators should use the same network or a different one.
IoT hub. Simply passing all IoT data directly from devices to an analytics platform can result in disparate connections and poor performance. An intermediary platform, such as an IoT hub, can help organize, preprocess and encrypt data from devices across an area before sending that data along for analytics. If a remote facility is IoT enabled, a hub might gather and preprocess that IoT data at the edge before sending it along for further analysis.
Aggregation and analytics. After the data is collected, it might drive reporting systems and actuators or be gathered for deeper analysis, query and other big data purposes. Decide on the software tools used to process, analyze, visualize and drive ML. One example includes the choice of IoT database and database architectures -- SQL vs. NoSQL or static vs. streaming. These tools might be deployed in the local data center or used through SaaS or cloud providers.
Device management and control. Use a software tool capable of reliably servicing all the IoT devices deployed throughout the IoT project's lifecycle. Look for high levels of automation and group management capabilities to streamline configuration and reduce errors. IoT device patching and updating is emerging as a problem, and organizations should pay close attention to update and upgrade workflows.
Security. Every IoT device is a potential security vulnerability, so an IoT implementation must include a careful consideration of IoT configuration and integration into existing security tools and platforms (such as intrusion detection and prevention systems and antimalware tools).
What is the future of IoT?
The future of IoT can be difficult to predict because the technology and its applications are still relatively new and have enormous growth potential. Still, it's possible to make some fundamental predictions.
IoT devices will continue to proliferate. The next few years will see billions of additional IoT devices added to the internet, fueled by a combination of technologies, including 5G connectivity, and countless new business use cases emerging across major industries, such as healthcare and manufacturing.
Coming years should also see a reevaluation and increase in IoT security, starting with initial device design through business selection and implementation. Future devices will incorporate stronger security features enabled by default. Existing security tools, such as intrusion detection and prevention, will include support for IoT architectures with comprehensive logging and active remediation. At the same time, IoT device management tools will increasingly emphasize security auditing and automatically address IoT device security weaknesses.
Finally, IoT data volumes will continue to grow and translate into new revenue opportunities for businesses. That data will increasingly drive ML and AI initiatives across multiple industries, from science to transportation to finance to retail.