IoT Agenda

March 12, 2019  1:52 PM

Can we ensure consumer IoT privacy while enabling the data marketplace?

Ashley Stevenson Profile: Ashley Stevenson
Data Marketplace, Data privacy, digital identity, Identity management, Internet of Things, iot, IoT data, iot privacy, iot security

The internet of things promises huge potential benefits for both consumers, who will gain access to better and more personalized services through smart devices, and businesses, for which the proliferation of connected devices and touchpoints will open up lucrative new revenue streams.

One of these new revenue streams could be the data marketplace, where companies would trade non-sensitive data sets and data streams from connected devices. Accenture estimated that the IoT data marketplace will unlock $3.6 trillion in value by 2030.

However, in the current climate of heightened privacy awareness — where stories like Google’s recent nearly $57 million GDPR fine frequently hit the headlines — the idea of buying and selling any data without the proper consent is increasingly problematic.

The question is therefore: Is it possible to create an internet of things that is both trusted to protect individuals’ data privacy rights while also taking advantage of the business opportunities that a data marketplace would bring?

The sharing of non-sensitive data is a no-brainer

To illustrate the potential advantages of an IoT-enabled data marketplace, it is helpful to consider a real-world example. Let’s look at how this might work for one of the most high-profile IoT use cases: the connected vehicle.

At CES this year, a recurring theme was the growing potential for a data marketplace in the automotive industry — namely, through the connected vehicle. One thing was clear: While user data provides a huge opportunity for the provision of intelligent and personalized digital services within the car, the potential benefits extend far beyond the individual consumer’s experience. A manufacturer will also have sensors on a vehicle that it wants to share — and sell — non-sensitive data from, decoupled from the identity of the user.

Such data could include live diagnostics on engine performance; tire wear and tear; aerodynamic diagnostics in various weather conditions; ride-height relative to different loads; and the quality and safety of the road itself. A perfect example is a smart municipal bus, which could transmit information — such as vehicle diagnostics, the number of people onboard, congestion on the road, etcetera — to inform service updates and help ensure mechanical reliability.

Not only would this data be valuable for manufacturers and designers, it could also be traded with third parties, such as research firms, other manufacturers or even local governments, as with the bus example above. It ultimately comes down to the sharing of knowledge that, as well as providing an extra source of revenue for manufacturers and service providers, would ultimately benefit the end user as it gets put to use tuning products, services and infrastructure.

Bumps in the road…

In order to make this kind of data marketplace a viable reality, manufacturers need to make sure they can be trusted to keep data secure and private.

The need for security is obvious: IoT data streams will originate from a wide variety of devices and sensors that control critical processes, infrastructure and sensitive information, making them an extremely tempting target for hackers.

The question of privacy is equally important, and getting it right will require a highly sophisticated and granular way of handling personal and non-personal data. Think of the scenario: To trade on the data marketplace, device manufacturers will need to be able to grant access to certain data streams to specific people or organizations, under certain circumstances, without exposing sensitive personal data that might also be captured by the same set of devices or linked within data streams. They need to be able to authenticate requests to access data from paying customers and refuse access from unauthorized or malicious parties, and they need to be able to group (and ungroup) devices, data sets and identities seamlessly. And they need to do all of this in a way that builds and maintains the trust of the end user. Transparency will be key here — companies need to clearly explain how they use the data they collect, as well as the steps they take to ensure privacy and compliance with all relevant regulations, such as GDPR.

A complex web of relationships

To achieve all of the above, each connected device needs a stable digital identity that helps define who and what gets access to its data, under what circumstances.

This is far from simple, due to the sheer complexity of relationships and context-based decisions that will underpin real-world use cases. To take our example of the connected car or bus, the vehicle has to connect to the external infrastructure it’s operating within — incorporating many different cloud services, software providers and hardware — creating a series of relationships that each require varying levels of trust and security. It doesn’t end there, however, as this complexity also exists within the vehicle too, with each sensor in the network requiring a way of fitting into the wider hierarchy of devices.

What establishes a stable digital identity in IoT? First, both people and things need digital identities. And beyond the identity itself — the unique information that differentiates a device or person from another — reliable credentials are needed to provide a trusted way of confirming that identity is genuine, as well as strong authentication and authorization protocols defining access to the device’s data.

Only once there is a formal system defining how each device fits into the puzzle can a manufacturer then give the user transparent control for granting or restricting access to the information on those devices from a higher level. This is crucial to ensuring the data sharing from the device is trustworthy and compliant.

Access controls should be delegated to the data owner and designed so that they can be managed from a single dashboard to streamline the process and give the clearest view of what information is — and what information isn’t — allowed to be shared. The User-Managed Access protocol is the ideal candidate to support this system, as it provides such a transparent and secure dashboard.

Digital identity is the key to the data marketplace

And so we return to our original question: Is it possible to create an IoT that is trusted to protect individuals’ data privacy rights while also providing the potential business opportunities that the data marketplace could provide?

The short answer is yes, if you are able to establish a smart and nuanced approach to digital identity — one that covers both people and things and that allows manufacturers and service providers to build their IoT strategy on a foundation of trust.

Only once users are given full, transparent control of the data that’s on their devices will they then trust companies to securely and responsibly share non-sensitive information on the data marketplace. A robust digital identity protocol is also the key enabler for companies that need to securely authenticate requests to access non-sensitive data from paying customers while refusing access from unauthorized or malicious parties. Put simply, without digital identity, the data marketplace won’t leave the garage!

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 12, 2019  11:40 AM

Why outsource R&D in IoT application development

Nacho De Marco Nacho De Marco Profile: Nacho De Marco
Application outsourcing, Internet of Things, iot, IoT applications, IoT apps, IoT developers, MVP, Outsourcing, poc, prototype, R/D, research and development

Outsourcing IoT applications is a growing trend as it mitigates risk and keeps costs under control. Many businesses choose to outsource their development aspect, perhaps because they do not have the internal skills, or simply because they do not want to build up an internal team with IoT talent. Therefore, they choose to work with nearshore software outsourcing companies that can handle creating their IoT product.

What some organizations overlook is outsourcing the R&D aspect of IoT application creation. Many companies have an idea and want to rush to create it, lest a competitor gets to market first. Outsourcing R&D can help ensure the idea is fit for market without hiring employees with specialized R&D skills.

The importance of R&D in IoT application development

R&D teams handle both technical and business elements of a product. Their role is to evaluate both the feasibility of the product, as well as the actual technology. Additionally, R&D teams can look at future business opportunities. The end result should be research, prototypes and well-informed advice on the IoT product.

The R&D team can experiment with the idea before it’s actually a product, and it can help shape the concept into a functional asset that solves a user problem. Some products can take years to go through R&D — think self-driving cars.

The next step: POC, MVP and a prototype

IoT systems have different needs in the initial phase. R&D starts with substantial research on the potential product and its market fit. For many companies, the next phase is a proof of concept (POC), a minimum viable product (MVP) or a prototype. While some companies lump these three together, understanding each one specifically is important.

A POC is an exercise conducted to understand the product thoroughly. This happens before any planning of product creation. It answers questions such as: Does this potential product have a market? Will customers actually use this? It’s interesting that 60% of IoT initiatives stall at the POC stage, which could be a reason why so many IoT projects fail.

A prototype, which sometimes comes next, has the same primary goal of helping companies realize whether or not the potential product will work. By building a prototype, an R&D team can test the functionality, design and usability of the product. Obviously, prototyping for IoT applications is quite complicated as they are enhanced by smart sensors and embedded systems. Teams need access to circuit boards, microcontrollers and, of course, sensors. A prototype is not ready for market; the hardware used in this phase may differ at a later stage.

Source: Pixabay

An MVP is a product with enough of the final features to be viable for the market. The point of an MVP is to get it to market to find early adopters before investing in all the bells and whistles of the final product. For IoT, this is crucial. A survey on the IoT found that 60% of respondents stressed that IoT initiatives often look good on paper, but prove far more difficult than anyone expected.

Deciding between one or all of these three can be difficult, and doing one of them requires specialists and plenty of IoT equipment. While large companies can invest in a POC, prototype and MVP, smaller companies often cannot. And choosing which R&D route to take requires specialists who understand the functionality and idea of the product and specific equipment which may be better provided by an outsourcing partner.

Considerations when outsourcing R&D for IoT

IoT technology is far more complicated than most, which is why these specialized developers are in high demand. Regardless, R&D cannot function in a vacuum, so companies that outsource this step must fully integrate the third-party team. The R&D process should be robust because it should mitigate risk and assess whether or not the product will work. IoT development is costly, so if the product doesn’t fit the user’s needs, it’s a massive hit for the company.

If choosing to outsource, be sure to select a company that has experience in the R&D process for IoT. Since it differs significantly from other software development projects, these specialists, including engineers and scientists, are highly sought after for internal teams.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 11, 2019  1:40 PM

Why Android is the main driving force of IoT

Harnil Oza Harnil Oza Profile: Harnil Oza
Android, android apps, app developers, Internet of Things, iot, IoT applications, IoT apps, IoT developers, IoT software, Mobile OS, Open source

IoT is widely talked about today in the software industry in terms of billions of devices, the adaptation of the IoT in the market, changing business models and growth in years to come. These days, connecting devices has become very dominant in that every software industry wants to excel in IoT by creating IoT-based services and products.

Connected things have existed for some time now — just look at the numerous industrial examples in which actuators and sensors have been remotely controlled. But over time, the technology used to connect these things has undergone tremendous improvements. There is more to IoT than just connecting ordinary things and making them available globally. When connected things are connected to processes and people, they become the internet of things. IoT devices make a large amount of data that can be visualized and accessed globally, data that can be reformed to create tangible insights, predict solutions, predict situations, build patterns and perform self-optimization of ordinary things by instructing them.

Android is the major driving force behind IoT

Android apps are IoT’s driving forces. Why? When you consider the market, billions of smart devices are compatible with Android. Additionally, anyone aware of the existence of smartphones is conversant with the existence of Android, which is presently the world’s leading mobile operating system. Basically, IoT is being built and managed for Android. Google made Android open for developers and device makers, which has made it a global front end for developers. This has contributed to its fast growth as a software platform. It is open source, allowing almost anyone customize it and use its source code in almost any gadget or device. Furthermore, Android Things preview version awards app developers a view at the new provision for technologies such as OpenGL and WebView to show web content.

A number of changes have been made since the update to Android O. Android Things was built to give app developers the opportunity to design Android-based mass-market and user IoT gadgets. Google claimed all complications associated with embedded system development are not applicable to the platform, therefore even without prior IT system development skills, developers could begin to use the platform to design IoT devices.

How Android is utilized in IoT

At first, IoT use in Android was seen as something that couldn’t be achieved. But currently, IoT in Android is a reality and is growing rapidly. In a simple view, the internet of things implies the growing interconnectedness of diverse smart gadgets over the internet. These devices have internet connectivity and sensors that permits them to accept information, gather and transmit it.

App developers work tirelessly to enhance the connectivity of electronic gadgets in offices and homes. A wide range of devices have hit the market already and a lot more are set to surface. These days, it is very easy to control your toaster, TV, treadmill and refrigerator using your smartphone. The availability of a platform on which these gadgets can work is the only reason IoT technology is possible today.

More reasons Android is at the forefront of IoT include:

  • Android is a global front end from which developers can work. Google, the sole owner of Android, made it open source, allowing diverse device makers and developers to access it and contribute to its steady progress. The Linux-based software is open source, which allows app developers to utilize the source code and customize code to any device of their choice.
  • There are several gadgets that depend on Android as an operating system. Android acts as the front end of IoT with a large amount of devices running on the Android platform. It is cheap and easy to design gadgets for IoT, making them more affordable for users.
  • Apps drive IoT. A device is just a device. Meanwhile, with the proper software and apps to assist the device, it becomes more equipped. Presently, Android is the largest app platform in the world. The Google Play Store reported having 2.6 million applications at the end of 2016. Therefore, it is not astonishing that Android is driving IoT.
  • IoT is being developed in Java. A lot of IoT gadgets are being developed in Java. Contrary to the use of embedded Java, which entails dedicated devices, Android permits Java to be applied in a way that makes sense.

The IoT ecosystem for Android

Knowing the IoT ecosystem and the part Android plays in it is critical to comprehending the application of Android in IoT.

  • Data transfer. There are components that control the transmission of data from the sensor. For this, the two simplest choices available are XMPP and MQTT. Both are open source implementations supported by Android. The libraries can be utilized on Android, Linux and Windows.
  • The sensor. Sensors have the ability to generate digital signals and perceive physical properties such as temperature. A lot of hardware vendors depend on specific platforms, such as Windows, Android and Linux. Since Android can be ported to any device and is open source, it is a common choice for device producers.
  • There must be a program capable of accepting and storing data. This can be in the form of a standard Linux server. The server accepts data, recognizes it and process it. Any succeeding analysis can be done using the data.
  • The components of the IoT ecosystem must be supported by a processor or device with an operating system. This device must be able to provide constant connectivity and must be portable and small, and should consume less power. All these requirements are being met by Android devices to cater for a wide range of sensors.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 11, 2019  10:36 AM

Digital transformation: So, you’ve transformed. Now what?

Sudhi Sinha Profile: Sudhi Sinha
Digital transformation, Digitization, IoT applications, IoT skills, Smart Building, workforce development

Digital transformation is still proving to be one of 2019’s most popular buzzwords, not only because of how essential it is for businesses, but because of where it’s still poised to go and its potential impact.

According to IDC, companies are predicted to spend $1.7 trillion on digital transformation by the end of 2019, a 42% increase from 2017. Organizations of all sizes and from a variety of industries are all still working to digitize their business operations. But the shift in culture toward increased digitization is proving to be easier said than done.

Many companies are starting to realize that the promise of running operations faster, easier and cheaper is being outshined by the need to drive real business value throughout the organization. In fact, less than 30% of digital transformation initiatives have been successful. So, how can companies find value or drive ROI from their digitization efforts?

The answer lies in the data. Organizations are no longer surprised by the capability to track utilization rates, energy consumption or other data feeds. Instead they are starting to realize that they can use these insights to make their people, resources and assets not only more efficient, but also more productive. Let’s take a deeper dive into how businesses can effectively draw value from their digital transformation implementation to begin seeing the benefits of a connected ecosystem.

Finding the business value

Change is always a challenge, and the large-scale shift toward full digitization across industries that we have seen in recent years has been no exception. Once companies have undergone their digital transformations and turned their organization into complex, connected technology systems, the process doesn’t stop there. These ecosystems now need to work to synthesize data collected from the various systems. This all helps ease the burden on facility staff and creates new value for building owners that never existed before, including new revenue streams.

For example, let’s look at a 30-floor office building that recently underwent a digital transformation and created a “living” building that can learn, advance and evolve. With this living building, a building owner or manager can now track energy consumption at a more granular level, down to each individual floor, and provide actions or insights into how that floor can better optimize their environment. This could be anything from dimming the lights in areas that are not being used to even setting up a timer or schedule for each floor to only run the lights during business hours. Multiply that level of optimization across all 30 floors and the building owner is not only increasing the sustainability level of the building, but also significantly reducing costs on energy bills.

These building owners and managers want their properties to work for them, for their occupants and for the businesses they house. This new standard should not be limited to simple building management, but stretched to achieving full optimization across systems because a more comfortable and controlled environment results in increased reliability and profit.

Investing in your workforce

In any industry, a skilled and engaged workforce is key to achieving an organization’s goals. This has held true during the process of digital transformation. Digitization is improving not just the function of equipment, but also the structure and needs of organizations when it comes to acquiring talent and building their management teams. As businesses go through digital transformations, they must invest not just in additions to their management teams, but also in robust talent recruitment and development at all levels to ensure long-lasting productivity and success. To prove this point, a seamless move through the process of digital transformation is over three times more likely when organizations invest adequately in digital talent.

Let’s go back to the example of the 30-floor office building. The building itself is optimized with the latest technology, but let’s talk about who is responsible for the performance of that technology for a moment. The facility manager no longer has to manually track usage, freeing up a lot of time to focus on key matters and learn to optimize the building’s energy performance in all kinds of new ways. The managers themselves, however, must be appropriately trained to work with new technologies for optimization, reporting and maintenance. This takes investment and time. For a successful digital transformation, it must be a high priority of businesses to invest in not just new technologies, but in the people or partner who will manage them for maximum productivity.

Where do we go from here?

In terms of the future of digitization, generating more awareness around the value that digital transformations can provide for organizations will lead to increased adoption of these systems. A building is no longer just a place to do business, but has become critical to how business is conducted. Understanding and embracing technology and its resulting data is key to this shift, as is having a skilled workforce able to effectively utilize and manage these systems.

It will be important for companies offering digital management systems to ensure that they are not only able to be implemented in new construction projects, but are capable of being retrofitted to work with existing building systems, no matter the industry. Being able to adapt to different needs for implementation of smart, vendor-agnostic technologies to meet customers where they are is what will, in the end, ensure long-term success.

Digital transformation will also have far reaching implications for the future of the workforce. Training humans to effectively work with new technologies so that both can perform at their best will take upfront investment if a business wishes to see its digital transformation succeed and get the best return on their investment.

Managers and building owners are beginning to see ROIs made from their smart building systems and can demonstrate the real advantages of optimization from the insights provided. As this awareness spreads, more organizations will continue to follow suit and learn how to fully use their new technology ecosystems and reap the rewards.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 8, 2019  1:32 PM

Questions for IIoT edge computing implementation success

John Fryer Profile: John Fryer
Edge computing, IIoT, industrial internet of things, Industrial IoT, Internet of Things, iot, IoT edge, IoT edge computing, IT/OT convergence

As many businesses begin to realize the benefits of new IIoT technologies, including edge computing, to optimize their business performance, it’s easy to focus purely on the promise that these technologies bring. However, there are crucial considerations that every company must take into account before undergoing an IIoT deployment in order to avoid catastrophic — and often times expensive — mistakes. Below, I’ve outlined questions that companies should ask themselves when looking to succeed in undergoing an edge computing implementation.

What are our expectations with this effort? When purchasing devices and technology to modernize your environments, talk to your vendor about the level of support that is included. Oftentimes, it’s expected that this technology comes with unlimited 24/7 hardware support, but this isn’t always the case. Additionally, before deploying an edge computing platform, you need to understand the challenges that come with this type of technology. Be prepared to locate and access remote or hard-to-reach areas of your plant — this is where edge devices work best.

How should we communicate ownership in our transformation? A huge mistake that I’ve seen companies make is not communicating responsibilities in a clear way. Before you undergo a digital transformation project of any kind, it’s critical to include all teams that will be involved in deployment and implementation in these conversations, especially your IT and OT departments. You may even want to consider combining your OT and IT teams into a hybrid model to further streamline the process. And while IT teams are crucial, you cannot give them the sole responsibility of managing your plant’s edge computing implementation. It’s crucial that both OT and IT teams are involved since both of them are responsible for important — but different — operations related to your businesses success. Regardless, before your deploying a complex system of any kind, clear ownership and responsibilities need to be dictated and outlined in your plan. Problems arise quickly after implementation when there is no clear ownership at the plant level or when personnel lack technical training.

Do we have the support from both a staffing and a technology perspective to make this transition? On the people front, too often, I’ve seen manufacturers place a low importance on plant floor staff that are tasked with the day-to-day technical support of these complex technologies. This leads to high turnover rates among these positions, in addition to a loss of important knowledge that’s often difficult and time-consuming to retrain. On the technology side, unfortunately, there’s always the chance that your technology will face a disruption — whether it be a security breach or system crash. It’s important that you address these potential issues before they occur, making sure that support is in place if there’s a disruption that arises outside of traditional business hours.

In short, to avoid the most common pitfalls of an edge computing implementation, you need to follow three key steps: setting expectations, communicating responsibilities and establishing support. As with any IIoT implementation, it’s crucial to plan for expected events and disruptions, allowing for you to enjoy the benefits of this new technology without a worry.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 8, 2019  11:38 AM

Will the new EU standard protect consumers from IoT products?

Thomas Ryd Profile: Thomas Ryd
connected devices, Internet of Things, iot, IoT devices, IoT regulations, iot security, IoT standards, IoT updates, securing IoT, security regulations, security standards, software updates

The European Telecommunications Standards Institute (ETSI) recently released Technical Specification 103 645, seeking to help protect consumers from IoT devices. The specification was produced by the ETSI Technical Committee on Cybersecurity.

The ETSI has almost 900 members worldwide, including companies like ABB, Canon, Ericsson, Mitsubishi, LG Electronics, Orange, Schneider Electric, Audi, Deutsche Bahn, Lufthansa Systems, Panasonic, Bosch, Samsung Electronics, Siemens and many more world-class companies. We can expect these organizations to lead the way toward a more secure connected world.

Tightening the grip of IoT security

Everyone working in the IoT security industry knows it is like the Wild West at the moment. Without any hard regulations in place, the industry has defaulted to low security standards in the interest of perceived saved time and costs.

Like seatbelts becoming mandatory in cars and privacy protection in social media with GDPR, it is just a question of time before internet-connected devices face much stricter legal security requirements.

Several initiatives to help the industry improve the security of IoT exist, like the American IoT Cyber Security Act, the Cyber Shield Act, The Smart IoT Act, NIST’s Managing IoT Cybersecurity and Privacy Risks, the EU’s Cybersecurity Act and don’t to forget the recent SB-327 bill in which California will be forcing basic security on IoT devices starting on January 1, 2020. There are good reasons to believe these represent requirements of what is to come.

Once harder regulations hit the industry, the actuality of these will probably stem from best practices and experience gained from all the ongoing initiatives. Let’s therefore dive more into ETSI’s new standard to see what the future holds.

What lawmakers will come to expect from IoT products

The TS 103 645 comes with a set of fairly technical requirements. None of the requirements can be said to go beyond basic hygiene security, but the scope of this highlights that securing an internet-connected device is not trivial. Done properly, security must be included from the design phase and all the way until end of life for the product. Security as a patchwork will fail. The 13 requirements presented in the new standard are:

  1. No universal default passwords
  2. Implement a means to manage reports of vulnerabilities
  3. Keep software updated
  4. Securely store credentials and security-sensitive data
  5. Communicate securely
  6. Minimize exposed attack surface
  7. Ensure software integrity
  8. Ensure personal data is protected
  9. Make systems resilient to outages
  10. Examine system telemetry data
  11. Make it easy for consumers to delete personal data
  12. Make installation and maintenance of devices easy
  13. Validate input data

To read more about each of these requirements, click here.

Keep software updated

The third requirement in the standard gets the most attention — by measure of number of words — and should be regarded as one of the most important security measures to get in place. Having a way to update software ensures a fallback option regardless of bugs, vulnerabilities and whether the device has been exploited or not.

The “keep software updated” requirement includes these provisions:

  • All software components in consumer IoT devices should be securely updatable
  • The consumer should be informed when an update is required
  • Updates shall be timely — which depends on the level of severity
  • All products shall have clear labelling with end-of-life date
  • The need for an update should be made clear for the consumer, and easy to do
  • Basic functionality should keep running during an update
  • Security patches must be delivered over a secure channel
  • Constrained devices should be isolable and the hardware replaceable
  • Constrained device must have a clear end-of-life label regarding hardware replacement

Several open source software updating mechanisms can be implemented to ensure many of these requirements exist. One of the most popular is Be cautioned about trying to develop your own homegrown updater method. For example, two of the other requirements in the new standard are communicate securely and ensure software integrity. Both are paramount to security, but quite hard to implement in practice as we have seen from our day-to-day practice at

Winners are serious about security

As pointed out in “What separates leaders from laggards in the internet of things,” referring to findings from a McKinsey study of 300 businesses, winners take security into account in the design and lifecycle of their products. With regulators increasingly realizing the importance of securing the world’s connected devices, it is just a question of when every vendor must comply with basic security measures. The good news is that security actually proves to be good for business.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 7, 2019  1:53 PM

4 IoT monetization strategies — and how to choose the right one for your offerings

Cris Wendt Profile: Cris Wendt
Data monetization, Internet of Things, iot, IoT monetization, IoT service providers, IoT services, monetization, monetization models, outcome model, perpetual model, subscription model, usage model

As enterprises find themselves increasingly incentivized to provide IoT products and services, they also find themselves in search of monetization models more naturally congruent with their new IoT offerings. Many of these enterprises are established OEMs that have historically sold physical hardware products (or “things,” the T in IoT), but have now added software content and connectivity in pursuit of richer functionality. Thermostats are an example of a product type that has witnessed this transformation from pure hardware to incorporating IoT software and connectivity, and which has empowered manufacturers to make the shift from delivering devices to selling functions or capacity. At the same time, newer IoT enterprises may have launched with a recurring revenue model already in mind. The common question that enterprises offering IoT must answer is this: What is the most advantageous monetization model for my particular IoT product software?

There are three main areas to consider about your IoT monetization strategy: the underlying monetization revenue model, the metric and the product structure. In this article, I’ll focus on ways to develop healthy revenue models that capture new customers as well as have high renewal rates.

The monetization model you ought to choose will depend in large part on what you have to offer. The full IoT stack spans IoT devices, IoT gateways managing those devices, data collected in the cloud, and cloud analytics and control capabilities that orchestrate IoT systems and deliver insights. Each of these components represents an opportunity for monetization. Further, enterprises may be in the position of offering the entire stack as an end-to-end proposition.

Source: Flexera

Here are four popular monetization models, and how each may pertain to your own IoT offerings:

1. Perpetual model

This is the traditional model under which customers pay for a product once upfront, and then have a perpetual right to use the product (software), while assuming full responsibility for its upkeep. In an IoT context, this model could apply to the sale of physical devices or gateways, or IoT software that resides in any of those components. However, even in those areas, enterprises should be exploring available opportunities to create ongoing revenue streams. For example, enterprises can sell equipment using a perpetual model and increase their revenue by offering add-ons, such as additional software-enabled functions, maintenance or analytics, as additional purchases.

2. Subscription (‘as a service’) model

This is another familiar model, in which the customer buys a yearly or multiyear service subscription that includes the right to use the software, updates to new versions of software and support, rather than buying a perpetual right to use a product, along with the additional purchase of annual yearly maintenance. CFOs tend to like this model because it provides a predictable revenue stream that can be projected into the future. This revenue predictability has made the subscription model immensely popular in many markets outside IoT — countless businesses now offer subscriptions to services that periodically deliver a box of goods to your door, whether it’s prepared meals or razor blades or even underwear. Among IoT enterprises, the subscription model is most often used by providers of cloud analytics and control systems, as well as enterprises in position to provide the full IoT stack as a service. As mentioned above, this model is also useful to device and gateway manufacturers offering service-based add-ons.

3. Usage model

In this leading-edge monetization model, customers pay providers based on specified usage metrics and are invoiced periodically, e.g., annually, quarterly or monthly. The principle behind this model is that a customer pays for what they use. Similar to the subscription model, the usage model places the impetus to deliver value onto the producer. In order for this model to succeed, usage metrics must be carefully selected and should adhere to these principles: they must be simple, fair, scalable and measurable. The challenge is to determine metrics that fit this criteria and lead to relatively predictable revenue.

As an example of the usage monetization model in action, an IoT provider of data backup and cloud storage services charges customers based on the terabytes of storage they use each month. In another case, an IoT enterprise in the medical equipment field has achieved differentiation with a usage model that charges based on the number of tests performed monthly, rather than charging for provided medical devices themselves. To arrive at the correct metrics, enterprises will often begin exploring the usage model by experimenting with a small market segment, and prove out success before using this model on a wider basis.

4. Outcome model

The outcome-based monetization model is quite leading-edge and interesting — here providers aren’t selling products or services, they’re selling an outcome. Something like those law firm commercials that say, “We don’t get paid unless you see cash,” this model is about achieving a defined business result rather than delivering individual IoT components. The outcome model makes the most sense for enterprises offering the full IoT stack required to address specific business needs, so that the provider has the range of control necessary to take responsibility for the outcome.

For example, Rolls Royce offers jet engines via a program in which airliners pay not for the engines themselves, but for the number of hours their engines operate successfully. This allows airliner customers to avoid upfront costs and maintenance responsibilities, instead paying directly for what they actually need: working engines. At the same time, Rolls Royce’s jet engines are highly sophisticated IoT systems, equipped with arrays of sensors designed to drive effective preventative maintenance and optimize the product to meet outcome goals. In another example, Monsanto sells seeds and IoT sensors used to measure field conditions such as moisture, crop health and so forth. The company also offers outcome-based crop management, with success based on the percentage increase in crop yield achieved. In this situation, the more success Monsanto delivers for customers in the specific business result of crops produced, the more revenue it earns. These outcome-focused examples offer demonstrations of how enterprises are putting the entire IoT ecosystem to bear to solve business challenges in their entirety.

By comparing these monetization models and determining which is best suited to your specific IoT offerings, you can increase your revenue margins and introduce beneficial new products and features, while expanding customer relationships and delivering specific value that keeps your clients coming back for more.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 7, 2019  11:15 AM

Deriving value out of data: Unlocking possibilities in print production

Dave Prezzano Profile: Dave Prezzano
Internet of Things, iot, IoT analytics, IoT data, IoT devices, IoT service providers, IoT services, printer, Printers, printing services, Service providers

The printing industry is in the middle of a transformation. Just a few years ago, printers were thought of as single-function machines that churned out high volumes of printed output and did little else. The rich data generated by printers — everything from ink use to processing time and resource consumption — were unavailable to most print service providers.

The smart sensor revolution — also known as the internet of things — changed all this. Innovations in technology and analytics meant it was easier to collect information from sensors embedded in printers, identify patterns and exhume actionable data. For print service providers (PSPs), this was transformative — they could now, for the first time, rely on detailed data and projections instead of estimating or guessing.

Sensors and the resulting advancements in data science are major differences between much of the traditional analog equipment previously used by the printing industry and the new wave of digital equipment that is increasingly becoming the industry standard. Digital workflows give printers the opportunity to access real-time data from their equipment and apply it to building their businesses and engaging with customers. This is how data becomes a competitive advantage.

Investing in ROI-inducing technology

Modern printers and presses can perform functions like tracking color accuracy and consistency, and different APIs allow printers to integrate with all kinds of software applications. They’re truly amazing devices, which is one reason why customers invest hundreds of millions of dollars in capital equipment for printing. When investing so much money and staking one’s business on the success of that capital equipment, it is extremely important to make sure that the output is generating maximum value to the end user. If not, return on investment is unlikely to follow.

Investing in internet-connected printers also helps facilitate communication between PSPs and their customers. Brands can gain insight into how the work is being conducted in real time, even if the printing is happening many cities away. Instead of making endless phone calls, customers can simply open an application and track printing progress. By equipping printers and vendors with the infrastructure they need, unlocking this data suddenly becomes much easier. It eases communication and makes the process more beneficial for all parties involved.

Becoming more data fluent with smart software

It’s one thing to collect tons of data, it’s another to know what to do with it. Fully utilizing printing equipment requires making sense of massive amounts of data in an actionable and digestible way. However, many PSPs still don’t know how to use this data to its full potential and convert it into actionable insights that drive growth.

Connected systems can quickly help PSPs become more data-fluent. When a printer becomes connected, it can begin transmitting data and collecting extremely detailed logs of how the device is functioning. These logs can be mined for all sorts of insights. Software handles the leg work of finding patterns in the data and transmitting that information back to the PSP. They can suddenly have insight into how many impressions they make across printers and presses, how many liters of ink they use and how that aligns with their production goals in real time. Having insights into the technology and how it works allows PSPs to focus on the human factor of printing — training employees and driving forward key business goals.

Deriving business value out of print data

By using these insights garnered from big data, PSPs can then make smarter business decisions. Should they redirect jobs to another press? Should they outsource? Should they work an additional evening shift to complete a project? By finding patterns in the data, PSPs and others can quickly see both inefficiencies and organizational high points.

This also means big changes for the day-to-day operations of an organization. Users can get insights triggering predictive alerts that will enable them to resolve issues affecting their printing performance and provide a predefined resolution path. For instance, users might find that their jam rate is much higher when using specific kinds of paper when the facility has a certain temperature or humidity rate. They can then change the storage conditions of the paper so the printing can happen more efficiently.

In an age when printers have more jobs to print then ever — and the sources of print jobs are increasingly coming from digital files — connected and smart devices also make a difference. In recent years, there has been a shift from turning an InDesign or PDF file into 100,000 printed copies of a magazine to printing a greater range of short print jobs from diverse sources. This can impact everything from the lifespan of a print device to how long it will take to fulfill complicated orders. Data gives organizations the edge for understanding their hardware and workload — and it makes all the difference in the long run.

Once unlocked, data changes everything for PSPs. Parsed through analytics platforms, data helps customers and vendors to cut their implementation times and increase the effectiveness of their equipment. At the end of the day, customers can print more, serve new market segments and grow their businesses.

With data, operational excellence and amazing creations are right around the corner for PSPs.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 7, 2019  10:05 AM

The hidden dangers of IoT devices

Richard van Hooijdonk Profile: Richard van Hooijdonk
botnets, Consumer IoT, DDOS, Enterprise IoT, Internet of Things, iot, IoT devices, iot security, securing IoT

Gradually, almost without anyone realizing it, IoT devices have become an indispensable part of our everyday routine, bringing unprecedented levels of convenience and making our lives easier and more enjoyable. Aimed not only at adults, but also children and pets, IoT devices come in all shapes and sizes, ranging from smart TVs, thermostats, locks and security cameras to children’s toys, baby monitors and pet trackers. The way things are going, almost every device in our homes could soon be equipped with sensors and connected to the internet.

However, all that convenience comes with one major drawback. IoT devices are notorious for their lack of security, mostly because manufacturers tend to neglect that aspect in the rush to get their products to the market as soon as possible and capitalize on this new opportunity. Implementing strong security features is very expensive and time-consuming, so manufacturers will often choose not to go through with it, leaving these devices exposed to attacks from the outside.

The number of IoT devices could reach 28.5 billion by 2022

The number of IoT devices has increased exponentially in recent years, and this trend shows no signs of slowing down anytime soon. In fact, networking hardware company Cisco predicted that there will be 28.5 billion connected devices in the world by 2022. Even today, it would be very difficult to find a household that doesn’t have at least one connected device. Cisco also estimated that the average number of connected devices per person will grow to 3.6 by 2022. North America is expected to spearhead the trend with 13.4 connected devices per person, followed by Western Europe with 9.4.

Source: Shutterstock

As the number of IoT devices increases, so does the number of cyberattacks directed at them. According to cybersecurity company Kaspersky Lab, there were three times more attacks on connected devices in the first half of 2018 than there were in the entire 2017. Previously, in the period between 2016 and 2017, the number of attacks increased 10 times, indicating a troubling upward trend that’s set to become even more pronounced in the coming years as IoT devices become more ubiquitous.

How dangerous are unsecured IoT devices?

There are a number of ways manufacturers can leave IoT devices vulnerable to hackers, but the most common involves assigning weak default login credentials. Even worse, those credentials often can’t be changed, and even if they can, users are rarely prompted to do so. This allows hackers to easily obtain them, sometimes with nothing more than a web search, and take control of the compromised device. The infamous Mirai botnet attack of 2016 still serves as the best example of just how dangerous unsecured IoT devices can be. It was the most disruptive distributed denial-of-service (DDoS) attack in history, in which hackers gained control of more than 100,000 poorly secured IoT devices and used them to launch a sustained assault on the leading DNS provider Dyn, taking down numerous important websites in the process, such as Twitter, Netflix, Amazon and CNN.

However, IoT devices aren’t used just to launch DDoS attacks. Hackers are also increasingly using them to attack consumers directly and steal their personal data or use their systems to mine cryptocurrencies. Princeton University recently conducted a comprehensive study of more than 50 consumer IoT devices, including smart TVs, security cameras, smart lightbulbs, smart smoke detectors, sleep monitors, smart blood pressure monitors and children’s toys. The study revealed that many of the devices tested lack even basic encryption and authentication features, allow attackers to infer user behavior from encrypted traffic metadata, or communicate with third parties without users’ knowledge.

Regulatory issues

The lack of regulation is one of the biggest issues associated with IoT devices, but things are starting to change in that regard as well. The U.S. government was among the first to take the threat posed by unsecured IoT devices seriously, introducing a number of IoT-related bills in Congress over the last couple of years. It all began with the IoT Cybersecurity Improvement Act of 2017, which set minimum security standards for connected devices obtained by the government. This legislation was followed by the SMART IoT Act, which tasked the Department of Commerce with conducting a study of the current IoT industry in the United States.

Source: Shutterstock

Furthermore, California recently became the first U.S. state to pass an IoT cybersecurity bill, which will require manufacturers to equip all connected devices with reasonable security features. While the bill doesn’t make it clear what those reasonable security features are exactly, it does specify that devices that allow access from outside of a local area network need to have either a unique default password or prompt users to choose their own during setup. Although it’s been criticized by some cybersecurity experts for being too vague and simplistic, it nevertheless marks an important step towards making IoT devices more secure.

Other governments are also stepping up their efforts to protect consumers from this growing threat. The UK government released the Code of Practice for consumer IoT security in October 2018, which sets forth guidelines for improving the security of consumer IoT products and associated services. Similarly, in November 2018, Germany’s Federal Office for Information Security published its suggestions for minimum security standards and features required for broadband routers.

The number of IoT devices continues to increase at a rapid pace, and it’s becoming increasingly clear that this technology is here to stay. While they provide numerous benefits, IoT devices also come with a variety of security and privacy concerns. Until manufacturers raise their standards and invest more in implementing strong security features, businesses and consumers will have to do their own part to ensure that the devices they bring into their workplaces and homes aren’t a security risk. The best way to do that is to purchase IoT devices exclusively from manufacturers with a proven track record when it comes to security; use unique, strong passwords for each device; and always keep software and firmware updated. Even that won’t be enough to completely eliminate the threat, but it will at least minimize it.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

March 6, 2019  2:52 PM

Connected cars: The value of bridging the gap between developers and car manufacturers

Kevin Valdek Profile: Kevin Valdek
app developers, app development, Connected car, connected car data, connected cars, infotainment, Internet of Things, iot, IoT applications, IoT apps, IoT data, manufacturers

When we look to our increasingly connected future — a future in which every new vehicle being built is a connected vehicle — what we can be certain of is the increased importance of the link between car manufacturers and developers.

In this three-part series of articles, let’s look at the growing importance of that relationship, challenges we face in strengthening it, solutions to those challenges and how to best navigate an industry which relies heavily on these two very different, codependent and delicately balanced ecosystems.

Current status of connected cars

The global connected car market is expected to exceed $219 billion by 2025, with the number of vehicles worldwide expected to reach 2.03 billion by 2030. Consumers are demanding more and more from their vehicles, from in-car entertainment to dashboard warnings regarding traffic, weather and hazards. Crucially, consumers are increasingly expecting their in-car experiences to mirror their out-of-car experiences, with one continuing seamlessly from the other.

Consumers’ expectations of the user experience are no longer exclusive to their experience of simply driving a car, but instead include a host of other considerations as well. For example, when buying a vehicle, a user may also take into account the maintenance and cleaning of the vehicle, whether they can have packages delivered to the vehicle, if they get an insurance policy that automatically adapts to their driving needs or if it will be able to find an elusive parking space in an area where they are hard to come by.

When purchasing a vehicle, a customer’s decision considerations will focus on mobility, connectivity and in-car user experience. The connected car and the apps and services which car manufacturers can offer customers via the technology it provides opens up numerous revenue streams for OEMs which were previously not possible. The opportunities for the carmaker and therefore the depth of experience available for the user are both limitless.

The role developers and car manufacturers play in the connected car cycle today

The production and success of a connected car is currently a combined effort consisting of a delicately balanced ecosystem. This ecosystem contains OEMs, aftermarket device manufacturers, content providers (third-party companies) and application developers. Although the vehicle itself facilitates the others, without any one part of this system we no longer have a production cycle that works.

Traditionally, the role of the car manufacturer has been to provide the vehicle. For car manufacturers today, connected cars represent a new era in the history of the car. Developing innovative and easy-to-use software and services will give them the edge over their competitors, open up new revenue streams and enable a direct relationship with customers.

Yet, adopting a whole new way of working — especially in a sector that has remained largely the same for decades — is going to be a difficult transition for some. To make the most of the opportunity that connected cars offer, OEMs need to engage customers and work with developers, enablers and third parties to offer customers the apps and services that they increasingly expect in their vehicles.

Despite the massive growth in IoT services — not to mention the explosion in software and application development over the last decade — right now connected car development is still considered to be a relatively niche field.


Online developer communities are notoriously hard to penetrate from outside organizations, like car manufacturers, as many developers perceive big business as going against the free and open source culture that is intrinsic to the creativity, discovery and innovation that developers value so highly. And it makes sense that the open source culture is so revered — it is this aspect of app development that makes it such an exciting field to be a part of. In contrast, big corporations can often be perceived as closed and bureaucratic, therefore stifling the very experimentation that leads to technological breakthroughs and discoveries.

A disconnect

It is this disconnect between the innovative and experimental world of app development and traditional, corporate car manufacturers (or at least this perhaps outdated perception of them) that is significantly hindering the development of connected car application development in a way that was not previously encountered during the development of for example smartphone or tablet applications.

As we are all aware, one of the central benefits of owning a smartphone or tablet is its ability to connect to the internet and utilize apps. Because this is a main function of owning a smartphone or tablet, the industries that produced phones were unlikely to have been seen as old-fashioned and impenetrable by developers. In addition, large companies like Apple and Google provided APIs from day one to enable developers to play around and create their own apps and businesses to launch and run using their product. This encouraged app development and it is now a booming industry in its own right.

The difference between a smartphone and a connected car, though, is that for many people a connected car simply represents what a car has always represented: a form of transport for getting from A to B. Any additional apps or services are simply beneficial extras, not integral to the vehicle itself and therefore not worth taking risks or sharing data for.

What this boils down to is that rather than developers tinkering around, experimenting and having fun with connected car app development of their own free choice — like they may have done in the past with smartphone app development, for example — they are holding back as they perceive the car industry to be too difficult to access and a closed and bureaucratic industry. Which in some cases it still is.

On the other side, carmakers have been fearful of sharing data with external parties like developers or startups that wish to work in the connected car industry due to the potential increased risk of cyberattacks or privacy breaches that this could create. If such a breach were to occur, it could have catastrophic effects on the carmaker and in turn its customers.

I hope you’ve enjoyed the first article of this three-part series looking closely at the disconnect between developers and car manufacturers. In my next post, I’m going to examine more closely how the roles of developers and manufacturers are changing, as well as discuss the increasing number of opportunities for the two to come together.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: