The Platform and Security Puzzles - MIT Connected Things Conference 2017

by Roy Murdock | 03/17/2017

The Platform and Security Puzzles - MIT Connected Things Conference 2017

VDC director Steve Hoffenberg and analyst Roy Murdock made their way through the crisp, chilly (19F!) Boston Monday morning to Cambridge to attend the MIT Connected Things 2017 conference. As usual, the event took place in the MIT Media Lab, giving attendees a spectacular view of the Boston skyline and the Charles River during breaks throughout the day.

Whereas last year’s focus had been on “hard problems” and the industrial/smart city verticals, this year’s conference centered squarely around two main concept: platforms and security.

Many of the leading IoT Cloud Platform-as-a-Service (PaaS) vendors were represented in full force:

  • GE Digital’s CTO, Harel Kodesh, gave the opening keynote, discussing Predix’s role in fixing sluggish industrial productivity.
  • SAP’s Head of Leonardo Predictive Maintenace, Alan Southall, gave another keynote emphasizing SAP’s new Leonardo IoT platform and analytics applications.
  • IBM Cloud Division’s VP & CTO, Mac Devine, also gave a keynote detailing how IBM Watson was benefitting from the growing market understanding of how cloud and emerging technologies can benefit embedded/IoT devices.
  • PTC’s VP of Strategic Marketing, Rob Patterson, spoke about ThingWorx and its massive partner network during the first panel session on IoT analytics.
  • MathWorks exhibited its ThingSpeak platform at a booth in the Atrium, demoing how the platform could be used to forecast and model math-heavy environmental events, such as the sea level off the coast of Cape Cod during a storm.

What is an IoT platform? Great question – the term is vague enough to allow almost any major vendor to market a bundle of software under the “platform” banner.

Technically, VDC defines an IoT Cloud PaaS to be a set of cloud-based device, data, and analytics management technologies, billed as a service, that allows users to build, deploy, and scale applications for IoT data analysis and IoT thing control.

In component form, this boils down 4 pieces of software that are outlined in the diagram above:

  1. Client software to push IoT data to the cloud (or an on-premise datacenter)
  2. Software framework for provisioning and load balancing of component VMs
  3. Host VMs that run on top of component VMs
  4. Applications running inside component VMs

Two major platform takeaways from the MIT Connected Things:

  1. APIs Add Windows to Walled Gardens: The idea of “partnering” is becoming meaningless. Every major player is now “partnered” with every other major player, and the lines between competitors have been blurred to the point of (almost) nonexistence. This is a function of the new API-powered nature of IoT applications, which allows app developers to mix and match services across competitors once-walled-gardens with ease. Think of an application flow that ingests data from a wind turbine with GE Predix, hands it off to IBM Watson for predictive maintenance analysis, then pushes it into an AWS database for time series storage and machine learning algorithmic training. Faint barriers still exist between vendors that are approaching the IoT platform space from the same background (IaaS players AWS and Azure, ERP player Oracle and SAP) but even these divisions are losing their relevance as vendors work to expand their platforms both horizontally and vertically.

  2. Two Leading IaaS Platforms Miss Out: Noticeably absent from the conference were 2 of the top 5 leading IoT Cloud PaaS vendors by revenue: Amazon (AWS IoT) and Microsoft (Azure IoT Suite). Interestingly, both of these vendors approach the platform space from an IaaS background, with the ultimate goal of pulling more data into the services attached to their IoT offerings. Their competitors (and partners) are putting in a lot of the work required to educate the market, and they are missing opportunities to gain mindshare with technologists, academics, and potential customers. IBM, which offers its own IaaS services through SoftLayer, stands to gain the most from Microsoft and Amazon no-shows. The other major IaaS player, Alphabet (Google), is a whole different story with no clear IoT offering in its GCP services portfolio.

We have demystified the IoT “platform” further in our recent IoT Cloud PaaS report, which sizes the market from 2016-2021 and identifies the 10 leading IoT platform vendors by revenue, outlining the strengths and weaknesses of each.

IoT Security
Security—or the lack thereof—in IoT devices was another major topic of discussion at the conference. One interesting tidbit of information came from the keynote of Harel Kodesh from GE, who said that 30% of Predix compute cycles were used for security. We don’t know whether that figure is representative of other IoT cloud services, but if so it indicates that in addition to the overt costs of security software and services, security has considerable hidden costs in the need to procure and maintain additional compute hardware, not to mention electric power consumption.

The conference concluded with two panel sessions devoted to cyber security, the first of which focused on issues in securing smart cities. Among the many topics discussed in that panel, Dr. Lan Wang, Chair of the Computer Science department at the University of Memphis, described a proposed future network architecture called Named Data Networking that could dramatically enhance IoT security by requiring every data packet to be cryptographically signed. (For an overview of Named Data Networking, see the Wikipedia page.)

Panel session on smart city cyber security (left to right: moderator Andy Catha, ARC Advisory Group; Dave Benton, Eversource Energy; Paul Carroll, City of Newport, RI; Brandon Freeman, Leidos; Dr. Lan Wang, University of Memphis; and Chris Walcutt, Black & Veatch)

In the final session of the conference, leading industry executives engaged in a lively discussion about security for connected products. The hottest topic was how manufacturers of low end consumer products can be persuaded to adequately secure their devices, minimizing the chances the devices would be co-opted into botnets such as those recently used in DDoS attacks against various Internet targets. The panelists suggested several approaches, including regulatory requirements, potential incentives, pre-vetted security software available free to device makers, and replacement of hard coded passwords with default passwords unique to each device unit. For VDC’s take on this topic, see our recently published document entitled Combating Botnets in IoT Devices.

Thanks to the staff and volunteers of MIT’s Enterprise Forum for again putting on this excellent event.


ADDRESS


TWITTER FEED