IoT is broken as an industry and will not fulfill its potential until there are structural changes to the ecosystem. It’s not just a name change that is required, but a fundamental shift from a consultancy/vertical business model which drives technical and commercial debt, to a product/horizontal world where best in class solutions win. OEMs and consumers need to be front and center of this ecosystem, not overcharged for second rate, one-off solutions that don’t meet their longer term needs. Security and ownership of data must be seen as a high priority, not undervalued and commoditized to the lowest common denominator, making us all more vulnerable to attacks.
During press interviews I now get called a veteran which means:
- I can play off the forward tee at golf
- I’ve experienced, won and lost a lot, learned from some of the best in the industry (from Grove to East and Rubin) from Intel vs. SPARC in servers, to the $999 PC with Intel/AMD, founded Linaro and smartphones where a small British company ARM became leaders and had many more failures and successes.
What this experience has taught me is that the first mover advantage is real, as long as you seek out industries with fundamental structural issues and offer solutions that enable cost and efficiency advantages to end users. It became clear to me, and a bunch of like minded people, that the industry with big problems was IoT / connected devices / edge.
The first controversy is what do you call this category? I personally dislike IoT and Smart (they should go the same ways as WAP and WiMAX), and instead I’ll use what these devices really are: Connected Embedded Secure Devices (CESDs). Some like to think this is a new sector, but in reality it has existed for many decades under “embedded”, and was never seen as sexy or really strategic to a great extent. That was until the internet came along with the ability to analyze data from any device, and then all these embedded devices became connected. And so the fashionable 1999 term IoT was coined. I just prefer to call the sector what it is, so to me it’s CESD.
The CESD industry has some unique features which differentiate it from other sectors. Its business models reflect a traditional way of thinking and the players are deeply entrenched in their solutions. Talented engineers tend to have a different skill set to other sectors (smartphones and medical devices are very different), but with most graduates focusing on the “trendy” cloud businesses, this is leading to an expertise gap. This chasm cannot be closed quickly, so structural industry reform creating platforms are needed to achieve secure, optimum solutions. This leads to an imbalance where you can analyze data in the cloud, but have no idea if a device is secure, maintained or even functioning correctly because few developers really know how to design or manage CESDs.
The integrity of a system is only as good as its most insecure point, and edge devices need to be as good, if not better, than the cloud.
The ubiquitous nature of what we call IoT is still leaving many doors open to hackers who are breaking into networks, from high profile attacks on hospital video surveillance to exposing the threat of potentially taking control of moving vehicles. According to Enterprise Apps Today's recent report, 60% of surveyed firms have said that they have suffered a data breach at some point in time, with 30% having experienced at least one breach in the past year.
Security is undervalued in this CESD world, and this will come back and bite a number of OEMs (some have already been bitten). With PC and smartphone, the consumer and business usage models were the primary business drivers, so security was built in. With most embedded devices, a main driver is cost; as security is hard and expertise is limited, it’s often overlooked or ignored, or consigned to the “I hope we don’t have to deal with that while I’m on the project” pile.
But with every hack, the whole ecosystem takes a hit. Most governments know this and are starting to legislate, but this is too little, too late. Security needs to be thought of as much on day-one as on the last day of the lifecycle. Businesses and consumers will ultimately pay a heavy price for OEMs and chip companies not valuing people's data. It’s the ultimate insurance problem: put security in your house at the time of building and pay less over time, or pay a much higher premium over its lifecycle. The consumer pays for data breaches because OEMs cannot —or will not— address the issue upfront.
Statistica's recent report claims 60% of all current IoT devices are in the consumer segment. The increasing number of connected devices in the average unsuspecting consumer's home leaves every one of us potentially open to attacks. Security must be king, and data ownership needs to be treated as the precious commodity that it is.
IoT today is a very vertically integrated business with lots of repetition of non-value added tasks driven by consultants who get paid to make unique solutions, not products; insecure solutions that are easily hackable, and a very inefficient business model. One of the things I learned early on from Andy Grove is that the most efficient and effective industries are driven by a horizontal not a vertical ecosystem. The end consumers get a better product, the OEMs become much more efficient and the competition at each layer drives the industry faster. Look at the phone apps market which wouldn’t have existed without IOS/Android, or how Red Hat and Ubuntu totally revolutionized the server/cloud software by taking a complex problem and making it simple for OEMs and developers. They all enabled a better horizontal ecosystem by providing easy to use building blocks replacing suboptimal in-house designs. The problem for what I’m calling CESDs is there has been no equivalent solution.
The problem at first seems insurmountable: how to create a horizontal platform that supports every OEM’s unique solution, provides security for a device lifecycle, enables OEMs to pick best in class solutions, allows end users to own their data, and to do this in an efficient way that is 5-10x cheaper than their current solution.
But what I do see coming is a wave of manageable devices, delivering what the consumer really wants: ease of use of their own fleet of devices. This is not six gateways in the home or a factory because I have six apps I want to run, but one gateway that truly is the one device that all apps work in and alongside. Like Matter, but cross-industry. Without this new business model and implementation, CESD will fail to deliver on the promise of ubiquity and will fall back into the non-sexy category again. There is a window of opportunity where demand is right, platforms are ready and the consumers need change from an industry.
The Foundries.io team is warming up ready for CES in Las Vegas, NV. We'll be there from Jan 5-8th and I'll be keen to expand on everything I've touched on here. Let me know if you'll be attending and let's find a time to discuss my thoughts and yours. You can contact me at [email protected] or book your preferred meeting time.