exploiting-the-internet-of-things
TRANSCRIPT
What is a responsive website and do you need one?
© Scorchsoft.com Exploiting the internet of things Page | 1
EXPLOITING THE INTERNET OF THINGS
These days everything is connected. This eGuide aims to give you the most important information that you will need in order to take advantage of the internet of things (IOT). The internet of things is the concept of building internet connectivity into every day products and services.
Suite 306B, The Big Peg,
120 Vyse Street, Birmingham,
West Midlands, B18 6NF
www.scorchsoft.com
+44 (0)121 4690009
What is a responsive website and do you need one?
© Scorchsoft.com Exploiting the internet of things Page | 2
7
WHAT EXACTLY IS THE INTERNET OF THINGS?
Market Statistics
There is predicted to be 26 Billion
internet connected objects by 2020 (source)
China’s government is expected to
invest more than $600 Billion in
the Internet of Things through to
2020 (source)
IOT: The Concept
To put it simply, the “Internet of things” (IOT)
is the idea that all products and services are
connected to t he internet in some way. You
will already be familiar with smart phones and
computers having internet connectivity, this
just takes things one step further by bringing
internet connectivity to other device types that
aren’t normally online.
By bringing connectivity to new products you
extend their capabilities, drive unique
differentiated value and have the opportunity
to introduce new lucrative business models.
By reading this document we hope to leave
you much better informed about how to
approach connecting your products to the
internet. We will be covering the common
questions that we hear around security,
scalability, costs and implementation
approach.
What is a responsive website and do you need one?
© Scorchsoft.com Exploiting the internet of things Page | 3
It’s often the case that you may already have a product or device that you have successfully
commercialised and brought to market in your own way, without the need for internet connectivity.
Before getting into the technicalities of exactly how to implement an internet of things product, it is
wise to first evaluate the business case for it. Most importantly how the IOT effects the following:
The differentiated value that you can deliver to your customers.
Costs that can be saved.
Processes that can be streamlined / improved / error removed.
New business models that can be implemented (e.g. monthly subscription models).
To answer some of these questions you should first understand the possible benefits that can be
had from leveraging the internet of things with your products/devices:
Where to begin
Real time monitoring
Many products need ongoing maintenance.
Being able to check and monitor devices
online from any place can reduce engineer
workload and improve response rates to
faults.
Real time notifications
Events that happen on your device can
trigger events as and when they happen
such as sending an email or SMS
message.
Remote control
It isn’t just about sending data off to a web
dashboard, you can also leverage 2 way
communications to your devices. For
example you could change a devices
settings, or restart it from the other side of
the world.
Hardware and software as a
service
As everything can be controlled and
monitored via a central server this can give
you the ability to charge for access to your
product on a monthly basis. Should a user
end their subscription then the device or
service can be automatically switched off.
Machine to machine triggers
If you have a web service that allows for 2
way communication to your devices, then
you can create an application interface
(API) into it that allows for other online
services to automatically communicate and
pull data about your devices or users.
For example you may want your CRM
system to know when a user’s device last
failed, or you may want your device to know
about data that you have stored in your
internal ERP system. You could even put a
button into a spreadsheet that makes your
device to something when someone
presses it.
Big data analysis
In collecting lots of data you have the
potential to learn things about your products
and services that would otherwise not be
possible. For example, trends in data may
be able to indicate when a fault is likely to
happen, or even when a customer is likely
to want to repeat-buy. This is an intangible
benefit where the opportunity grows with the
diversity of your data.
What is a responsive website and do you need one?
© Scorchsoft.com Exploiting the internet of things Page | 4
Crude IOT structure
This is a crude representation as to how your average internet of things device will look from an
architectural perspective.
The device that you want to connect to the internet will have to have a means to do so, this is
typically done by adding a piece of network connected hardware (WIFI / GSM / 3, 4, 5G) to it. This
device reads data from the product and sends it in a standards compliant format to a web services
API (application interface, think of it like a shop keeper into your system) over the internet. The API
accepts the data and stores it or processes it within the web service. Once the web service has the
data it is able to display information, metrics and controls to the end user via an app or website.
There are many possible adaptations to the above structure to deal with topics such as spreading
load over multiple servers or content delivery networks for global distribution, or other methods of
communicating with the end user (e.g. push notifications). From our experience it is a good starting
point to build upon as it clearly separates the roles and responsibilities between the
hardware/product, software and web development teams.
What is a responsive website and do you need one?
© Scorchsoft.com Exploiting the internet of things Page | 5
Security Considerations
With any system connected to the internet, there are security risks (and security is key!). If the parts
of the process where your device connects to the internet are not secure then there is a risk that
someone could use these an entry point into your product or system. This could allow a hacker to
read data from other peoples’ devices and data, or worse control someone else’s device from a
remote location. Just imagine the implications of something like a cooker being turned on and left
on. Here are some ways to tighten up the security of your internet of things system:
Fall-back mechanisms
This is often the most overlooked but from
our perspective most important security
consideration. Plan for the worst case
scenario first and have a system in place
that expects it to happen and deals with it
even if it never does.
For example with the cooker being turned
on, you could have a mechanism on the
device itself to always automatically turn off
if it has been switch on for an hour or more.
Then have a process to not allow a cooker to
be turned back on that has already been
switched on for a long time.
This way even if the system were to be
hacked the fall-back mechanism would
reduce the likelihood that the exploit could
be used with malicious intent.
Encrypt your messages
There are proven methods to encrypt the
messages being sent to and from a device
once a secure connection has been made.
HTTPS (TLS/SSL) is one example used to
secure connections between a user’s web
browser and your web application over the
internet.
If data is properly encrypted then it is
extremely difficult (as in it could take
thousands of year years of computation time
to crack) for someone to decrypt and read
the data being sent and received.
Securely authenticate access
credentials
In the same way that you need to enter your
username and password to log into a web
service you can have a similar process to
allow your web service to securely
communicate with your devices. Unless
someone has the right login credentials they
cannot communicate with the device.
This is supported by the message encryption
topic as encryption ensures that nobody can
read the password data being sent to the
device as part of the authentication process.
Zone restriction and other checks
There are other general checks and balances
that can be done to further tighten the security
of the system and make it harder to gain
access. The idea being that the more tick
boxes you have, the harder it is to lie to tick
them all. Here are some examples of things
that can be checked:
Unusual behaviour (e.g. frequency of
messages sent).
IP address (The location of the
communicating device on the internet)
Message formatting and size (is
everything structured correctly)
For more common checks you may be
interested in the OWASP web service security
cheat sheet.
What is a responsive website and do you need one?
© Scorchsoft.com Exploiting the internet of things Page | 6
Though there is often the ability to generate recurring revenue streams, there are also up front and
recurring costs that you will need to consider in your commercial plan. Here are the typical main
ones:
Planning for new costs
Product cost of sale
Your products will need to be extended to
have monitoring internet connectivity
capabilities at a hardware level. This means a
higher cost of manufacture per unit.
Internet, data & carrier
If you are able to connect via WIFI then you
may be able to avoid these. If your device
connects over the telephone network then you
will need to consider the monthly costs
associated with line rental as well as the
variable costs associated with the amount of
data being sent and received. You may also
want to optimise or place limits on the amount
of data transmitted to stop these costs
growing higher than expected.
Server architecture
As a web service is responsible for reading
and communicating with your devices this will
need to sit on a web server (or architecture of
servers). As the number of devices
communicating and the number of users using
the service grows, so will your requirement for
more data storage and faster servers.
Merchant services
If you are automatically taking online
payments then you will need to pay a
percentage of these to your bank or merchant
services provider. This normally works out at
1.5% - 3.5% per transaction depending on
provider, nature of service and sales volume.
Maintenance and development
The software layers that sit on the device
and the web service need to be written. In
general this is considered to be an upfront
cost however you should also plan for the
ongoing maintenance work that is likely to
be needed on the software. It can vary but
typically we would recommend that you
plan for approximately 15-20% of the
projects build cost in maintenance over
the course of each year. You should also
plan for the ongoing development work
required to support continuous
improvement of the service alongside
your product lifecycle.
Insurance
You will need to make sure you are
properly insured to create an internet of
things application aligned with your
product. Some products or business
models may be cheap to insure however it
will depend on the risk associated with
what would happen if the security or
system failed in some way.
Support and training
You should try and reduce the need for
manual support and training as possible
by having a great user interface design
and digital support resources. However,
you are developing software that allows
users to interact with your products. In
doing this you will naturally introduce the
need to support and train your users.
What is a responsive website and do you need one?
© Scorchsoft.com Exploiting the internet of things Page | 7
Phasing it in
Once you have decided that you want to build internet connectivity into your product there are a few
steps to take before it will be ready deploy into the real world. Here is a high level overview of a
typical pre-launch process:
Decide on core functions
What data do you want your device to report?
How do you want your web service to be able to
interact with it? Why? What value are you driving
to your customer?
You need to answer questions like this first
before you can plan around how to enable them.
Plan the product extension
In general it is much harder make changes to
the way that the hardware and software function
on the product itself compared with the web
service that is interacting with it. Getting the
structure of this right first will ensure you don’t
run up large unforeseen costs later. That being
said you should also design with change in mind
in case you need to build in a new feature or bug
fix before (or even after) launch.
Decide on your transport
mechanism
Is the device going to connect via cable, WIFI or
3/4/5G? Have you considered the costs of each
option? If you are going the sim card route then
you will need to negotiate with network providers
(potentially globally) based on your predicted
data usage. To do this you will need at least a
rough idea of the structure and amount of data
that is needed to be send to/from your device
and the central web application
Design the web application
With the capabilities of the device identified you
can now move onto planning how this will be
represented via your web service. You should try
to do this before developing internet connectivity
functions into the product as you may identify
useful functions or features that you had not
thought about. These idea may require
extensions to the hardware or software sitting on
the product.
Development and prototyping
At this point hardware and software development
on both the device and web service can begin.
This process should be iterative, agile and
involve a lot of prototyping. Hardware, software
and web teams should have the means to
communicate with each other quickly to prevent
stalling the development process.
Beta testing
If possible you should provide prototype
hardware and access to the web application to a
group of real world users. This is an opportunity
to see how the new device connectivity works in
the real world and to identify issues that can be
corrected before the public launch. You should
also run tests to cope with the predicted real
world load on your infrastructure.
Supporting services and materials
When the product hits the ground running you
need to make sure that you have the business
structure and support materials in place to
facilitate a successful launch. Staff need training
and your public facing website should contain
resources and materials that help new customers
with any support queries.
What is a responsive website and do you need one?
© Scorchsoft.com Exploiting the internet of things Page | 8
Looking to embrace the internet of things within your business?
All of the research points to it: The internet of this is a
massive growing opportunity as we move forwards
into the future. If you bring products and services to
market that aren’t internet enabled then how can you
afford to not explore this avenue? Especially
considering it is also an option open to your
competition.
Scorchsoft are a digital development agency with
experience implementing global ‘internet of things’
services via both web and mobile techologies.
Would you like help in enabling your products to be
part of internet of things? Even if it is just exploratory,
please don’t hesitate to email us on
[email protected] or call on 0121 4690009. We
would be happy to help you develop and implement a
successful IOT strategy.
The Internet of Things is a $19
trillion global opportunity over
the next decade. (source)
The global internet of things
market is expected to show a
compound annual growth rate of
31.72% from 2014 – 2019 (source)
By 2017 the average mobile user
will provide data streams to over
100 apps and services every
single day. (source)
Telephone
+44 (0)121 4690009
Registered Address
Suite 306B, The Big Peg 120 Vyse Street
Birmingham, B18 6NF
Company Number
07246693 Registered in England and Wales
twitter.com/Scorchsoft
Linked-in
linkedin.com/company/scorchsoft-ltd
Enjoy this paper? Download more at scorchsoft.com/papers
EXPLORE
OUR
CAPABILITIES
Click the above picture to view our capabilities