The ultimate

guide to
implementing
IoT
Implementations, risks, and rewards for
your business.

CLOUD
CREDENTIAL
COUNCIL
The ultimate
guide to
implementing
IoT
Implementations, risks, and rewards for
your business.

Copyright © 2019 Cloud Credential Council

All rights reserved. No part of this publication may be reproduced, distributed, or transmitted

in any form or by any means, including photocopying, recording, or other electronic or

mechanical methods, without the prior written permission of the publisher, except in the case of

brief quotations embodied in critical reviews and certain other noncommercial uses permitted by
copyright law. For permission requests, write to the publisher, addressed “Attention: Permissions

Coordinator,” at the (email) address below.

Cover design by rawpixel.com - www.freepik.com

Cloud Credential Council

228 Hamilton Ave

Palo Alto, CA 94301, USA

[email protected]

https://www.cloudcredential.org
Contents
Introduction 5
What is IoT 6
The near future 8

Challenges 9
Requirements 11
Implementation 13
Clearly set your business objectives 15
Selecting an IoT Platform 27
Gather useful data 33

Risks 41
Failure of Implementation 42
Internet Failure 43
Security 43

Rewards 49
Final words 52
 “
IoT is a digital
technology
revolution that is
even bigger than the
industrial revolution.

 © Cloud Credential Council Page 4

 Introduction
IoT is a digital technology revolution that is even bigger than the industrial
revolution. The Internet of Things is one of the most palpable consequences
of the Fourth Industrial Revolution, of which we currently are in the
early stages. Just as it happened during the previous revolutions, early
adopters, professionals able to create or adapt their business around the
new technologies, will ensure their competitive edge during the following
decades. As always, knowledge is power.

The keyword of the decade was “disruptive” from Netflix to Uber and
Airbnb. New technologies disrupt markets previously thought to be stable
and straightforward. It is creating organizations that are able to challenge
decades-old established industries with less than one-thousandth of their
competitors’ capital.

In order to adapt to this new situation, or even becoming a disruptor

yourself, one of the most critical concepts to understand and to implement is
the Internet of Things (IoT).

This whitepaper will focus on the benefits and the challenges you may face
during the process of implementation of IoT.

Page 5 © Cloud Credential Council Introduction

01
What is IoT
It is important to know the meaning devices can communicate and interact with
of “Internet of Things”. According to others over the Internet, and they can be
Wikipedia, IoT is the extension of Internet remotely monitored and controlled. Let’s
connectivity into physical devices and break that down:
everyday objects. Embedded with
First, IoT is about connectivity. All your
electronics, Internet connectivity, and other
things are connected through the internet.
forms of hardware (such as sensors), these
Things refer to any physical object that can

What is IoT © Cloud Credential Council Page 6

be uniquely identified (by URI or Unique Resource Identifier) and that can send/receive
data by connecting to a network. Examples are buildings, vehicles, smartphones, shampoo
bottles, cameras, etc. They can be connected among themselves, with a central server, with
a network of servers, with the cloud, or a mix of it all and more.

Second, IoT is about information and communication. Everything is sharing

information to their designated endpoints either other things or servers. They are constantly
sending information about status, actions, sensor data, and more. All of them with their
unique ID attached, so that it is possible to know where the data came from.

And finally, IoT is about action and interaction. These last two concepts define the core
of what IoT is: connection and information sharing. However, all that data isn’t generated
just to be stored somewhere and forgotten. It has to be used for something. And that use
can be automation: computers using the data to automatically (or even autonomously) make
decisions and, for example, with the help of Machine Learning, act. And that usage can
also be monitoring: letting people know the state of something or some process. The people
may be the users of a product or the overseers of for example a production line.

There are two types of IoT: CIoT and IIoT. The difference is that CIoT often focuses on
convenience for the “Customer”, whereas IIoT is strongly focused on the “Industry” and
is more system-centric. Its focus is on improving the efficiency, security, and output of
operations with a focus on Return on Investment (ROI).

How is it different than, say, using a Programmable Logic Controller (PLC)?

The difference is the Internet. A PLC is limited by the number of inputs and outputs, distance
of cables, processing power, and internal storage.

With IoT the number of inputs and outputs is unlimited, and processing and storage can
be delegated to the cloud, to edge computers (that is, decentralized and localized), to
smartphones, or a combination of the above. This makes IoT much more flexible and
scalable.

The near future

Aside from the advances in Artificial Intelligence (AI) and Machine Learning, there is
another technological advancement nearing its implementation that will also provide many

Page 7 What is IoT

advantages to IoT: the fifth generation of wireless, popularly known as 5G.

The current generation, 4G LTE allows on average up to 1 Gbps of Internet speed, a great
jump from the limit of about 50 Mbps of late 3G (even though early 4G allowed only up to
100 Mbps).

5G, on‌‌the‌‌other‌‌hand, eventually allows more than 20 Gbps of speed, and internet devices
such as routers will be much more optimized. With the expansion of IoT to everyone’s daily
lives, soon tens or even hundreds of billions of devices will be connected to the internet at
any time.

Summarizing it all, we could say that the definition of IoT is: connecting devices so they
can exchange information in order to perform and optimize actions and processes. It can
be implemented as something as simple as lights that turn on when they detect that your
smartphone has connected to the Wi-Fi, or as complex as traffic lights that base their state
on real-time traffic data.

What is IoT © Cloud Credential Council Page 8

 02
Challenges
With new technologies, there are always infrastructure, et cetera;
potential issues related to lack of maturity
• Security: all your data will be sent to the
and adoption that have to be kept in mind
cloud or to in-house storage via network
while considering implementing it, such as:
connectivity. With everything connected
• Investment costs: it involves adding new to the internet that means you have yet
hardware, modifying existing ones, another security concern in your facilities,
hiring specialized personnel, building aside from hacking into storage servers

Page 9 Challenges
 and administration computers: hacking into the devices themselves;

• Infrastructure: obtaining and implementing all the technological and communication

infrastructure, such as databases, Wi-Fi or network coverage, fast internet, and systems
designed for handling IoT;

• Obtaining hardware: in order to meet the needs of the present and future (which cannot
be predicted), systems need to be flexible enough to evolve and adapt. Open integrated
hardware and software platforms, and a real-time network that can scale with new
technologies would be required to adapt to the changing requirements over time.

These challenges will be covered along the way, in order to give a better understanding of
their current state and how they may affect your business, if at all.

Challenges © Cloud Credential Council Page 10

03
Requirements
Industrial IoT requirements can be specified • Access: Another IIoT requirements is its
as follows: accessibility from anywhere and anytime.

• Cloud Computing: Cloud computing • Security: Security is an important factor

enables storage and processing of that forms a part of IIoT requirements,
unstructured and structured data into real- since confidential and sensitive
time information. information are exchanged across the
businesses.

Page 11 Requirements
• User Experience: The more seamless the User Experience (UX), the greater the use of
IIoT systems.

• Smart Machines: Smart machines form the basic components or the starting point
from which all connected things can be derived.

• Asset Management: Managing assets through cloud-based services ease the

functioning and maintenance of IIoT systems.

• Big Data Analytics: Analysis of big data provides intelligent information, an ideal
requirement for industrial purposes.

Requirements © Cloud Credential Council Page 12

04
Implementation
It is important to ensure not only that you It could also enhance your existing products
know how to implement it, but what to and services by adding new features and
implement it for. This way you ensure that IoT possibilities -- and even create new business.
will improve your business in a way that will
not only repay the investment but open the
possibility for higher cost-efficiency of your
existing service, product or production line.

Page 13 Implementation
Implementation © Cloud Credential Council Page 14
 Step
01
Clearly set your
business objectives

If you do not have the knowledge yourself, you

can reach out to specialists, engineers, and
experts. They can better help you figure out if
IoT requires an investment that you can cover in
the short term. Together you can figure out if the
returns end up being at least as much as what
older, more established solutions provided.

Page 15 Implementation
Clearly define what you want to achieve with the help of IoT. You have to figure out and
state plainly:

The problem you are looking to solve;

• What do you want to achieve by solving it:

• In the short term;

• In the long term.

• What is the best way to solve it.

It is also advisable not to start with an “all in” implementation. IoT can more easily be
implemented gradually, restricting it to the amount of capital you’re able to expend every
month or year on process optimization. For example, start with data gathering, then add
data analysis, then start acting on the data, and just then start automatizing processes
based on the data being gathered. You can even add machine learning later on if you feel it
could help you.

For example, let’s say you’re having problems with logistics: your factory
fabricates many different parts and assembles many different products in the same space
concurrently. In order to better organize everything, every part and the assembled product
has a defined space where they are neatly stored. As you already noticed, that is very
space-inefficient, and hauling from a line to storage or from storage to another line may take
a long time. But if you put everything together, they would be harder to sort out.

What is the problem? Inefficient logistics inside the factory space.

What do you want to achieve? Space, time, and, of course, cost efficiency.

• Short term: free up more space for more lines, more efficient use of personnel.

• Long term: add more lines, automate the process as much as possible.

How can that be solved? The spacial position of each object or group of objects (as
well as their amounts) can be stored in the cloud, and whenever one must be retrieved
or stored, the closest idle person (or robot) can be tasked with hauling it to or from a
predetermined position.

If you use Uber, you already see something similar happening: when you request a car to

Implementation © Cloud Credential Council Page 16

pick you up, the app uses your position to signal the closest drivers, who can then choose
whether to take the job or not.

Page 17 Implementation
Implementation © Cloud Credential Council Page 18
 Step
02
Research tested IoT
use cases

IoT is relatively new but exists for long enough

to have gotten well developed and established
in some areas. The number and variety of
enterprise IoT initiatives are growing, which
means there is already a number of compelling
use cases.

Page 19 Implementation
After identifying your problem and goal(s), you should check if they fall within some of the
more common use cases of industrial IoT:

• Preventive Maintenance: keeping track of the status of the amount of wear, damage
of parts, oxidation as a way to prevent irreversible or expensive damage;

• Automatic Refilling: tracking fuel and oil levels, as well as filter effectiveness, so that
they can be refilled or replaced before they are used up, allowing continuous operation;

• Resource Micromanagement: constantly measuring the usage of energy, water, and

gas, so as to avoid waste and allow better use of resources;

• Asset Tracking & Management: both examples used above fall into this. It consists,
as the name suggests, of tracking assets: objects, vehicles, even people;

• Environmental Monitoring: getting data on the environment, such as humidity,

pollution, water quality, soil humidity, temperature and such;

• Design for IoT: a new product aimed at consumers, business or industries designed to
have built-in integration to IoT networks;

• Access Control & Security: controlling access to physical, digital or network space to
better make use of labour time;

• Process Control & Optimization: getting data on process efficiency and applying it
to increase efficiency;

These cases, among others, have already been tested and applied successfully in other
companies or industries, and as such, they are easier to implement. Once you have your
problem defined, you should investigate if your problem falls into one of the already
established and tested IoT solutions, meaning the implementation will cost less than if
experimentation and tests were needed.

Implementation © Cloud Credential Council Page 20

Step
03
Decide on the correct
hardware

When you decide to go ahead with adopting

IoT technology, it is time to figure out what
will be involved in it. That is figuring out every
device or asset that will be integrated into the
network.

Page 21 Implementation
This hardware consists in its most basic form of sensors, that is, devices used to provide data
on something, such as weight, volume, temperature, humidity, color, pressure, sound, vision,
etc. The data gathered by the sensors then must be sent somewhere over the internet. this
means another type of hardware required is connection devices, used to connect the data-
gathering sensor or other hardware to the network used for IoT. Other devices that may be
involved include edge computers and actuators. What needs to be used depends on what
you want to achieve. Nowadays, New gateways and protocols are specifically designed for
IoT use, e.g. Zigbee, Z-wave, 6LoWPAN. Not all devices run on these different protocols. So
be aware of connectivity and interoperability before you commit to a purchase.

Sometimes just adding the necessary modifications to existing equipment may be enough.
Other times, they may have to be replaced by ones designed for IoT.

In general, the sensors need to be low energy devices in order to maintain operable for a
long period without having to replace energy sources.

Let’s take the logistics problem used before: in this case, every part, every hauler,
every production line’s start and endpoints and every robot, later on, will be connected to
the internet.

Every hauler, human or robot, would need to be tracked by GPS or any other position
tracker. The spacial position of every storage spot would have to be tracked by the network,
as well as the position of every part: at the end of a line, being hauled, stored, at the start
of a line. Simple motion sensors may be enough. Or maybe each part may need a unique
ID, like a QR code. It all depends on the complexity of the problem.

Implementation © Cloud Credential Council Page 22

Step
04
Selecting IoT Tools

The internet is the foundation of IoT (so make

sure you have a high enough internet speed!),
but the IoT devices are what make it useful: they
are constantly working for you, doing what you
tell them to do, in order to make your business’s
process more efficient.

Page 23 Implementation
An IoT device is any device that is able to be connected to an Internet network in order to:

• Gather sensor data, process it, and send it through the Internet to its designated
endpoints;

• Receive commands through the Internet in order to control actuators and do a task or a
set of tasks;

• Or do both.

The information presented in the “Hardware” step involves turning common devices into IoT
devices, through the addition of sensors and other IoT devices, such as the development kit
used for prototyping.

There are currently a number of IoT-oriented devices that allow the device to “get used” to
the user’s habits, predicting their wishes and warning them in case of any problem noticed.
These out-of-the-box devices are more commonly employed for consumer use (that is, to
create the so-called “Smart Homes”), but some may also be useful for your use case.

Some examples are:

• Smart thermostats, lights, locks, appliances, among others (control by phone and
machine learning);

• IP cameras (cameras that can connect to the phone through the Internet, sending video
data and receiving commands to change where it is looking to);

• Drones (although some drones are manually controlled, modern ones feature self-
stabilization, Internet connection, and can send camera data through the Internet, aside
from some being controlled algorithmically);

• Voice controllers (such as the Amazon Echo and Google Home);

Not all of these may seem interesting from a production standpoint, but some businesses
have found interesting uses for them, such as Amazon and their investments into delivery
by autonomous drones. IoT cameras may be a good addition to ensure security inside the
physical part of your business even remotely.

In our example, the IoT devices would be the end-of-lines and start-of-lines, the GPS
devices attached to the haulers (or another kind of location tracker), and, later on, the

Implementation © Cloud Credential Council Page 24

hauling robots. In this case, the devices attached to the line would be “adapted” to IoT,
while the others would be devices specifically designed for IoT.

Page 25 Implementation
Implementation © Cloud Credential Council Page 26
 Step
05
Selecting an IoT
Platform

An IoT platform is the software used to control

and centralize every aspect of the IoT network
and its connected devices, including sending
commands and gathering data, commonly
by means of cloud integration. It can either
be custom made in-house or obtained from a
specialized supplier.

Page 27 Implementation
Whatever the route for obtaining, it is the foundation of the network, meaning everything
else will have to be designed around it. There is no need to consider getting a robust
one before the prototyping stage, but it is needed for long-term operation of the IoT
implementation. However, you need to bear in mind that every time the IoT platform is
replaced, most of the software aspect of the implementation must be changed as well: the
IoT platform defines how everything communicates and how data is handled. Changing it is
a very costly process.

On the other hand, as soon as it is ready and set up, implementing IoT itself gets much
easier: it’s a matter of setting up connections and protocols for communication throughout
the facility, following the platform’s guidelines.

Implementation © Cloud Credential Council Page 28

Step
06
Prototyping and
Implementing

Before starting implementation, gather a team

from various departments to think it through
thoroughly. IoT involves many different systems
interacting with each other, meaning you will
need people with different expertise throughout
the project’s inception, design, prototyping,
implementation, and incrementation.

Page 29 Implementation
Some of the experts you may need in your early IoT team, depending on your needs (that is,
an industrial setting, a farm, a service, etc.), include:

• Computer Engineer: a computer engineer specialized in embedded firmware, to

design and implement firmware programs for embedded systems, so they can receive
and transmit sensor data;

• Software Engineer: to design and implement computer programs to deal with the
network and the data gathered;

• Electronic Engineer: to design circuit boards to be used in the systems;

• Mechanical Engineer: the one who has knowledge of machines and other
mechanical components, including their limitations;

• Mechatronic Engineer: knows how to integrate machines and computers,

specializing in sensor use;

• Automation Engineer: deals with control and automation of production processes;

• IT Expert: to implement the Internet network;

• Manufacturing Expert: someone with knowledge of the production processes, their

needs and limitations, to guide the team to your needs.

• Telecommunications specialist: to deal with the variety of protocols, gateways and

new monetizing models from the telco carriers such as subscription models for IoT data
transfer.

With any project, there is something unavoidable: commitment is key. Implementing IoT
technology in your business is a project like any other, and should be treated as such. As
Cisco’s IoT Survey reveals, “60% of companies substantially underestimate the complexities
of building an IoT service.” So, decide on your outcomes, acquire the knowledge, carefully
design your implementation, then test it with a prototype.

Prototyping consists of using already available, less robust systems that can be easily
attached and removed as needed, in order to figure out what works and what doesn’t.
These can consist of hardware designed with IoT in mind, such as Particle’s Argon and
Boron (Development Kits, hardware aimed at the development and prototyping parts of IoT),
or even with an adapted Arduino and Raspberry Pi.

Implementation © Cloud Credential Council Page 30

If the initial results and the team’s input and cost estimates on full implementation are a
reason for optimism, then commit to it by implementing better hardware and platforms with
better quality, that is faster and more responsive.

After implementation, you may want to get some other additional experts into your team,
such as:

• Information Systems Expert: to handle data storage;

• Data Scientist: to analyze the data gathered;

• Statistician: to assist in data analysis and quality control;

• Computer Scientist: to implement machine learning.

Page 31 Implementation
Implementation © Cloud Credential Council Page 32
 Step
07
Gather useful data

The more complex the problem, the more

sensors you’re going to need to keep track of
everything. Fuel sensors, oil sensors, integrity
sensors, and more. That means generating
gigabytes of data every hour, every minute, or
even every second.

Page 33 Implementation
The usual tendency when facing large volumes of data is to discard everything gathered as
soon as it is used. After all, you would need a lot of storage space to store all of that, which
would add to the cost of implementing IoT.

That is the traditional approach to sensor usage: use the data, then discard. With new
technologies on data analysis, such as Big Data and Machine Learning, as well as cheaper
storage, cloud storage, and cloud computing, there is no need to readily discard it anymore.
It can be stored and used to further optimize your processes.

Ideally, the data gathered should be processed, interpreted and sent to a database, where it
would remain for a finite (or infinite) amount of time. From there, applications may be used
to gather it, compile it and analyzed by data analysts, to ensure quality and efficiency of the
processes, detect possible problems, and, of course, find ways to optimize them.

Bear in mind that this matter is much more technical than it looks. Every sensor has its
own type of output port (be it analog or digital), and its own output formats. Whatever is
gathering all the data will have to convert it to a specific format before sending it to the
server storing it, which may depend on the platforms used, IoT managing apps, database
type, and the technicians’ expertise. And the data gathering and storing will be done
continuously, along with applying it at the time of gathering, if needed.

Let’s take the logistics example again: the objective is to optimize time, space, and
cost.

After the initial IoT implementation was made, and the spatial distribution of storage and
production lines were adapted to it, it is time to figure out how well this new paradigm is
working. From the sensors’ raw data, attached to time data, it is possible to know exactly
how much time it takes to haul a part or product between destinations and compare it to the
time it used to take.

GPS data may also be gathered in the same way, generating traffic data for the company,
detecting bottlenecks and possible ways to make the whole production process more
efficient. If the position of machines and production lines ever needs to be changed, this is
also a good way to determine if the hauling became better or worse, and how it can be
further improved.

Implementation © Cloud Credential Council Page 34

Step
08
Apply cold and hot
path analytics

Cold path analytics is generally the name given

to the decision-making process focused on the
long term. It consists of storing all or part of the
data gathered by the sensors and interpreted or
converted by computers or embedded systems,
and analyzing it afterward.

Page 35 Implementation
From this data, it is possible to know the status of your assets, production, resources, and
systems over time, including the data being gathered in the present. It is the analysis done
by data scientists and machine learning software to figure out what needs to be changed to
make everything more efficient.

In our example: the process of gathering and analyzing the data on time between
hauling steps (that is, between retrieval and delivery), as well as the traffic data of the
haulers’ paths from one place to another is the cold path analysis in this situation.

All of that would be stored in the long term and could be analyzed and re-analyzed at any
time. Allowing to see the effect that any changes on the work-flow may have on hauling
efficiency.

Hot path analytics, on the other hand, is a decision-making process that must be done in
real-time, not by people, but by automated processes.

It is commonly implemented for safety measures: if something goes beyond its safety
level, everything may have to be shut down at once. You can’t trust someone’s judgment
and reflexes to do that fast enough. It is something to be pre-programmednto the edge
computers, or even straight into a circuit board, in order to provide the least amount of
delay between measurement and action.

In our example: although not as critical as it could be in a chemical industry or health

setting, the decision of where each item must be placed, and who or what is to pick up the
item, must be done as fast as possible, so it would be delegated to an algorithm.

Implementation © Cloud Credential Council Page 36

Step
09
Implement Machine
Learning

Machine learning consists of an AI (that is, an

extremely complex and adaptable group of
algorithms) that is programmed to review data
in real-time, identify patterns in them, and,
depending on implementation, act on it.

Page 37 Implementation
Machine learning consists of an AI (that is, an extremely complex and adaptable group of
algorithms) that is programmed to review data in real-time, identify patterns in them, and,
depending on implementation, act on it.

The AI would take the place of or supplement a data scientist, analyzing data in order to
predict the need for maintenance, predict human behavior, among others, just by identifying
patterns in the data. A famous implementation of it is Siemens’s Internet of Trains, where
machine learning, together with IoT, was used to do preventive maintenance of trains and
train tracks.

Implementation © Cloud Credential Council Page 38

Step
10
Think about security,
security, security

In 2017 Equifax announced that 145.5 million

US citizens had their identity and credit data
exposed after a hacking attack. The information
leaked included even credit card numbers.
After months in court proceedings, it was
decided that the company would have to pay
200 million dollars in reparation, with affected
citizens eligible to get a part of that.

Page 39 Implementation
In 2018, the European Commission implemented the General Data Protection Regulation
(GDPR), a regulation in EU law that defines norms on how personal data stored by
companies should be handled and protected, also to prevent breaches such as Equifax’s
and to minimize the effects of a breach, in case one does happen.

To protect your business, many measures have already been developed. You can find
common solutions in the “Risks” on page 41 and for a more detailed approach, the CSA
(Cloud Security Alliance) has a complete set of guidelines on how to properly secure IoT
networks.

Implementation © Cloud Credential Council Page 40

05
Risks
As with any investment, there are always
risks associated. As said before, IoT is
a rather new technology with very few
standards, and few legacy equipment as
of today, which means that investing in it
is always riskier than investing in already
established and well-tested technologies.
Page 41
On the other hand, the potential that it has
of revolutionizing businesses of all types, as
well as everyone’s daily private life at home,
means that getting into it can lead to great
rewards down the line. Once you have
gotten a head start: your implementation will
be much more solid and stable than those
Risks
just starting to adopt it. Your competitiveness will rise incredibly quickly.

In order to give you a better understanding of what exactly is at stake when implementing
and maintaining IoT technology in this section, you will find some of the most common
causes of problems for IoT solutions and how to prevent them.

Risk 1: Failure of Implementation

Simply put, you may not be able to implement it into your business.

Maybe your production facility is situated in an area that does not have fast enough internet.
Without a fast and reliable connection, it is not possible to have reliable communication
between your things, much less continually send information to storage or analysis.

Maybe your objective requires many things to be done in small time frames. Preparing data
and sending it over, for example, Wi-Fi is much slower than using a PLC or a circuit board.
For most applications, the difference doesn’t matter. But if you need time precision and
immediate action, you may have to reconsider where IoT will be used, if it will be used at
all.

And, of course, maybe there is insufficient budget available. Say you have all the
expertise you need, developed a well-thought plan of implementation and the prototype
implementation works as expected. But then, when you estimate the budget for full
implementation, you realize it is beyond your investment budget, and it would not be
possible to do the implementation incrementally.

In order to meet the needs of the present and future (which cannot be fully predicted),
systems need to be flexible enough to evolve and adapt. Open integrated hardware and
software platforms, and a real-time network that can scale with new technologies would be
required to adapt to the changing requirements over time, making step 4 (Selection of tools)
and 5 (Selection of platform) difficult (but certainly not impossible) to complete.

These are all possibilities that you have to consider when looking for an IoT solution. That
is why you have to acquire the right IoT skills to know what works and what doesn’t when
it comes to costs and effectiveness. If you do decide to go ahead, do what you can to do
so slowly. If the costs are too great, remember: you are still in the project/prototype stage.
Scraping it during the process of complete implementation would mean much more money

Risks © Cloud Credential Council Page 42

lost. However, the only way to know whether it will work or not is trying.

Risk 2: Internet Failure

IoT brings yet another dependency into your business, alongside money, electricity, water,
maybe even gas and compressed air: the internet.

You might argue that business nowadays is already dependent on the internet: they share
files and user access through central servers, have online stores, customer support, websites,
along with other things. However, whenever the internet is down, there are still things that
can be done inside the business building: working on local files, continue production/
manufacture, etc.

But, if, for example, your production lines depend on IoT technology in order to function,
whenever the internet goes down, production will stop. Even if electricity is still running.
You might have an emergency plan in place for these cases but bear in mind that, after
becoming used to the automation for some time, we grow dependent on it.

Let’s go back to our example: without the internet, there would be no way to access
the cloud storage containing data on the position of each item, much less any way to know
where to put each item coming down the line. Production would have to be stopped while
the problem is sorted out.

Internet stability is critical. Confirm that your internet provider can offer you a fast and stable
internet before considering IoT for your business. It is critical for its continuous work.

Risk 3: Security
Security, however, is the biggest problem. When your business starts to depend on the
Internet, it develops another weakness: it can be invaded. That means something as simple
as a DDoS attack can shut down production, or a well-planned attack can give unauthorized
third parties access to all the data gathered by the sensors throughout the years or even your
customer’s information.

Having a security breach is the easiest way of making the news in a bad way. If you are
a big company like Google and Amazon, that isn’t too much of a problem. If you are

Page 43 Risks
a startup, this may mean your demise. Here are some breach scandals that gave some
headache to their CEOs (to say the least):

• The Amazon Echo Dot, Google Home, and recently Siri and Skype all
recorded users conversations, without their knowledge or consent, and sent it to
contactors for manual review. Engineers reviewed and confirmed what happened. Being
high-profile companies, this sprung the debate about privacy and espionage of private
citizens by companies;

• Geolocation company LocationSmart accidentally allowed users to discover the

location of every phone on any of five US carriers (including Verizon and AT&T) as well
as three Canadian carriers without the need for credentials. The location data was being
provided by the carriers themselves, which promptly stopped doing so upon news of the
breach;

• Routers from a number of companies (including major ones such as Cisco and
TP-Link) were found to house a virus implanted by state agents at least twice. Once, with
the VPNFilter, which was attributed to Russia by the Ukrainian government, that was
able to collect data on files being transmitted and execute commands, as well as the
Slingshot, which was present in routers for at least six years in a dormant state and was
capable of the same things as the VPNFilter, being attributed to the CIA by Wikileaks.

Some measurements are:

Endpoint Security

Endpoints are all the computers that receive data. Those may be edge computers, gathering
data in real-time from a group of sensors, in-house computers, receiving information from
those computers after being interpreted and through some kind of protocol, in order to either
store it locally or sent to a cloud storage and, of course, the storage computers and the
computers used by the data analysis team, which will later receive data from storage.

Endpoint security is the one you should be used to if you use computers on a daily basis:
anti-virus software, firewalls, anti-malware, etc. This will prevent malicious software from
both affecting your computers and spreading throughout your network.

However, consumer products most likely won’t be enough, you need something specialized:

Risks © Cloud Credential Council Page 44

the amount of data being received, processed, and then sent is very fast and can’t be
slowed down. The protection software needs to work constantly and shouldn’t interrupt the
flow of information.

Communication Protocols

To ensure that all data being transmitted inside the building was made by your company’s
computers and following your specifications, it is a good idea to establish communication
protocols: they are “digital bureaucracy”. A series of steps and actions done by a program
when initiating and terminating communication with another computer. Properly following
these steps means data transmission is done smoothly. Otherwise, there will be errors.

It is also possible to digitally sign every connection, such as is done with HTTPS pages
(you may have already seen the green mark Firefox and Chrome have been exhibiting
lately near the page’s URL). The digital signature is yours, and only you can access it and
implement it into the software.

Access Control

Authentication and access protocols are a must. They consist of creating different users in
a central server that can also be used in other computers throughout the building (or even
buildings). Everyone that is hired by the company should be tied to a single user in the
network that is restricted to a specific set of permissions and computers that are related to its
job. This also applies to the physical world: everyone should be restricted from using other
parts of the building unless needed.

This is a way of preventing people with malicious intent from accessing the information they
are not meant to access, and that way, preventing a data breach. The means to implement
this are many and frequently evolving, such as two-factor authentication, biometric scans,
access cards, digital certificates, among many others. Also, use secure passwords.

The central server should also be used to ensure access control in the network: it should
control and oversee the ports and data being transmitted inside the facility and also in
communication with the outside.

For communicating with external endpoints and helping secure the network in-house,

Page 45 Risks
there is also the option of using a Virtual Private Network (VPN), which creates a secure
and encrypted environment in the networks and allows encrypting traffic and masking IP,
securing your network against outside attacks and traffic interception. But bear in mind that,
if getting a VPN service, get a trustworthy one, or your data still won’t be safe.

Encryption

Transmissions can be intercepted.The way to prevent this is through encryption: the data,
in binary format, is passed through an algorithm along with a key, the encryption key.
The algorithm and the key will determine how the data will come out. And it will come out
unreadable, with no apparent format. In this state, it is sent through the network to another
computer. This one will have the decryption key. Passing it and the encrypted data through
another algorithm will recreate the original data.

There are many encryption methods, each with different advantages and disadvantages:
some involve constant keys, some have keys with a limited lifespan, some add other factors
into the algorithm. The process of encrypting and decrypting takes time (the algorithms are
rather robust, due to keeping security in mind), this means that using this at every end point
may not be wise. However, when transmitting the data to external servers, this is a must.

Encryption can also be done with “stationary” files: hardware, folders, files, even whole
databases can all be encrypted, allowing access only to those who have a password or a
key that can decrypt it.

This encryption subject can all sound very hacker-y to people outside of IT, but with
computers becoming faster and more powerful every year, it is starting to become
commonplace: communication apps such as Whatsapp and Telegram have point-to-point
encryption (meaning the only ones that can read your messages are the ones on each point,
that is, the sender and receiver), and the cloud storage company MEGA encrypts all of the
data stored in it and provides only the owner of the data with access to the decryption key.

Fraud Management

Sometimes, people do break through security, as good as it may be. That means you should
also consider looking into ways to discover whether you were invaded or not, and whether
the invaders have changed anything or not.

Risks © Cloud Credential Council Page 46

Every change, every connection, and such should at the very least be kept logged and
monitored.

Keep Software Updated

Although constantly updating software may seem like a chore, keep in mind that is what
makes them reliable. Software is rarely ever perfect, and every day new issues and bugs
are rissen and corrected. With cybersecurity software especially keeping it updated is
critical to maintaining your network security: new malware and viruses are created and
discovered every day, and the anti-virus companies keep on constant watch for them to
catch, dissect and be able to prevent them.

Similarly, keeping the operating system and IoT platform updated allows to fix security
problems it inherently has and that could be exploited, and with web browsers just the
same.

Documentation

When all this is being designed, prototyped and implemented, there is something that must
always be considered, for every part of the project, and in every step: not everybody that
is working on it today may continue working on it in the coming years. As time goes by,
employees may leave or relocated, new employees may be hired, and the work done by the
ones that left must be passed on to the new people just joining. That is why documentation is
needed.

Documenting is the process of detailing, in writing, every detail of a project: all of its
process of development and implementation, how to maintain and repair it, procedures and
bureaucracies involved, how to work with it, how to do some specific tasks, authorizations,
who access to what, and more. It is a tedious but extremely necessary step to ensure that
everything keeps running smoothly in the long run. You never know when someone will
leave and need to be replaced, nor when you have to replace the hardware with more
updated ones, or when you have to replace a device adapted for IoT with one that was
designed for IoT.

Everything must be written in detail forming a “master” document, and then divided into
smaller documents for specific purposes: maintenance, everyday work, inner workings,

Page 47 Risks
theoretical model, listing end points, sensors and actuators and their characteristics, and
then given to every employee that needs to use it whenever needed.

And remember: the documentation must be kept up-to-date.

Keep investing in security

Nothing is perfect forever. You may invest a lot into making a very secure network and
still get a breach. In order to prevent that, some companies invested in hiring hackers and
security experts to “compete” with one another, with the hackers trying to get access to
restricted data, while the security experts keep the system secure, preventing their attacks.

The more your company grows, and the more data you have to handle, the harder it gets.
As you expand, remember to also expand your investments in security, lest you suffer the
same fate as Equifax.

Risk 4: Doing nothing

The risk of doing nothing is much greater than many people think. The old saying ‘innovate
or your competitors will set you aside’ is more true than ever. Nowadays the credo is
‘embrace digital transformation or simply die!

Risks © Cloud Credential Council Page 48

06
Rewards
However, just as every investment has risks,
it also has rewards. IoT is new enough to
not be entirely mature in all of its parts, but
it is mature enough to have some amazing
success stories. Many companies, large
and small, have managed to successfully
implement IoT into their businesses and are
Page 49
already reaping the benefits of it, and will
keep doing so provided they keep investing
in perfecting their practices and keeping up
with the evolution of software and hardware
related to it.
Here are some examples of companies that
successfully used IoT, either to improve their
Rewards
company or as a business model:

Caterpillar: in order to make maintenance and continuous functioning of their facilities,

Cat introduced sensors into many parts of their machines: fuel tank, oil tank, machine parts,
among others. Then, together with using this data to ensure optimized operation, they mixed
it with Augmented Reality, providing their operators with a tablet that could be used to see
the data of every machine by pointing the tablet’s camera at it, while also using it to provide
instructions for how to perform maintenance or repairs whenever needed. It feels like being
inside a video game;

Smart farming: not exactly a single company, Smart Farming is the use of IoT technology
to improve farming efficiency, with technologies such as constant environment monitoring
(including localized soil monitoring), drone surveillance, and even Machine Learning to be
aware and in constant control of every inch of farming land and the situation of very plant.
This allows better use of resources, especially water, fertilizers and pesticides, ensuring that
the crops will get exactly what they need, no more and no less;

General Electric: GE’s IoT software platform Predix is designed around integrating
machine-generated data to cloud computing platforms, allowing GE clients to leverage big
data for everything from hospital operations management to airline fuel optimization to
electrical grid management.

DHL: to ensure efficient logistics, the company uses a similar implementation to the example
used before, with the addition of just about everything being connected to the network
in any way: people, forklifts, incoming boxes, stored boxes, outbound boxes, all of them
containing information on position, content, status, among many others;

Airbus: Airbus’s Factory of the Future initiative aims to provide more workplace efficiency
by attaching sensors to tools and machines, thereby connecting them to the network, along
with providing employees with wearable technology. The objective is to reduce errors and
increase safety, while also increasing productivity along with it;

Fanuc: using sensors to minimize downtime, following the principles of predictive

maintenance;

Gehring: gathers sensor data in its machines to increase efficiency and reduce downtime,
while also providing the same data in a user-friendly way for their customers, explaining
how the machines and the fabrication process works while allowing them to see them

Rewards © Cloud Credential Council Page 50

working in real time;

John Deere: pioneered self-driving vehicles with their self-driving tractors and advances in
GPS technology;

Page 51 Rewards
 Final words
As you can see, the Internet of Things is a rather complicated world, full of
intricacies and risks, but also able to give you unimaginable rewards.

Always keep in mind before delving into it that it is much easier to botch the
implementation than to implement it well if you dive in without having the
right skills. Every step of the project features new challenges, from problem
identification to full implementation and continuous investments, and every
challenge must be identified, acknowledged, and solved.

For that reason, be sure to form a team of experts and work together every
step of the way. If you do it slowly and in well-thought steps, there is no
need to fear to invest in IoT. Be sure to accompany your team closely to
ensure that you can minimize costs and maximize returns. Do not be
afraid to ask, and do not be afraid to research. Knowledge really
is power.

Also, remember: IoT is still in its infancy in some ways. New technologies
and solutions will come out, and you may want to keep track of them.
Do not forget to implement security measures and maintain up-to-date
documentation, nor be afraid to scrap the project and start anew if it
doesn’t work as planned.

IoT is a great revolution in the way we do things: from day-to-day small

tasks to production on an international scale, and it can give you a
competitive edge like never seen before. If you’d like more in-depth
information and knowledge regarding IoT, Concepts and Terminologies,
Monetization Options, Business Orientation, Enabling Technologies, etc, it
is advised to upskill through the Internet of Things Foundation certification
course or a similar program.

Final words © Cloud Credential Council Page 52

Page 53 Final words
Cloud Credential Council
The CCC is a leading provider of vendor-neutral certification
programs that empower IT and business professionals in their
digital transformation journey. The CCC has been supporting the
professional development of professionals since 2013, and has
delivered certifications in over 75 countries across all types of
industries and governmental agencies.

The CCC chooses to work in areas that are related to the massive transformation
organizations are undergoing to become digital leaders. The Internet of Things, Big Data,
Cloud and Blockchain are potential disruptors and can revolutionize the way work is being
done, change business models, and requires us to rethink what we do.
The CCC Portfolio includes foundation level programs on Cloud, IoT, Big Data and
Blockchain, and Professional role-based certifications for Cloud. The CCC works with over
200 registered training providers across the world to deliver in-class or virtual CCC training
programs. The CCC also engages directly with professionals who are looking for self-study
or online learning programs.

Contact us for more information:

[email protected]
www.cloudcredential.org

CLOUD
CREDENTIAL
COUNCIL