BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

Why The Cloud And Internet Of Things Don't Always Mix

Following
This article is more than 6 years old.

Cloud makes possible the Internet of Things, that global assortment of connected devices, sensors and systems. The cloud supports analytics and processing of all the data streaming in from the "things." However, some industry observers question whether cloud makes it all more expensive and complicated than need be.

Margaret Martonosi, professor at Princeton University, suggests that processing data closer to or within sensors and devices -- and not sending it out to the cloud -- may accomplish more, in a more secure way, and more economically. "There are ways we could do better at designing edge devices to do more computation locally an send less data to the cloud," she said at a panel discussion, part of the recent Princeton-Fung Global Forum, held in Berlin. "Right now, many devices are streaming data to the cloud. Most of the analysis, most of the intelligence, is being done there. It is easier to build systems that way, because you just need to keep the majority of your software in the cloud."

Photo: Joe McKendrick

Localized analytics or processing on or close to devices and sensors may make more sense, both from a security and economics viewpoint, Martonosi continued. "Most devices will need to have a mode where they can work in a disconnected manner anyway. For some time, perhaps we might be able to delay sending data to the network, if we can design more of the analysis  functionality into the edge device. We can save energy and battery life. The communication energy of streaming this data elsewhere can be 1,000 to 10,000 times more than doing something locally on devices."

The economics -- as well as the risks -- seen in the IoT were explored in depth by the panel, led by CNBC's Julia Boorstin. Panelists also discussed where the lines of responsibility for IoT privacy and security issues should fall. Björn Scheuermann, professor with Humboldt University of Berlin, outlined the golden rules that should be followed in designing IoT devices -- "don’t send out data, and if  you have to do so, do it in encrypted keys. Do as much processing locally as possible," he explained.

However, there's a cost associated with such best practices that require trade-offs that companies and consumer may be unwilling to bear. "It makes the development of the product more expensive," Scheuermann continued. "If you're talking 10-15 euros per device, that matters. It really matters if the development becomes more expensive. There could be the cost of reduced functionality. That means potentially the devices that follow these rules might be more expensive, and they might provide reduced functionality. In the end it means we have to find a way to convince the consumer to pay and willingly do so."

IoT security is a challenge that must be addressed at many levels. Paul Misener of Amazon.com relates that his company both preaches and practices openness, but that only goes so far. "We have a history of providing our customers a tremendous amount of information to help them make their choices," he said, adding, however, that "90% of retail sales are offline. Even if it were fixed with online sales, it certainly wouldn’t address the majority of products." Along with assuring the security of devices, "the cloud itself has to be robust and secure. Also, the connection to the cloud and the cloud itself has to be secure."

Still, verifying and assuring IoT security is an inexact science, requiring a great deal of communication and logistics that does not take place. "Suppose the consumer was interested in buying a more secure device -- how would they be able to tell?" asks Andrew W. Appel, professor at Princeton University. "Let's supposed the manufacturer wanted to make a secure device. how would they do that? There are already independent organizations interested in inspecting devices -- but how would they be able to inspect the device?" Appel advocated "applying standard principles of software engineering to the IoT devices, just as they were applied in the past to the desktop operating systems and the smartphone world."

There is also a need for stakeholders to step up and determine who takes responsibility for IoT quality and security. "The costs of a device don’t always accrue to the owner of the device," Martonosi said. There are multiple stakeholders, and all need to be part of IoT decisions.  "It's not totally a technical problem; we need to appreciate the different roles of stakeholders," said Nick Feamster, professor with Princeton University. The four primary stakeholders include consumers,. manufacturers,  internet service providers, and retailers.

In the end, the IoT space is "incredibly unbelievably heterogeneous," said Martonosi. "For example, Android is a widely used smartphone operating system, but also used for embedded devices and edge devices in the IoT," she pointed out. "There are currently over 10,000 devices that are trying to be Android compliant. That means there s a tremendous space for things on which the software needs to run correctly, across many different performance levels, many different energy levels. It's very hard to get correct. There's also heterogeneity in the the sensors,  in the way we're using in these devices, and in the data formats by which were collecting data and sending into the cloud."

Ultimately, IoT is going to require industry-wide interoperability standards, Martonosi advocated. "So we can have many different devices from many different manufacturers and many siloed applications that can come together and interoperate. The vision of IoT is to integrate data from many devices. We can't do that with one manufacturer, or one set of gadgets at a particular moment of time." She also advised that these standards be written by engineers. "That sounds like an obvious thing, but there are places where you get standards written from a government policy making perspective."