Three Lessons Learned from Working in IoT

Prior to coming to Metal Toad, I worked as a .NET engineer at an Internet of Things (IoT) startup. My job was to stabilize and expand an existing cloud-based infrastructure that served as a central hub for IoT communications. This hub allowed a variety of entities to connect to the cloud for key operations:

• IoT devices reported status and checked for incoming commands

• mobile devices checked on device status and issued commands

• a website pulled and displayed device detail and analytics

Working on the back end that served these various needs was a great experience. There’s something magic about the moment when you press a button on your phone and an electric appliance lights up. IoT bridges the gap between our virtual and physical worlds. I’ve seen a room full of seasoned professionals cry out with delight after a first success at just turning on a light.

That said, we also faced unique challenges as a company and as developers. Developing for IoT can involve many of the same technologies as developing for websites or other traditional software needs, but we had to adapt our development and management practices to best support the problems and opportunities unique to IoT. These are a few of the lessons learned.

1. High-profile security failures have made IoT sound like more risk than reward

When we spoke with clients about how they could leverage IoT in their industry and products, many clients would immediately respond with concerns about security. This is more than fair; there has been a lot of press about really horrifying problems and short-sighted system designs.

IoT security doesn’t need to be that scary. The abundance of horror stories surrounding IoT have mostly been due to failure to follow very basic and well-accepted security practices. Cheap devices used old firmware that had not received security patches, allowing hackers to use well-publicized exploits. Users weren’t prompted to change the system password to a unique (and strong) personal password, so bots were able to scan for devices and access using a known password. These flaws don’t demonstrate that IoT devices are less secure than anything else on the internet; they demonstrate only that some companies aren’t concerned with producing a safe, quality product.

Hardware that follows modern standards and implements smart, modern security practices with failsafes (plus regular testing and updates) will result in a safe product.

When speaking to potential clients in the IoT space, we learned to enter the conversation ready to talk about establishing multiple levels of security, including enabling firmware updates, enforcing secure passwords, and engaging in regular penetration testing. Only then could we get past that initial concern and into brainstorming potential applications.

2. Focus development around integration

Integration is a standard part of the software development process. Any development team working on a website may need to integrate multiple services within their own project, and also with third-party APIs. With IoT, this aspect of development becomes more complex and crucially important. 

A problem in the communication flow might originate from the hardware, the firmware, the cloud, a mobile device, or some tiny difference in how the cloud and the firmware are handling a specific value. Bugs can be hard to track, especially when the firmware team might have a different idea than the mobile app team on how things should work. Fixes by one team might not take the entire process flow into account.

If you follow a traditional development strategy, with one team working on cloud services while another develops a mobile app, you can end up with teams operating under slightly different understandings of the intended process. Without dedicated and focused attention on the big picture, bugs pop up, you miss opportunities for optimization, and the end product suffers.

We resolved this by assigning a dedicated integration specialist. This role was in charge of understanding and continually documenting the complete flow of interaction. They can catch problems that are likely to be rooted in hardware problems or firmware versioning issues. (If the product involves custom hardware, this person might need to have an electrical engineering background.) They carefully monitor updates and bug fixes and consider impacts of those changes to the entire process. They also perform or supervise end-to-end testing.

With a dedicated person to keep their sights on the overall process, we can provide tight, thoughtful integration as we develop, and ensure that all teams are working toward the same goal.

3. Marketing IoT requires an IoT-specific strategy

If you offer a traditional product and also an IoT version of that product, the market for those products may not be the same. We saw one client with a great new IoT product experience a lot of difficulty finding customers. Marketing attempts were awkward, confusing, and poorly targeted. They knew they had a great concept, but they had no idea how to tell potential customers about it. They invested in IoT without investing in an IoT strategy.

For a business that’s ready to invest in IoT but isn’t sure how to sell that technology to their investors, employees, or users, it is first necessary to invest in developing a strategy that includes getting your product to the people who will benefit from it. This is as important to the product’s success as a great concept, smart design, and top-of-the-line security.

Working with IoT has opened my eyes to the vast potential of this technology, as well as the best practices necessary to successfully employ it for business growth. As exciting as it is to use my phone to turn on the sprinklers, it’s even more exciting to see our industry transform to support the development of well-designed, well-strategized IoT systems that connect with their audience. That’s real magic!