Sunday, January 8, 2017

Finding the real value (and security) in IoT applications

At the end of 2016 I had the pleasure of talking to Johan den Haan (pic below) the CTO of a company called Mendix to talk about all things IoT (thanks @sarahsalbu).  Mendix is a low code hpaPaaS player; but I’m sure you already knew that ; )

Johan den Haan.jpg

We will get to what the heck hpaPaaS means later but my reason for talking to Johan was to get my head out of the sensor/microcontroller/gateway world I’ve been living in and learn about the world of IoT higher up the stack.  You may remember my 7 point IoT operating model I came up with back in 2013 to help me understand the IoT; Mendix operates at level 5:

  1. Sensing and Control
  2. Connectivity
  3. Analytics (big data) and the cloud
  4. Security
  5. Applications, ROI and 2nd/3rd order effects
  6. Standards and Regulation
  7. Ecosystems and Communities
Mendix was started in Holland and is now an 11 year old company so they can’t be accused of recently jumping on the IoT bandwagon.  Today they are headquartered in Boston and you can find then at  The initial impetus for the company was to make a platform for application delivery for IT departments especially those that needed mobile driven development without the need for heavy coding skills. Mendix saw the mobile developer skills gap early on and we all know that the biggest ROI killer in IT projects is being late, so the need for speed in application implementation convinced them to become a platform company.   Johan describes Mendix as a low code platform meaning your developers aren’t in the code weeds and can get on with building their applications.  This makes Mendix a high productivity application platform as a service (hpaPaaS) company (longest tech acronym winner?).   

Mendix does not supply the sensors or “things” because in Johan’s opinion that's not where the value is (note to my semiconductor friends).  Instead, Mendix takes the customer's data after it has been uploaded to an IoT cloud provider like Amazon IoT (or IBM Watson IoT or Microsoft Azure IoT) and then using an App they can give a user the following:

  1. Contextual awareness; what is going on in real time with that particular machine, patient or city street for example.
  2. Intelligence; with data analysis in the cloud and/or logic in the Mendix App the user knows the possible consequences of the situation.
  3. Proactivity;   the user now has options to adjust the machine, ask for help or get suggestions on how to mitigate any serious consequences

Scotty could have been more productive on the Enterprise if he’d used a Mendix IoT App:

Seriously though the real power of the IoT comes from adding intelligence when it's needed to avert life threatening situations in everyday life.  Say a doctor or nurse walks up to a patient in a hospital bed after a shift change and can instantly pull up all the medical data they need (via a beacon on the patient), now they have intelligence on the patient's history, drugs taken and can  be proactively shown some possible treatments.  Medical errors are the third leading cause of deaths in the United States,  this isn’t a trivial or nice to have application it could be a life saver (and the cost of medical errors is at least $17billion per year).     

Mendix is also getting traction in the Industrial IoT with energy companies who are maintaining the grid in a rapidly changing world of renewables and microgrids.  As the energy market changes then the mobile workforce of a utility need to get access not just their own data but the flow of information coming from customer solar installations and businesses with their own generators.  The number of grid interdependencies and complexities are growing rapidly so the need for contextual analysis and intelligence and making the right decisions is essential.

So this is all very inspiring and obvious in some ways so I asked Johan how do we get there?

His advice is to start with a pilot, build an App fast with Mendix then iterate the business model.  A nice real world example is the Dutch airline, KLM in their fleet maintenance group.  The problem they needed to solve was where are the maintenance tools needed for a specific plane.  The tools could be anywhere in the maintenance facility or airport so the app finds the tools and ramps they need when they need them.  The App was built in 2 weeks and has saved them $1.8m already in downtime.  So the lesson is to do these experiments fast and repeat.  It gives the dev team experience with the concept and where the benefits will come from which are not always obvious.  Check out the Smart Apps Mendix has come up with here:

I couldn’t let Johan go without grabbing the third rail of IoT right now which is security and he explained that Mendix is not a device software company and they don’t collect data but they help gather what might be sensitive data for customers.  So on the Mendix platform there are granular built in user security settings, these control which users can see what portion of the data which is useful for those managing the application but how secure is this?

IoT security issues are far ranging and not all of them fall on Mendix but Johan told me that they
do penetration testing and have a cloud security certification so they are taking it seriously.  After the Mirai bot attack in October (and Mazar back in February) security is the hot topic in IoT and Johan agreed that some standards organizations will probably get involved soon but I’m not sure who is on first,  do you?  

So the bottom line for me is that the application layer of the IoT is where the bulk of the value is created and you need to start somewhere so Mendix is worth a serious look.  Feel free to comment below and follow me on Twitter for shorter IoT missives.

Postscript added on Jan 10, 2017: Mendix has a free trial available for up to 10 users here: Disclosure: I have no financial interest in Mendix and am not consulting for them.

Tuesday, November 8, 2016

October 21 2016; a day that shall live in IoT infamy

Thats a provocative headline but the widespread DDoS attack that took place on October 21st came from unprotected IoT devices and that's a security game changer for the world of IoT.

If you are reading this then you are probably well aware of the internet outages that day but just in case it was a classic distributed denial of service (DDoS) attack on a key DNS provider called Dyn. This is what the web looked like on Oct 21, red is bad:

l3outageA depiction of the outages caused by today’s attacks on Dyn, an Internet infrastructure company. Source:  

DDoS attacks aren't new,  for years, hackers have routinely infected millions of PCs with malware and created Botnets they can activate to attack websites, service providers and infrastructure companies but this time they corralled up to a million IoT devices.  This IoT Botnet used code called Mirai which had infected security cameras, DVRs, printers and routers running a common form of embedded Linux (dubbed "the Swiss Army knife of embedded Linux"  I did not make this up!).  Much has been written about this attack by experts so I won't dig in deep but please think about subscribing to my former colleague, Dave Strom's Inside Security newsletter to get the scoop.

My larger point is that all the devices which were compromised had two things in common; they were consumer devices built on tight profit margins (hence the free/open source code) and the designers "hoped" that users would change the default password on the device when they were installed.  So here we have have two failings of human beings (not technology); building cheap products and assuming end users understand technology and how to protect their own security.  Couldn't see that coming.

So why is this fiasco such a tipping point in IoT history?  Well first of all we all now know it can happen and affect a lot of other people who are going to take action, second, there is now no excuse for device designers not to take security seriously, even if they have a tight budget.

Just to show that this isn't wishful thinking on my part I have seen evidence of this in September when we (I was at AspenCore at that time) asked embedded/IoT hardware designers what their major concerns were right now and for the first time we saw Security as #1. Although one cautionary note is that "Cost" was #2 and very close.

So here is my closing thought,  IoT security is on everyone's mind now and free software combined with asking users to change their passwords may not be the best choice for securing devices in a world of constant cyber attacks.  More on this in my next blog and feel free to comment and share. 


Friday, May 27, 2016

The IoT will be high frequency and will change your life

This week I attened the IEEE International Microwave Symposium in San Francisco and wrote an article for Electronic Products magazine here:

I'm restarting this blog because the IoT just gets more interesting by the day and after seeing all the new RF technology coming with the move to 5G mobile I am even more excited about the potential of the IoX to change our world..

I have a new role in media at AspenCore (disclosure: AspenCore is a division of Arrow Electronics) and will post more often now I'm back in electronics.

Hope to see you around the industry soon.

David B

Tuesday, June 23, 2015

How my 18 stock IoT index did after 2 years (hint: not too shabby!) and some lessons learned

Back in June 2013 when I started this blog I picked 18 stocks which I thought mirrored the public companies that would benefit the most from the coming IoT boom.  In retrospect I think there has been an IoT boom but the differences in how some of my 18 picks performed is startling.  A couple of companies had stock splits (Google and Apple) and Freescale is being acquired by NXP this summer.

But talking of Freescale it was my clear winner over the last 2 years, in fact its a two bagger with a gain of 200.21%.  On the other end of the equation Sprint was down 33.6% and overall the portfolio gained 34.5%, not too shabby! Here's the portfolio in all its glory (my original post from June 2013 with the rationale for each stock and my 7 elements of the IoT is here:

Stock Name-Symbol Price on 6/22/15 Price on 6/20/13 % gain
Apple-AAPL $510.44 $416.45 22.57%
Amazon-AMZN $436.29 $273.44 59.56%
ARM-ARMH $53.73 $36.67 46.52%
Atmel-ATML $10.44 $7.45 40.13%
Avnet-AVT $43.45 $33.40 30.09%
Cisco-CSCO $28.94 $24.44 18.41%
Freescale-FSL $42.27 $14.08 200.21%
Google-GOOG $1,076.38 $884.74 21.66%
Honeywell-HON $105.37 $77.71 35.59%
IBM $167.73 $197.39 -15.03%
Linear Technology-LLTC $47.15 $35.92 31.26%
Microchip-MCHP $50.41 $36.48 38.19%
Maxim-MXIM $35.65 $27.36 30.30%
Rackspace-RAX $38.18 $35.13 8.68%
Sprint-S $4.69 $7.07 -33.66%
STMicroelectronics-STM $8.30 $9.26 -10.37%
Taiwan Semiconductor-TSM $23.84 $17.41 36.93%
Texas Instruments-TXN $55.50 $34.62 60.31%
Total % gain 34.50%

Now does this make me an investing genius?  Well we all know the answer to that question and you haven't hurt my feelings!  Let's compare my results to some common indices to get a reality check.  

If you had simply bought the Dow Jones Index (DJIA) during this time period then you would have a return of 22.77%, so I beat the Dow.  The S&P 500 returned 32.15% so I beat the S&P. But what about the "tech heavy" NASDAQ?  If you had simply bought the NASDAQ index you would have seen a 53.18% return, way better than my 34.5% and buying the SOX semiconductor index would have given you a 58% return, again significantly better than my index.

So whats the lesson here?  To me it's clear that the IoT is an amalgam of so many industries and sectors its hard to find pure play companies and no single player is going to dominate, not Google or Amazon or IBM.  I identified 7 aspects of the IoT and its not just hardware, software and infrastructure that we need to look at but standards, security, governance and ecosystems so its much more complex than people think.

So looking forward I think the meta lesson is that the real winners in the IoT are going to be those companies that can assemble the best ecosystem to serve the IoT and today I think that's wide open.  If you think you have spotted a winner please comment.  

Friday, May 1, 2015

Windows 10 for the IoT is out, runs on Raspberry Pi 2 as promised, also on Arduino and 2 Intel boards

A milestone in the world of IoT happened this week at Microsoft's Build conference in San Francisco when Microsoft revealed Windows 10 for the #IoT.  Its big for Microsoft in that the "Windows Everywhere" mantra finally comes true.  Its big for the IoT development world because Microsoft is so ubiquitous in our lives at work and at home.

If you look at the Win10 IoT page,  its very #Maker and #Kickstarter like:

There are examples of projects, cloud connections (of course!) and a Github code community.  Its all very nicely done and its going to be interesting to see how fast its adopted.  Are you going buy that Raspberry Pi 2 now?

Thursday, March 26, 2015

An inexpensive building block for the IoT, get yours on Kickstarter quick!

In many of my posts I have talked about all the building blocks and interdependencies of the #IoT and how its not that easy to pull it all together so when I saw this Kickstarter project that solves one of the major connectivity issues I was intrigued.

Getting your data from the sensor to the cloud is non trivial and there are so many connectivity issues but this little device takes advantage of the nearly ubiquitous cellular infrastructure (at least in urban areas) to get you up and running.  The board has pretty impressive hardware with an STMicro ARM Cortex-M3 controller on board and a cellular modem:

In order to make the cellular data plan simple the team have basically become a carrier so they can offer connectivity of up to 20,000 messages or 1MB for $2.99 a month (extra MB are $0.99) so its not crazy expensive the way some older M2M systems always seemed to be. 

Right now you can get the board and 2 months of free data for $39 so why not order one and get yourself connected?  4500 other people have ordered one and they blew through their target, seems like a winner to me.  What do you think?

Tuesday, February 24, 2015

How the IoT will be built; ARM, IBM & Freescale IoT starter kit

Today (Feb 24, 2015) is the first day of the influential Embedded World event in Germany and as such its a platform for companies to announce new products and set the stage for the coming year. Embedded World is not a very sexy event like CES or Mobile World Congress but you can see into the slightly murky technology crystal ball and see what's likely to happen next. As I expected Embedded World will be dominated by everything IoT simply because its going to be the biggest growth driver of electronics in this decade and you'd be a fool to miss it. So right on the first day of the event,  ARM, IBM and Freescale get out of the gate fast with an IoT starter kit, you can read the details here.

An interesting hidden point here is that the IoT is complex (read my 7 basic needs of the IoT blog) and no single company, not IBM, Microsoft, Google, Apple or Intel has all the pieces to make it work so the future will be all about partnerships, ecosystems and collaboration.  Easier said than done!

So here we have 3 major players getting together to make life easier for developers; software from ARM, hardware from Freescale and the Big Blue Cloud.  Even with these 3 heavy hitters the connectivity layer is still missing (unless IBM does deals with carriers) and there will be questions about security.

I haven't researched the IBM IoT Foundation yet but it does seem to remove many barriers to getting the IoT up and working so its seems like a great tool and they have made it easy to try and test:

Check out the IoT foundation here:

This week I will read the tea leaves from Embedded World and drop my thoughts here just as I did for CES over on the ARM Community last month.

What's exciting you about the IoT?