Is Cloud-based IoT solution the future?

3 weeks ago, I gave a talk in IoT EXPO in Amsterdam about Shell’s digital strategy and the importance of IoT. I was delighted to hear so many questions about IoT from the audience, and I left one question to them as well:

“Do you think cloud-based IoT platform is the future?”

Last Thursday, I gave a talk in a DLT meetup in Amsterdam, trying to answer that question myself. 

No, Cloud-based IoT platform may not be the future, at least no the only one, and it will change over time. 

Cloud is not designed for a truely connected IoT world, due to the following (but not limited to) reasons:

1. Interoperability

Devices connected to different clouds cannot talk to each other with full functionality. 

Research has shown a substantial development of solutions for a wide range of devices and IoT platforms over the past 6-7 years. However, each solution provides its own IoT infrastructure, devices, APIs, and data formats leading to interoperability issues. Such interoperability issues are the consequence of many critical issues such as vendor lock-in, impossibility to develop IoT application exposing cross-platform, and/or cross-domain, difficulty in plugging non-interoperable IoT devices into different IoT platforms, and ultimately prevents the emergence of IoT technology at a large-scale. https://link.springer.com/article/10.1007/s11036-018-1089-9

It simply lacks the foundation of Internet of Things, it’s a new “Internet” but it’s made of things. All things should be able to talk to each other by design but with access control.

2. Security

X. 509 certificates are the “most” secure way industry standard (both AWS and Azure are using it) to secure the connection of the devices. However, it’s difficult to manage a large volume of certificates (root certificate, intermediate certificate, leaf certificate, etc), and they seem not to be quantum resistance? test is still required. 

Most of the people just use symmetric keys, because it’s easy to implement. However, it’s difficult to securely share the keys (or token) with 3rd party, and you have to protect the keys both in the device and on the cloud. Dangerous! 

People may be skeptical and saying what I wrote is not true, here is the article from Microsoft, discussing on the security challenges and what methods to use: https://azure.microsoft.com/en-us/blog/iot-device-authentication-options/

3. Who really owns the data?

To grow their business, the big cloud vendors strictly follow the rules they made. They keep your data in a secure place, and no one else is able to touch it except you.

But come on… it’s on their servers, physically! And it’s a very light decentralized and a very heavy centralized infra. It’s decentralized because companies like AWS and Microsoft, they have multiple data center globally, they provide resilience, load balancing, etc to support your business. For example, Google has 15 data centers globally. Sound not bad?! It’s only 15! During a war (the worst scenario), 15 data centers can be easily destroyed.

I don’t want to mention the book from Julian Assange ( https://archive.org/details/CypherpunksFFI ), but it’s so cheap and easy for governments to get the data from those companies. Check out a typical example from AT&T: https://techcrunch.com/2018/06/25/nsa-att-intercept-surveillance/

You may also hear about Amazon hire contractors (human) to listen to the conversation from Alexa and tag them for machine learning training purpose. Namely to make the algorithm better, make the AI smarter, but it’s trying to utilize(“steal”) the customer data and personalize (“control”) their customer with algorithms in the future.

https://www.independent.co.uk/life-style/gadgets-and-tech/news/amazon-alexa-echo-listening-spy-security-a8865056.html

I can list more but it just started 😉

Now I want to leave another question for you:

“If not cloud, or even with cloud, what is the future of IoT?”

p.s. I asked the question to audience in our meetup in Amsterdam, what are the most important 3 elements for the future of IoT?
Answer is obvious, security is the biggest concern, at least for end consumers.