25 posts categorized "Internet of Things"


Lingering Thoughts from NIWeek 2015

VDC’s IoT and Embedded Technologies team recently attended NIWeek 2015 in Austin, TX. National Instruments (NI) put on an excellent conference and we had the opportunity to take in a great deal. There were inspiring and informative keynote presentations, great partner stories, the heat, interesting panel sessions, helpful one-on-one meetings with NI executives, the strange layout of the Austin Convention Center (it allegedly has a floor 2, but I’m not buying that), demos on the exhibit floor…and, well, did I mention the heat?

The IoT / IIoT Centric Focus of NIWeek

Regardless of the format – keynote, panels, demos, 1:1’s – much of the discussion tied into the Internet of Things, or the Industrial Internet of Things in NI parlance. This focus is well justified; with all due respect to Marc Andreessen, it is time to update his famous quote. Today, “IoT is eating the world.” In fact, a majority of engineers surveyed by VDC in 2014 were already leveraging the IoT. By 2017, 81% expect to use the IoT in their projects, which represents a truly remarkable shift in the engineering world!

Iot eating the word

National Instruments’ Position within the IoT

NI’s IIoT focus, and I believe it to be the right one for the company, is to provide their customers with distributed compute intelligence that would sit between the data generating nodes and the cloud or legacy enterprise systems in the IIoT architecture.

To date, media attention has focused disproportionally on greenfield IoT applications serving the home, business, and building automation. There’s a lot of innovation to be excited about in these devices, but they represent only a slice of the total available market for the IoT. NI is aiming at this broader IoT picture that includes countless applications in all of the traditionally embedded industries, like automotive, energy, medical, industrial, and others. Deployments into these markets will be brownfield opportunities needing to traverse complex environments and interact with a host of existing devices that vary in age and capability. Moreover, any new equipment will need to connect or integrate with numerous earlier M2M systems.

At NIWeek 2015, National Instruments demonstrated that their modular, platform-based portfolio has the functional capabilities, flexibility, and strong hardware/software integration necessary to support engineering organizations as they deploy the next generation of intelligent IIoT systems. The challenge however, is for NI to broaden the mindset held by many traditional customers. Engineers will need to more often consider their platforms as appropriate for deployed systems rather than only for development and test & measurement if NI is to advance their positioning in the IIoT ecosystem.


PubNub Taps IoT Niche with Real Time Data Streams

The tremendous growth potential of the IoT has created a market battle between many large, well-known companies such as Amazon, Cisco, Google, IBM, Microsoft, and Oracle. But how do smaller companies and startups become competitive in the race for IoT success? One answer: create or exploit a niche within the IoT. PubNub is a notable entrant in this respect.
Pubnub logoStreaming of real time data is useful in a variety of IoT applications, including finance, weather, traffic, communication, E-commerce, security, systems control, home and vehicle automation, advertising, and gaming. Since PubNub's founding in 2009, the company has firmly established itself in the market and claims to be the only global-scale network for real time data streaming for web, mobile, and IoT devices.
PubNub founder and CEO Todd Greene told VDC that the company uses 14 datacenters worldwide, connecting nearly 300 million devices, and processing over 350 billion messages per month at 1/4 second or less latency. Over 2,000 customers are responsible for that immense amount of data traffic. Greene said that PubNub has been able acquire an abundance of customers because it supplies consistent solutions to overcome some of the IoT’s most daunting obstacles: lack of security/privacy, demanding resource requirements, and complexity of use.
Though the IoT is growing rapidly, some customers are still hesitant to adopt connected products and solutions because of recent concerns about cyber security (or lack thereof). In addition, developers struggle to design and maintain secure systems while being fully transparent with their customers about the security measures that they are taking. PubNub reduces security risks by eliminating open network ports (by tunneling data through HTTPS), supplying authentication and access to data at a granular level (from both the server and user sides), and encrypting data with AES 256.
Developers often have limited resources and are constrained in the amounts of data that they can use. Energy saving is also a necessity as portable and mobile devices and communications services expand their capabilities. The desire to maintain an open connection for data streaming may lead developers to expect that considerable bandwidth and energy are required, however, PubNub is optimized for low bandwidth usage and low battery drain. For example, only 15 to 17 kilobytes of data per day are needed for a device to maintain a persistent two-way network connection. To conserve battery power, PubNub has a keep-alive verification that only occurs every 5 minutes. A typical 60 second ping notification, commonly used by Apple (APNS) and Android (GCM) devices, causes heavier battery drain. PubNub can further reduce its energy use via multiplexing, which allows data to be aggregated and streamed from multiple PubNub channels simultaneously over one TCP socket connection.
Similar to data streaming services such as Pusher, PubNub lets developers easily create apps through APIs. Greene said that PubNub sets itself apart by supporting over 70 SDKs which allows it to handle almost every type of connected device and protocol, and cater to a broad range of users. And because it keeps a persistent socket connection, users do not have to hassle with configuring firewalls, proxy servers, antivirus, or resolving double NAT. This significantly reduces the cost and complexity of building and maintaining infrastructure for products and services while also offering easy scalability.
In a broad sense, PubNub’s services are similar to content delivery networks such as Akamai and Limelight, but PubNub focuses on real time IoT data streams with device presence detection. PubNub’s Greene summarizes the service with the term RAFTA, short for routing, augmentation, filtration, transportation and aggregation.
PubNub’s unique position and foothold in the IoT market give it the potential to expand and further monetize its business (which is based 100% on recurring revenues). The company has already developed services targeted at vertical market applications, such as fleet vehicle dispatch and home automation, and will be adding more soon. For OEMs or prospective business partners seeking IoT services, PubNub is a company to keep in mind.
This article was written by Rodshell Fleurinord, VDC Research Assistant, with Steve Hoffenberg, Director.


Microsoft Setting Precedents in Data Sovereignty and Residency

MSFT_logo_pngMicrosoft recently announced that the company will open two datacenters in Canada, to provide its Azure cloud service to the Canadian Government and businesses operating in that country. Kevin Turner, Microsoft’s chief operating officer, said “this substantial investment in a Canadian cloud demonstrates how committed we are to bringing even more opportunity to Canadian businesses and government organizations, helping them fully realize the cost savings and flexibility of the cloud.” (To read the full press release from Microsoft, see here.) In an article in Toronto’s Globe and Mail newspaper about the announcement, Janet Kennedy, president of Microsoft Canada, said, “there is no technical reason to do it.” The main reasons are data sovereignty and residency.

Data residency deals with where data is physically located and where it should not go without agreement from its owner. Data sovereignty focuses more on why and how a government should protect the data located within its jurisdiction, regardless of its ownership, from foreign government agencies.

These data issues have been hot topics both on personal and business levels, especially after the Edward Snowden incident. Since then, foreign government agencies and companies have tried to mitigate the risk of leaking their information. For example, the German Government terminated its contract with Verizon for Deutsche Telekom, shortly after the NSA’s reports regarding the agency’s spy acts were disclosed by Snowden. In the Canadian Government’s case, the government was not willing to store its sensitive information in the United States where it might be subject to investigation by the U.S. Government. Microsoft responded to the Canadian Government’s concern by proposing the new datacenter plan. (In 2014, Microsoft had launched a cloud service called Azure Government, dedicated to servicing the U.S. federal government via a datacenter isolated from the rest of the Azure network.) Although Microsoft is not the first or only cloud provider dealing with data sovereignty and residency issues, it has been thrust into the center of the debate.

With emergence of the cloud industry, physical borders between countries become porous, and in several instances governments have tried to subpoena data physically located in another country. One notable example is a U.S. Government court order for Microsoft to provide a customer’s emails and other data stored in Microsoft’s datacenter in Dublin, Ireland. The government’s argument is that there is no need for an American citizen to step on Irish territory to retrieve the data; a couple of keystrokes is all it would take. Microsoft, on the other hand, believes that electronic access to the datacenter should be considered as entering Irish territory, since the actual data is located in Dublin. The company has yet to provide the data and is appealing the court’s decision.

Brad Smith, Microsoft’s General Counsel and Executive Vice President of Legal and Corporate Affairs, has been addressing the conflict in the Microsoft on the Issues blog. Smith argues that Microsoft will not ignore the opinions of the 96 percent of the global population outside the United States.

More than 20 tech companies such as Apple and Cisco, as well as various interested organizations, have provided amicus briefs in support of Microsoft’s position in the case. The Irish Government also expressed its support towards Microsoft; it insists that it would cooperate with the United States to facilitate the process, but the United States should not be bypassing regulations that are currently in place.

Trying to avoid potential disputes and to protect data, some countries have established regulations preventing data from not only being subpoenaed, but also being accessed and distributed to another country without consent. The European Union is in the process of finalizing its General Data Protection Regulation which, among other things, will limit exporting of personal data and ask every global organization based in Europe to appoint a data protection officer. (Countries outside the European Union with data residency restrictions include Argentina, Australia, China, Mexico, New Zealand, and Russia.)

Recently, Microsoft started providing statistics on law enforcement requests, thanks to the USA Freedom Act, just enacted on June 2, 2015. In a report to be published every six months, Microsoft informs readers of its “principles in responding to government legal demands for customer data”:

  • “[Microsoft] require[s] a valid subpoena or legal equivalent before [it] consider[s] releasing a customer’s non-content data to law enforcement;”
  • “[Microsoft] require[s] a court order or warrant before [it] consider[s] releasing a customer’s content data;”
  • “In each instance, [it] carefully examine[s] the requests [it] receive[s] for a customer’s information to make sure they are in accord with the laws, rules and procedures that apply.”

In the second half of 2014, data from 52,997 accounts were requested by law enforcement agencies around the globe in a total of 31,002 requests. Only 7.55% of the requests were rejected outright by Microsoft, and the company disclosed the data contents of 3.36% of the accounts requested. (In the majority of requests, Microsoft only disclosed subscriber or transaction information, not account contents. See the full report from Microsoft here.)

Microsoft is trying its best to protect itself and the cloud industry by setting a precedent with the Dublin case. Nevertheless, even if multiple countries are focusing efforts on preventing their own businesses from suffering data-related controversies, cloud service users and providers should not disregard these issues. As the cloud industry and the IoT grow, the data generation rate is going to increase exponentially. All businesses using cloud services now must consider data residency and sovereignty, in addition to data privacy and security.

This blog post was researched and written by Se Jin Park, VDC Research Assistant (with Steve Hoffenberg)


Privacy and Security Trends in IoT – Parsing the FTC’s Guidance

Privacy and security are both huge concerns for consumers and businesses alike in the evolving IoT landscape. Privacy is the unauthorized use of data by an entity that has been granted access to a dataset. Thus it is generally privacy that forms the relationship between companies and customers, and any breach of this contract is a privacy concern. Security, on the other hand, is the unauthorized use and or/access of data by an entity that has not been granted access to some dataset; e.g. hacking and external security breaches. Both privacy and security goals will be hard to reconcile with the main aim of IoT development: monitoring, collecting, analyzing, and using massive amounts of data.

Whose job is it to protect sensitive data in these rapidly-growing IoT industries? Responsibilities for data privacy and security vary by industry and by country. In the US, when companies are not regulated by another agency (e.g. the Department of Health and Human Services for HIPAA rules on medical patient data), this responsibility usually falls under the jurisdiction of the Federal Trade Commission (FTC).




The FTC has conflicting interests to balance. The Commission was created in 1914 in order to break up the increasingly-powerful corporations that controlled the oil, steel, and tobacco industries with the end goal of protecting consumers from “unfair or competitive practices”. Conversely, the FTC must avoid “unduly burdening legitimate business activity.” The FTC walks a fine line between social and moral conservatism, and economic progress.

As with the majority of emerging and semi-defined technologies, the US government has been largely content to let the market shape the course of the IoT Services market development. Yet the steadily-growing stream of privacy concerns (Snapchat, NSA, Google, Facebook, etc.) and security concerns (Anthem, Blue Cross, Target, Adobe, LastPass, the Office of Personnel of the US Government) has made it clear that the FTC will need to make its presence felt in the IoT Services market sooner rather than later. It is quite apparent that many entities simply do not have the proper incentive to thoroughly self-regulate with regards to privacy and security. Data regulation is in its infancy and it will undoubtedly be a daunting task.



The FTC published corporate guidance on privacy and security practices earlier this year. Let us parse this document to see if we can elucidate any key findings and conclusions. It is important to keep in mind that none of these recommendations carry the weight of law; the report simply “summarizes the workshop and provides staff’s recommendations in this [IoT] area.”



The FTC makes six main security recommendations in order to prevent unauthorized breaches of data. Companies should:

  1. Plan by building security into devices “at the outset, rather than as an afterthought”
  2. Train “all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization”
  3. Hire only service providers that can maintain “reasonable security and provide reasonable oversight for these service providers”
  4. Layer by implementing “security measures at several levels”
  5. Protect by “implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network”
  6. Monitor and fix, patching known vulnerabilities throughout the product lifecycle “to the extent feasible.”

This is the full extent of the security recommendations. These are all common practice in industry, and the vague nature of the language adds little value to the discussion of how the FTC specifically might regulate data in the IoT market.


Data Collection & Privacy

In the privacy section of the FTC report, the agency recommends that companies minimize the amount of data they collect, but the recommendation is quite flexible, giving companies the option to collect potentially useful data with consumer consent. But how does a company obtain consent when the device or service has no interface, as will be the case with many embedded devices employed in the IoT market?

According to the FTC, as long as the use of the data is “expected” and “consistent with the context of the interaction” a company need not explicitly obtain consent to collect data. This language does not set any standards; rather it is remedial language that can be applied to different situations post-incident. The FTC couples this expected use language with industry-specific legislation, such as the Fair Credit Reporting Act, which restricts the usage of credit data in certain circumstances. In summary, under these recommendations the company has nearly full discretion in the collection and usage of data as long as it can prove that it is using the data in an “expected” manner relative to the nature and context of its relation with its patron (barring any industry-specific legislation).

The report notes an interesting idea proposed by MIT Professor Hal Abelson. He suggests that data be “tagged” upon collection with appropriate uses so that another software could identify and flag and inappropriate uses, providing a layer of protection and forcing the company to think about how to use the data before collecting it. We expressed a similar view in a recent VDC View document entitled “Beyond ‘Who Owns the Data?’,” suggesting that IoT vendors develop and implement data structures to permit highly flexible assignments of data access right and usage permissions. Tagging would certainly be one way to segregate usage rights and protect different streams of data.



The FTC states that any legislation concerning the IoT would be premature at this point. However, staff recommends that Congress should enact “general data security legislation” and “basic privacy protections” which it cannot mandate itself. Basically, the FTC needs a new legislative base from which to launch lawsuits. Congress created an IoT Caucus shortly after the filing of this FTC report, but it has been mostly silent since its inception.



FTC Commissioner Joshua Wright

Perhaps the most interesting part of this report comes in the form of a dissent by one of the 5 commissioners (leaders) of the FTC. Commissioner Joshua Wright notes that the FTC generally issues two types of reports: 1) an in-depth and impactful report commissioned by Congress that compels private parties to submit data to the FTC for analysis and review; or 2) a slightly less formal report that details and makes public any workshops conducted by the Commission, concluding with recommendations that are supported by substantial data and analysis.

Wright contends that this FTC report does not fit either of these categories, and goes on to shred the report to pieces. Firstly, he argues, the IoT is a nascent and far-ranging concept – a one-day workshop cannot generate a sufficient sample of ideas or range of views in order to support any policy recommendation. Secondly, he observes that the report “does not perform any actual analysis,” instead merely relying on its own assertions without qualification or economic backing. He goes as far as to say that the report merely pays “lip service” to a few obvious facts without actually performing any analysis. Thirdly, he remains unconvinced that the Fair Information Practice Principles (FIPP) is a proper concept to apply to the IoT, favoring instead “the well-established Commission view companies must maintain reasonable and appropriate security measures; that inquiry necessitates a cost-benefit analysis. The most significant drawback of the concepts of ‘security by design’ and other privacy-related catchphrases is that they do not appear to contain any meaningful analytical content.” Commissioner Wright clearly has a large bone to pick with the method by which the FTC is considering data regulation in the IoT market.



Corporations and consumers alike in the IoT market would do well to pay attention to the following conclusions that we can draw from the FTC document and Commissioner Wright’s dissent:

  1. Congress has not yet created a legislative base upon which the FTC can clearly pursue judicial remedies for breaches of privacy specific to the IoT market (barring specific acts such as the Fair Credit Reporting Act).
  2. Even if the legislation were in place, the FTC has not performed a proper cost-benefit analysis of the potential impact of privacy and security breaches within the IoT market, thus it cannot recommend clear, data-backed, corporate guidance at this time.
  3. The FTC clearly recognizes the “profound impact” that the IoT will have on consumers, and is looking into regulation, but is internally conflicted about how to move forward.
  4. The report does not introduce any new incentives for companies to better safeguard customer data or to implement less-intrusive privacy contracts, so we can expect to see continued growth in data collection in the IoT market in line with VDC’s forecasts.
  5. Consumer-facing companies that wish to differentiate themselves from competitors would do well to safeguard their data; we may very well see security breaches as the norm in the near future, so a company with a clean history will have an advantage in the market. See VDC’s series of reports on Security and the IoT for deeper analysis of security issues.


Samsung Invests in Sigfox. Is the Race Over for Long-Range Low-Power Wireless Competitors?

A preliminary market battle has been brewing over the past year between technologies to connect IoT devices via wireless wide area networks. These cellular-type networks allow very low power battery devices to transmit small amounts of data over several miles, a solution highly suitable to many types of IoT devices such weather sensors and smart meters. Entrants in this market include Sigfox, LoRa, and Neul. (In addition, standards organization IEEE is developing the 802.11ah wireless networking protocol for distances up to a kilometer.)

Logo-sigfoxSigfox announced on June 15 that Samsung’s Artik IoT platform would integrate Sigfox support. Also, noted in the press release, but given less attention, was that Samsung’s venture capital arm is investing in Sigfox. The size of the investment was not disclosed. (See Sigfox press release here.) In February of 2015, Sigfox announced that it had secured from a variety of venture capital firms an investment round totaling $115M, reportedly the largest single VC investment round ever in France, Sigfox’s home country. (See Sigfox press release here .)

Thus far, Sigfox has been the only long-range low-power wireless solution already deployed in commercial operations, with several hundred thousand devices connected. It has networks in place in France, as well as in Spain, Portugal, the Netherlands, parts of the UK, and a number of cities around the world, most recently, in the San Francisco Bay area of the US.

Lora logoLoRa—developed by Semtech—has the backing of IBM, Cisco, and Microchip among the members of the LoRa Alliance, and its initial deployments are imminent.

Neul-logoUK-based Neul is still in its demonstration phase, but the company was acquired for 15M British Pounds in September 2014 by Chinese telecommunications equipment giant Huawei.

VDC won’t attempt here to compare the relative technical merits of these long-range low-power wireless systems, but from a market standpoint, it is clear that Sigfox is leading the pack. And it’s tempting to think that an investment by Samsung will propel Sigfox into an insurmountable lead. But we’re not yet ready to draw that conclusion. Some points for consideration:

  • Although the Samsung name will undoubtedly give a significant shot in the arm to Sigfox’s marketing efforts, without knowing the size of Samsung’s investment, we can’t assess the extent of its impact on the ability of Sigfox to get its networks deployed more broadly.
  • Long-range wireless solutions face the chicken-and-egg problem of needing the network infrastructure (antennas and backhaul) in place to persuade manufacturers to develop products using the technology, while needing products coming to market to warrant investment in the infrastructure.
  • As one of the world’s largest makers of electronic products, Samsung has the potential to dramatically increase availability of Sigfox-compatible devices if it so chooses. Thus far, however, Samsung hasn’t committed to using Sigfox in anything other than its Artik IoT platform.
  • Samsung also makes cellular networking equipment, although that represents a relatively small part of its overall business. (Samsung does not publicly disclose revenue for the segment.) By contrast, two-thirds of Huawei’s entire business ($31B out of $46B in 2014) is derived from cellular networking equipment, mostly sold in China and the EMEA region. While either company could conceivably foster widespread installation of long-range low-power networks through technological investment and pricing strategies, it’s unclear which would have greater motivation to do so.
  • LoRa has some heavyweight backers as members of its Alliance, but such membership has not yet yielded investment that will produce meaningful numbers of either chickens or eggs. [Note: the day after this blog was posted, the competition has ramped up, as LoRa startup Actility announced that it had received a $25M round of VC funding led by Ginko Ventures, with participants including telcos KPN, Orange, and Swisscom, as well as Foxconn, the world's largest contract manufacturer. See Actility press release here.]

In the meantime, Samsung’s investment positions Sigfox with a larger lead in the race for long-range low-power wireless networks. But it’s a long way to the finish line.


IoT Application Platforms – What Company Will Take the Next Bite?

Few areas of technology or business can match the current levels of interest and anticipation surrounding the internet of things (IoT). Embedded engineering organizations and enterprises alike are struggling to keep pace with the expected rate of IoT change. They are rapidly modifying their business plans to pursue new service revenue opportunities enabled by the IoT. But challenges from tighter time-to-market windows and project requirements that extend far beyond existing internal skill sets is yet again recasting the traditional software build-versus-buy calculation. More organizations now recognize the need for new third-party development and management platforms to help them jumpstart IoT application creation and monetization.

VDC Research initiated coverage of this dynamic segment with the recent publication of the IoT Application Development and Deployment Platform (ADDP) market report. The executive summary is available here. We forecast revenue from IoT ADDP solutions is forecast to expand at over 40% compound annual growth rate (CAGR) through 2016. As one might expect, this pace of revenue growth in the ADDP segment and the IoT at large has drawn the attention of larger software and system solution providers.

As part of PTC’s strategy to supply “closed-loop lifecycle management” for systems engineering, the company bought two of the leading ADDP suppliers. (See more on this strategy here) PTC acquired ThingWorx in December 2013 and Axeda in August 2014. In March 2015, IBM announced plans to invest $3 billion in a new 'Internet of Things' unit over the next four years. But the Amazon acquisition of 2lemetry, also in March 2015, demonstrates that interest in entering this sector is not be limited to organizations currently competing in the ALM or PLM solutions market.

  TakeOver1 sharks jpeg

As the IoT matures, more embedded devices and back-end enterprise systems will continue to be linked together over communication networks in order to provide differentiating and lucrative services. Companies viewing the rapidly expanding ADDP opportunity as an adjacent market will come from broad range of segments including providers of operating systems, semiconductors, telecommunication networks, computing hardware/modules, enterprise back-end systems, and other software solutions. Independent providers of IoT application platforms should plan for new competitors and potential suitors from a number of domains.

Stay tuned, we expect that more companies with deep pockets and expansive sales distribution will likely follow the lead of Amazon and PTC by entering the ADDP segment via acquisition in the next few years.


For more information, we invite you inquire about our research and download the executive summary of our IoT Application Development and Deployment Platform; it is available here.


Under Pressure: Your Embedded System Needs to Modernize Requirements Management (RM)

Recording of This Webinar from VDC Research and Jama Software is Now Available

 New variables continue to emerge, making software development in both the embedded/systems and enterprise/IT domains more complex – and in many ways, more similar. For instance, the requirement to design software in accordance with regulatory mandates, which is increasingly common in the embedded industries, now also extends into several segments of the enterprise, such as banking. Likewise, the Cloud and IoT are becoming more of a focal point for technology and innovation in both realms. This is driving an explosion in new software-focused business plans, devices, categories, and features, which are more closely tied to high-value corporate and consumer activities. The future of connected, intelligent products – while providing new opportunities – also raises the expectations for continued content delivery and functionality evolution.

As reliance on software to deliver value and differentiation increases, the amount and range of employees involved in the management of software creation is expanding. More organizational stakeholders, including many who may lack direct software development experience, now need direct insight into the software development lifecycle in both embedded and enterprise organizations. And with this expanding pool of software development stakeholders, it’s increasingly important to ensure the proper  processes and the right tooling – like a formal requirements management solution – are in place to help facilitate effective communication and collaboration through the full development lifecycle. Among other changes, it will be critical for these tools to provide socially collaborative features, to automatically link critical development data from other tools, and to present it in an easy-to-comprehend format for all development stakeholders.

With the Shift from Project- to Product-Based Software Design Approaches, IT Developers More Closely Resemble Their Embedded Peers.

New Picture

The embedded – enterprise/IT convergence also includes organizational strategies for software development teams. Many IT groups are now trying to move from a project-based approach for software delivery to one that defines products and organizes teams around them. This organizational structure more closely resembles the typical configuration in embedded or systems development teams. While significant differences remain in place, we also see that decisions around tooling, programming languages, and development methodologies show similar signs of convergence between the embedded and enterprise development markets. As IT organizations continue to evolve, they will have a greater need for system lifecycle management tools focused on optimizing iterative development methodologies with capabilities such as contextual collaboration, impact analysis, and decision tracking over a traditional focus on formal reviews or approvals and change management.


To hear more about this and other pressures facing developers that raise the importance of requirements management solutions, I encourage you to listen to our recent webinar with Jama Software

Click here to for the webinar recording. To learn more about the research and products offered by VDC Research’s IoT and Embedded Software Development practice, click here.


Where To Next For PTC After ColdLight Analytics Acquisition?

PTC logoAt this month’s LiveWorx event put on by PTC (formerly known as Parametric Technology Corp.), the news highlight was the company’s acquisition of IoT analytics firm ColdLight. (See press release here.) ColdLight’s Neuron software for cloud or on-premise datacenters applies machine learning technology to M2M and IoT data, automating predictive analytics tasks. The ColdLight acquisition was a logical extension to PTC’s prior acquisition of ThingWorx and Axeda in the IoT space.

At the front end of the product development process, PTC has assembled software offerings for product lifecycle management (Windchill), computer-aided design (Creo), application lifecycle management and systems engineering (Integrity). Combined with service lifecycle management and the IoT pieces, PTC has essentially created a set of end-to-end solutions for IoT product development and deployment. However, VDC believes that PTC could do more to fill out the middle of its end-to-end portfolio.

Design of embedded devices generally consists of three major areas: mechanical engineering, electronic engineering, and software development. PTC has the first and last of those well covered, but it offers little in the way of electronic engineering tools, save for electronic design automation software for circuit boards, acquired with the company OHIO Design Automation back in 2004 (and since integrated into Windchill).

There are many types of electronic hardware system development tools, and it may be challenging for PTC to dip another toe into that market without diving in completely. Nevertheless, VDC believes that one particular type of electronic design tool would dovetail nicely with PTC’s software development offerings without necessarily getting the company in over its head in electronic design:  virtual prototyping/simulation. Such tools enable the simulation of electronic hardware systems. Although virtual prototyping is often used by semiconductor makers to simulate the behavior of their own chips prior to fabrication, a growing market for virtual prototyping is as a tool for software developers to get a head start on their development work prior to the existence of physical prototypes of the electronic hardware.

PTC already offers mechanical/CAD simulation for Creo. An electronic hardware simulation tool could enable earlier software development for customers using PTC’s Integrity, acting as a bridge between hardware and software development.

Wherever PTC chooses to aim next, its acquisition days aren't over.


India Takes Giant Steps Toward Smart Cities

With many benefits of IoT becoming apparent, more countries are implementing smart city reforms. This year, India has been the most ambitious in its IoT plans with an allocated budget of Rs. 7060 crores ($1.6 billion USD).

Prior to his May 2014 election, Prime Minister Narendra Modi promised to transform 100 regions of India into smart cities by 2022. As India’s economy continues to rapidly increase with 60% of India’s GDP coming from urban jobs, Modi hopes that the development of new cities will accommodate for the rapid urbanization. By creating satellite cities and improving existing cities, India hopes to improve urban living and increase urban spaces. The Internet of Things will be the driving force behind these smart cities as parking, transportation, urban lighting, waste management, city maintenance, remote healthcare, safety, energy, water management, and traffic management will transform into connected systems. Companies like Alcatel-Lucent, Accenture, ABB, Cubic, Honeywell, Intel, Siemens, and Oracle will help develop these devices and bring them into the new cities.

Other countries like U.S. and Japan believe in the smart cities idea too, and they’ve officially announced their support for Modi’s Smart City Policy.

India is already in its first stage in implementing this policy, and 20 cities have been selected to undergo initial transformation. Several cities and rural towns, including Delhi, Dholera, and a region in Gujarat, have begun development. Delhi will replace its 18,500 street light poles to smart LED street lights and install solar panels in its schools. Dholera’s initiative is expected to launch this year. A financial centre called Gujarat International Finance Tec-City (GIFT) located on the previously barren banks of the Sabarmati River already has two office blocks and modern underground infrastructure, and will serve as a new financial hub of India.

Recently the Yokohama City Council of Japan offered to help convert the Indian port town of Kakinada into a smart city. Japan’s cities will help guide India towards a smooth technological transition, strengthening the two countries’ tight bonds, and encouraging India to support mutually beneficial economic policies toward Japan in the future.

If all IoT was implemented perfectly into the cities, India would have clean water, better traffic, less urban congestion, and a maximum of 45 minutes transit times across smart cities in less than ten years; that’s what India imagines its future decongested, urbanized country to look like. However, VDC is not yet assuming such optimistic conclusions. Despite all the progressive intent, India has not made much improvement in privacy and security issues, nor has it established what factors qualify a city to be considered a “Smart City.” Karuna Gopal, president of the Foundation of Futuristic Cities, stated that India just started working on its standards and protocols earlier this year and these have not yet been released, despite construction of smart cities already underway. Without any framework or guideline in place, India is creating smart cities that may ultimately lack one or more important aspects of IoT.

No other country has made such a large commitment toward reforming so many cities with IoT, and in order to execute this project smoothly, VDC recommends that India set basic guidelines, frameworks and standards to use, so all the city and regional developers and governments can work together toward a common goal: a smart country.

Whether or not India achieves Modi’s intended outcomes won’t be known until at least 2022. Stay tuned as India gradually transforms its cities with infrastructure that informs citizens and improves services for potable water, electricity, public transport, parking, health care, and education. India’s smart city transformation is likely to be a marathon process.

This post was researched and written by VDC intern Jamie Yang, with editing by Steve Hoffenberg.


RSA Security Conference 2015: Data from Things, and Data about Things

At recent trade shows such as CES and Embedded World, attendees couldn’t swing a dead cat without hitting a sign reading “Internet of Things.” But at this week’s RSA Conference for the cybersecurity industry at San Francisco’s Moscone Center, the focus was squarely on security for conventional IT and cloud computing systems, with IoT-centric offerings sparse. That’s not to say IoT was missing, but rather that it’s presence was relatively low key, which is perhaps a good thing after the past year’s worth of hype. Besides, many system implementations that could be considered IoT are extensions of conventional IT. And increasingly, the IoT is becoming about the Data from Things and Data about Things, rather than the things themselves. With that in mind, in this blog post we’ll highlight two companies at the show with distinct new technologies that are using data in creative ways applicable to cybersecurity and IoT.

ThetaRay is an Israeli startup founded by a group of engineers with deep roots in databases and analytics. The crux of the company’s solution is a type of big data analytics, but it’s not about the content of the data, it’s about the movement of the data. A number of security solutions from other vendors are similarly oriented, but one of the factors that sets ThetaRay apart is speed. Using its patented algorithms and techniques, company CEO Mark Gazit and VP of Marketing and Business Development Lior Moyal told VDC that ThetaRay:

  • can detect abnormal data operations in just milliseconds without knowing anything about what’s in the data
  • runs on essentially off-the-shelf server hardware (Intel i7, 32GB RAM, and a GPU)
  • can not only uncover zero day malware activities, it can also discover security problems not related to malware (In one case, they say it detected money laundering in a bank’s system.)
  • can improve operational efficiencies in SCADA and industrial automation systems. (In another case, it detected the manufacture of a faulty high end lithium-ion battery system—before the battery itself was tested—by uncovering anomalies in the flow of data from the factory’s production equipment.)
  • only generates 1/25th as many false positives as other anomaly-detection solutions.

If ThetaRay’s solution sounds almost too good to be true, it doesn’t come cheaply. Prices for a software license start at $150K a year. Major financial institutions are a prime target market, and General Electric is both an investor and a customer.

In another twist on data analytics, the Atlanta-based company Bastille uses radio frequency emissions from devices to enhance enterprise security. The hardware portion of the product is an RF sensor box that can detect electromagnetic emissions over a huge frequency range from 60 MHz to 6 GHz. It recognizes 120 wireless protocols, enabling it to detect the presence of Wi-Fi, cellular, Bluetooth, Zigbee, Z-Wave, etc. and distinguish both the type of device and its unique identity. Bastille founder and CEO Chris Rouland told VDC that an installation would employ at least 10 of the sensor boxes (approx. $3K each) to cover a building and use triangulation to establish the precise location and movements of each device. Combined with other data, such as employee badge swipes and time stamps, its analytics software can create profiles of the wireless devices normally carried and used by each employee. If any given device exhibits uncharacteristic behavior, for example a mobile phone suddenly transmits gigabytes of data, analytics can alert system administrators and identify the owner of the device. (That scenario could be either deliberate, i.e. due to a disgruntled employee stealing data, or inadvertent due to malware.) In facilities with restricted areas, geo-fencing could alert if wireless devices enter forbidden zones. Rouland foresees markets in everything from military and financial institutions, to retail stores where managers don’t want employees checking Facebook on their phones while on the job.

Unlike most IoT applications, Bastille’s technology leverages incidental data rather than intentional data. In public spaces, that might evoke shades of Big Brother, but we can envision many commercial and industrial applications for which there is no other comparable solution able to use Data about Things to help secure other Things.

My Photo