The Three Questions that Predict IoT Cloud Success or Failure

Mar 1,2021

The future of digital machine operations relies on the ability to monitor, analyse, control and maintain machines remotely.  Addressing these rapidly increasing demands with traditional IT methods will likely end in program failure. IoT programs often fail because the cloud cannot handle high-frequency data from controllers, changing industrial protocols, increasing security regulations or it is simply too hard to implement edge connections.

Ardexa has accumulated successful client experiences and lessons over many years, including some with clients that had previous failed attempts with traditional methods. These lessons point to three primary questions that need to be asked.

1. Is the cloud architecture resilient to rapid scaling and changes?

A plant or machine asset portfolio is going to grow …. possibly at an explosive rate.  Not just in machine or data volumes, but also in machine diversity, geographic dispersion and business functions. When efficient scaling is applied correctly, the cloud must auto-provision incremental resources and/or server nodes when demand exceeds capacity. Furthermore, relying on legacy database methods is insufficient to handle exponentially growing data volumes, particularly in control environments, where high frequency monitoring is critical. Text search with vast indexing capabilities can manage such data characteristics, as it can scale efficiently and search billions of records within milliseconds. Similarly, intelligent communications software needs to automatically discover new machines as physical plants are regularly upgraded or installed.

Collecting data and serving data professionally to third parties is critical.  There is a rich and fast developing market for AI, machine learning, operational analytics, predictive services and more.  One must incorporate that they will need data of varying specifications, frequencies and sometimes in real time.  Restful APIs must dynamically document the data streams to enable third parties to keep up with changing metadata and protocols or even allow control. In other cases, using an API is simply too slow, so a direct message broker feed (known as ‘consumer’) must send data in real-time to mobile apps or time-sensitive applications.  Users must be able to create, change or revoke these data feeds as business needs arise.

2. Is the security architecture ready to handle an expanding universe?

IoT security is a very complex topic that cannot be addressed by a few isolated security functions, such as encryption or multi-factor authentication.  On the contrary, it requires highly coordinated contributions between security policies, procedures, applications and technologies. Accepting that one operates in a ‘zero trust’ environment, a Public Key Infrastructure (PKI) is at the core of a secure IoT cloud. This enables management of digital certificates to identify fleets of machines without the issues associated with traditional passwords. These digital certificates can simultaneously encrypt and authenticate edge-to-cloud communications and can be revoked or isolated if risk mitigation is required. Sometimes the PKI is managed by a trusted third party, rather than the IoT cloud provider, for added security or separation of duties. Furthermore, due to the multitude of people that interact with plants and machines for normal operations, one must have the ability to manage very granular access and control privileges.  This granularity may be down to a sub-machine level, geography, operational role or even data streams.

Assuming that an unauthorised actor has already penetrated the defences of an IoT cloud, immutable security logs allow historical auditing of all actions that have occurred at the machine or cloud level.  Automatic detection of intrusion is likely to be significantly aided by this type of information that can show what actions are not ‘normal’ to the historical patterns.   While historical logs are valuable, real-time auditing of actions is possible if the cloud infrastructure has been built on messages, rather than open network (e.g. VPN) connections. This enables immediate response to be taken against any ‘unauthorised’ actions.

To ensure a fully secure universe of connected devices, an IoT cloud needs to be able to provide updates to all of its connected devices. These should be applied remotely and automatically, as the updates need to be applied, without interrupting the operation of the machines or data streams. This is easier said than done, given the massive interactions between agent, cloud, OS, protocol plugins, broker, cache and many more elements.

3. Is the edge agent sufficiently intelligent to orchestrate (cloud-led) processes?

Linking clouds to devices securely is a very complex process.   Intelligent edge agents are the modern way to manage secure communication to/from machines and to/from the cloud. Once connected, an edge agent can execute a variety of functions to read, write and process the differing streams of machine data that come from varying machines. This enables the ability to remotely monitor, maintain and even use secure tunnels to control your machines.  It is essentially your remote operational brain and operational centre, that keeps things running even when Internet and other disruptions occur.

Things break, devices burn-out, Internet connectivity fails regularly, and asset portfolios change significantly. The cloud must provide rapid recovery with minimal manual intervention. A resilient IoT cloud enables asynchronous operations between satellite devices and the central cloud.   Data needs to be stored on the edge in case Internet disruptions are lengthy.  Message brokers needs to maintain appropriate QoS levels,  release caches in a sequenced fashion to ensure that important alerting systems work correctly.

Until a few years ago, the focus was on monitoring machine or plant data.  Now the focus has elevated to edge control to facilitate new business value.  This now means that an edge failure does not simply stop monitoring data, but actually may interrupt edge control operations that may incur significant cost.  Therefore the stakes have raised significantly in the ability of these agents to simply have back-up routines, watchdogs, default settings and many more that will increase the reliability required of a control system.

Finally, the wild card is the emergence of machine learning and AI.  Many edge applications are now appearing that require an agent to execute and generally manage the programs.   Modern IoT clouds require a remote shell, where developers can remotely download files, change configurations and then set into normal operations.  Without an intelligent agent, these processes are only possible with insecure remote access applications or physically visiting each location.  In today’s competitive environment, this simply means too much lost time and very high cost.


– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Want to take the next step towards a successful IoT program?

Get in touch via the Ardexa website or email to