Subscribe Find out first about new and important news

IoT platforms 101

Felix Wortmann
Dec 12, 2014 12
Bosch IoT Lab Opening Universität St. Gallen SwitzerlandSource: Bosch

I recently googled the term “IoT platform”, and my search produced over 1.2 million hits. A look at the first few pages was enough to give me the distinct impression that, nowadays, every solution that’s in some way related to the IoT is labeled an “IoT platform”. Ultimately, I was left with three questions:

  • What are the fundamental, distinguishable types of an IoT platform?
  • What is the core or essence of an IoT platform?
  • What are the key characteristics of a successful/sustainable IoT platform?

Please find my take on these questions below.

IoT platforms

IoT platforms provide a comprehensive set of generic, i.e. application-independent, functionalities that can be leveraged to build IoT applications. Overall, the nature of IoT applications can be quite diverse. On the one hand, machine-to-machine (M2M) applications (type I) such as fleet management and asset tracking are often enterprise solutions that rely on centralized system architectures, i.e. they build on one key enterprise application. On the other hand, IoT applications such as those in the Smart Home domain can also be consumer-focused and decentralized (type II), without any central coordination authority. While the two types of application still vary, for example in terms of their underlying technologies, there is a strong convergence of both domains. Many real scenarios and business models span both “worlds”.

IoT platforms assessment Source: Felix Wortmann

The core of IoT platforms

When I focused on enterprise IoT platforms (type I), I quickly realized that while each vendor has their own unique IoT platform visualization, they share a number of similarities. This isn’t really all that surprising if we consider what the IoT is really about: the collaboration of people and connected things. On an operational level, collaboration calls for efficient yet flexible processes. On a strategic and tactical level, it is important to empower humans to make the right decisions.

This is indeed reflected in most IoT platform visualizations, which depict key software components for

  1. connecting and managing people so that they can communicate, be informed, decide, and act upon the decisions and/or the information provided
  2. enabling the analysis, processing, and storage of information
  3. enabling the definition, execution, and monitoring of business processes across different systems
  4. connecting and managing things so that they can sense and act

While a lot of the available solutions still rely on on-premise deployments, on-demand ─ i.e. cloud ─ solutions are also promoted.

Components of an IoT platform Source: Felix Wortmann

Based on the depicted components, IoT platforms can be further categorized into three different groups:

a) Thing-focused platforms provide the functionality required to develop and run connected embedded applications on things.

b) IoT-focused platforms provide core IoT functionality that complements existing non-IoT platform technology. Today, most companies already utilize non-IoT platform technologies such as general-purpose application servers or databases. However, these platforms lack IoT capabilities, so in order to provide end-to-end IoT scenarios, companies require a specific add-on functionality to integrate, coordinate, and manage things.

c) All-in-one platforms provide a comprehensive set of functionalities for building IoT applications on a single, integrated platform. Their aim is to deliver environments that enable applications to be composed quickly across people, systems, and things. They therefore go beyond core IoT technology by, for instance, also providing rapid front-end development capabilities.

Key characteristics of a sustainable IoT platform

What are the non-functional requirements or key characteristics that IoT platforms have to address? To answer this question, I spoke to various people with an IoT platform background – IoT developers, IoT software vendors, and IoT researchers – and consolidated the answers I was given. In most cases, low total cost of ownership, security, and reliability were the first characteristics to be mentioned. Certainly these are highly essential, but could equally be applied to any IT solution. At a deeper level, beyond the very generic requirements, I was able to identify three major categories of characteristics.

Characteristics of IoT platforms Source: Felix Wortmann

First of all, IoT platforms have to be prospective.

Software development has changed dramatically over recent decades, and will most likely be subject to further fundamental change in future. IoT platforms must reflect and anticipate this change. New standards are emerging within the IoT. These standards are introducing existing internet standards into the world of embedded and low-power devices, too. In addition, development paradigms have shifted. It is very interesting to see how programming languages have developed over the last decades. We’re now seeing concepts like parallel computing, asynchronous communication, late binding, and functional programming also becoming essential features of “traditional” object-oriented languages. What’s more, “one language from back end to front end” is no longer the dominant paradigm. Scripting languages have been successfully adopted, especially in front-end developments.

Second, IoT platforms have to be simple.

Writing a “Hello, world!” web application on the basis of a professional on-premise software platform has become a tedious undertaking. Even in this case dozens of files have to be written and configured, seriously denting developer productivity. A lean IoT software stack with modular extensions is necessary to enable the solution to grow with the skills and demands of the developer. Furthermore, integrated tool chains are required even in the embedded software domain. In the context of deployment, automation and transparency are crucial for managing diverse components, computing resources, and people across different IT environments. Cloud solutions ease the burden of operation. Finally, efficient monitoring, updates, and remote redeployment have to be enabled for embedded devices, too.

Third, IoT platforms have to be open.

Microsoft just recently open-sourced its .NET technology. Why? Again, times have changed, and building ecosystems around platforms has become absolutely essential. While that certainly doesn’t mean every platform has to be open source, ease of integration and extension are fundamental characteristics a platform has to address. Leveraging ecosystems is not only important in the context of developing new software but also in the context of support. Even small questions and problems can dramatically reduce developer performance. The times when people accepted having to call (and pay) for vendor support for answers to every tiny question are over. Open platforms like Stack Overflow are able to provide high-quality answers to programming questions in minutes. In addition, vendor-driven developer communities provide peer-to-peer support free of charge. Finally, IoT platforms also have to be open with regard to licensing and onboarding. High upfront payments are a significant burden that hinders adoption. Free-trial and community editions are offered as standard these days. Developers even expect cloud trials so that they can start right away without installing complex software solutions in their own on-premise environments.

While these are my own key criteria, what do you think: What is the core of an IoT platform? What are relevant success criteria for sustainable IoT solutions?

More on IoT platforms

Bosch IoT Suite now available as Platform as a Service.

Bosch Software Innovations runs Bosch IoT Suite on Amazon Web Services.

Bosch Software Innovations provides device management capabilities on SAP Cloud Platform.


  • Simon Fabri 29. January 2015 at 19:26

    Excellent article. From my perspective, privacy and security are even more essential in the IoT space than on the web. In the industrial IoT, the opportunity for great physical damage to plants, distribution systems, transport networks can be catastrophic. Imagine a Sony-style cyber-attack to a transportation system. Likewise a hack into some-one’s personal IoT space, be it a home, health information or car can have significant safety and security impact. So unless the industry is careful, we risk having high-profile scare stories.

    Regarding the architecture model, here is an alternative ecosystem-focused view of IoT.

    • Felix Wortmann 29. January 2015 at 20:20

      Appreciate your feedback and like your blog post. Really think that your model and business driver analysis nicely depict the essence of IoT. Maybe, you are also interested in our IoT business impact analysis:

  • carsten gregersen 18. December 2014 at 9:54

    Good article. This is the first time I’ve seen the Type I/Type II categorization, I’ll use that from now on… Type I will be solved by cloud infrastructure ie. M2M platforms. Type II on the other hand will be solved by Skype/P2P IoT platforms (like Nabto, TUTK and others) – giving end-users the privacy they want, giving them realtime interaction with devices and full-control… Also extremely low running that will enable the “pay-per-use” business model (as opposed to cloud-services – that needs subscription services to monetize heavy database infrastructure).

    • Felix Wortmann 29. January 2015 at 20:12

      Carsten, thank you for your feedback and sharing your point of view.

  • Jens 15. December 2014 at 20:14

    Very good article. I totally agree with your point of view. On the other hand I think there is one important aspect not clear enough.
    The internet of things is actually not about the things. It is about the people using these things. The problem now is that most of the developers still focus on devices and technology ending up with traditionally stovepipe solutions.
    The existing platforms look a lot like device data storage with an API against it. They target exactly these technology driven developers. Sure, creating an IoT solutions was never been easier but it is still challenging.
    There is no platform right now that releases you from the burden of setting up a conventional project setup for your actual application layer. This in turn means a still to high entry barrier into the IoT for small and medium sized enterprises.
    What we really need is a groundbreaking way of creating App for your devices. Just the same like wordpress changed the way of creation blogs.
    We need a Content Management System for the internet of things.

    • Felix Wortmann 15. December 2014 at 21:01

      Thank you for your feedback and appreciate your input. I really like the vision of an IoT Content Management System.

  • Fred Simkin 12. December 2014 at 22:28

    The missing component is “Knowledge “. Unless the capacity to automate Knowledge as well as Data is part of the equation then all you have is a gussied version X.10

    • Felix Wortmann 15. December 2014 at 9:28

      Agree. The potential of semantic standards and technology is really promising. On the other side: The promises of knowledge management, artificial intelligence and semantic web have always been huge – and so were the disappointments. Hope we get it right this time: Realistic expectations and early success stories.

  • Niko Will 12. December 2014 at 13:19

    In my opinion, data privacy and security is an important topic. The user needs to have the option to decide which data he is willing to send to a cloud service and which is critical and has to stay in a local database. For some people it might be trendy that their daily weight messurements of the scale is shared with the world via twitter or facebook, others want to track that information as well but only for their private purposes. I thinkt, this is one of the biggest challanges for all IoT plattforms. At the beginning, the majority will not really care about these things until the first plattform was hacked and such information is leaked or abused by big companies like the health insurance industry (to keep the scale example from above). For a normal user it has to work seamlessly no matter where the data is stored.

    • Felix Wortmann 15. December 2014 at 9:20

      Point well taken. However, I still see a gap between ever present privacy concerns and how people really behave. There are hundreds of very successful Internet and also IoT start ups and they are all about data collection. None of these companies really follows a “privacy first” paradigm and it doesn’t seem to hurt. Do you think that will change? Will people – and I am not talking about a small minority here in Europe – really change their behavior?

    • Niko Will 17. December 2014 at 16:42

      That’s actually a good question and as I said, as long as there is no security breach that affects the security of human beings, I’m pretty sure there are a lot people using such systems like Nest, Tado or RWE smarthome without any concerns. Adjusting the setpoint of your heating, shut off lights and close blinds aren’t one of the real security issues I’m talking about (even if it is not realy what I want, that others are aware of the fact that I’m on holiday because I set my house into this mode). It’s more about being able to open doors and even worse, disable alarm systems.

      On the other hand, the whole IoT universe is yet too unknown and not widespreaded enough to be an attractive target to hackers. But every day there are more and more reports about new IoT devices being hacked like the hacked toilet:

      Further more, here are other articles speaking about the IoT as technology for Industry 4.0 to connect facilities in production lines with other subsidaries and even with customers. Sooner or later we’ll start to do the same with nuclear plants or even just with factories that deal with chemicals.

      Don’t get me wrong, this is a very interesting shiny new world with a hugh potential for new business models and a lot of comfortable solutions as well as life safing ones. I just want to state, in my opinion it would be one of the biggest mistakes for a potential standard to ignore security from beginning on and then have to create workarounds at the end to implement it in a poor manner afterwards.

    • Felix Wortmann 18. December 2014 at 13:02

      Niko, highly appreciate your answer. It makes perfect sense to go into more details and distinguish different scenarios. Also like your point in respect to Industry 4.0 and critical infrastructures like nuclear power plants. Today there was just another interesting post on how a major steel mill was compromised by hackers:


Leave a Reply

Your email address will not be published. Required fields are marked *

Important Cookie Information

This website uses cookies for reasons of functionality, comfort, and statistics. If you consent to this use of cookies, please click ”Ok“. Private Policy