Reading Time: 12 minutes
“A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.” – Douglas Adams

First Principles are a set of fundamental concepts or assumptions used as a foundation to build a theory, system, or method. If you deconstruct an idea to its most basic form, you get to a set of first principles. The ideas cannot be deconstructed any further.

Often people develop ideas from analogous learning. They see an idea in one domain and then transfer it to another domain. This approach can work too. But, it has flaws inherent in it due to the ‘fit and finish’ of the transferred idea for its new application. It is not always a graceful approach but has been a primary strategy for creators for centuries.

When it comes to the emerging Internet of Things (IoT), the technology is still immature. It is still evolving. There is some fit and finish but we are far away from a graceful, transparent, and ideal ability to implement IoT in any or every scenario. We have begged, borrowed, and stolen a hodge-bodge of ideas to kluge together one IoT solution or another. Yet for me, IoT still has a very long way to go before it realizes its true power as a solution to contribute to exquisite systems.

This article is meant to stimulate your thinking about the fundamental first principles for IoT. It is unlikely to be a complete list. Therefore, through your feedback in the form of comments, we can collectively build on this list to seek completeness. What have I missed? Please share your thoughts and ideas in the comments. I will then adjust the list to include the worthy thoughts and build on this body of knowledge.

1./ Static to Dynamic

Most technology in the IT and OT worlds has been static. That is to say, as a technology it is stationary in its design. It is stable, yet lacking in variability. Things change fast today so to not keep up to these changes means that context of a process is lost. Systems must be agile and flex with the situation that happens. We cannot have stale batch processes that crunch numbers after the fact and then update sporadically or when it is convenient to the systems. We need data that flows with the ebbs and tides imposed upon it.

2./ Non-Real-time to Real-time

Time is said to be a constant. However, in most technological systems today, and especially for IoT systems, it is not. Historically, the horsepower of our systems was insufficient to process data in an expediently fast manner so it was simultaneous between its input and output. Well, to be realistic, within a few milliseconds anyway. The time domain has hindered systems for decades. It is these delays that significantly affects the results of a process. Sometimes, the outcomes are so coloured by the technological latency that they introduce errors into the processes or at the very least fail to represent truthful results in the data outputs.

3./ Open Architecture

Most IoT solutions use propriety architectures. As a result they do not permit change, expansion, growth, scalability, or departures from the original purpose. Closed architectures are exactly that, they are closed to the public awareness. Whereas, open architectures are in the public domain and can be improved through public consultation and collaboration. Some argue that open architecture is too rigid for any emerging technology as it handcuffs and constrains innovation. That may be true. However, it is only due to open architecture that a system can take-on the characteristics and attributes that are universally accepted and limit the closed approach that locks customers into a single vendor for IoT solutions. Open architectures allow a multiple vendor approach and drive down costs and extend the lifespan of the technology. When the architecture is closed, then the risks escalated dramatically. For example, when a single vendor discontinues a product or solution than the users of that offering are also forced to change and update.

4./ Standards Based

Standards provide people and organizations with a basis for mutual understanding, and are used as tools to facilitate communication, measurement, commerce, and manufacturing. It is exactly the same for IoT networks. The idea is that a standard, criterion, gauge, yardstick, touchstone and similar ideas are a means of determining what a thing should be. Standards apply to any definite rule, principle, or measure established by authority.

5./ Governance

Governance comprises all of the processes of governing by an IoT network – over a systematized end to end structure and through the rules, guidelines, norms, power, or protocols of an organized IoT network. Governance is not just the IoT network. An IT governance framework is the structure for leadership, organizational, and business processes with regard to information technology that envelops the IoT networks. Compliance to these standards ensures an organization’s IT supports and enables the achievement of its overall strategies and objectives. In addition, it is the orchestration between the IoT networks and other networks and technologies used to ensure harmony amongst all systems that may directly or indirectly interact with the IoT solutions.

6./ IPv6

IPv6 provides improved remote access and management for large fleets of IoT devices. Another major advantage of IPv6 is its highly efficient multicast communication feature, which all but eliminates the need for routine broadcast messaging. Another attribute is that IPv6 can run end-to-end encryption, thus it is more secure compared to other protocols. While this technology was retrofitted into IPv4, it remains an extra option that is not universally used. The encryption and integrity-checking used in current virtual private networks (VPNs) are a standard component in IPv6, available for all connections and supported by all compatible devices and systems. Widespread adoption of IPv6 will therefore make “man-in-the-middle” attacks significantly more difficult. IPv6 is powerful when it comes to scalability and IPv6 (and its trillions upon trillions of new addresses) are important for IoT devices. Designers of IoT products that are connected over TCP/IP can rest assured that there will be a unique identifier available for their devices for a long, long time. With billions of new IoT devices entering the market each year, connectability – i.e., allowing network-connected devices to “speak” to each other – is vital.

7./ Privacy

The vast amount of data shared across different IoT devices makes these devices a target for hackers, fraudsters and other unethical users interested in such data. If this data falls in the wrong hands, it could compromise entire companies and government agencies. Internet of Things privacy is the special considerations required to protect the information of individuals from exposure in the IoT environment, in which almost any physical or logical entity or object can be given a unique identifier and the ability to communicate autonomously over the internet or similar network. We know that IoT is a network of devices which are connected to the internet for transferring and sensing the data without much human intervention. It is this lack of human intervention that places our privacy at risk. Due to the scale and size of an IoT solution, human interactions are unlikely to be even viable. Therefore, a privacy framework consists of all of the required IoT capabilities to map out and manage the flow of data in a manner that protects privacy and ensures that evildoers cannot access personal information within IoT solutions. Privacy is normally tightly coupled with security but they are not the same thing, they need to be addressed independently and yet cohesively.

8./ Security

IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things. Hardware, software, and connectivity will all need to be secure for IoT objects to work effectively. Without security, any connected object, from refrigerators to manufacturing bots, can be hacked. Once hackers gain control, they can usurp the object’s functionality and steal the user’s digital data. IoT device security must protect systems, networks, and data from a broad spectrum of IoT security attacks, which target four types of vulnerabilities:

  • Communication attacks, which put the data transmitted between IoT devices and servers at risk.
  • Lifecycle attacks, which put the integrity of the IoT device as it changes hands from user to maintenance.
  • Attacks on the device software.
  • Physical attacks, which target the chip in the device directly.

9./ Constrained Networks

A constrained network is composed of a significant portion of constrained nodes. Mostly, these constrained node networks are deployed in the edge network of an IoT system. Constrained node networks are deployed in the edge network of an IoT system. Design constraints can be elaborated by the fact that smart things generally regarded as small sized physical devices connected with the Internet, face limitations in terms of IP numbers, packet size, packet loss and alternative paths for connectivity, throughput, power and supported complexity. IoT solutions are constrained since they are composed on many devices that have limited processing and storage capabilities, and that often runs on batteries. The networks are often constrained due to the available bandwidth and therefore the restriction for usable data rates that result from this bandwidth limitation.

10./ Network Topology – Private

The networking standards being used today in private IoT can be categorized into five basic network topologies; bus, ring, point-to-point, star, and mesh. Sometimes, there is a sixth model that is a hybrid topology of the basic network topologies referred to as cluster tree. Critical parameters to consider are the data rates, the number of hops, the sharing of limited spectrum, security, overheads, latency, and datagram availability. Each topology has its pros and cons. Often, the type of topology selected is driven by distance, density, data volume, security, environment, speed, and more. These topologies are defined as private since they can be owned and operated within the terms and conditions exclusive to the IoT solution operator.

11./ Network Topology – Public

The mobility carriers have seen the demand for IoT solutions as well. So, they offer a publicly available service offering to provide IoT network connectivity. IoT operators do not own these topological networks, they are owned and operated by the mobile carriers. The two most popular types are NB-IoT and LTE-M. It is anticipated that these 4G variants will be available as 5G variants too. LTE-M and NB-IoT are both good connectivity options for industries looking to take advantage of LPWAN (Low Power Wide Area Networks) technology, that enhances the battery life of devices and connects devices that have previously been hard to reach. They are both available today, standardized and built on the 4G network which means they are future-proof, have global network coverage and are backed up by GSMA and telecom standards. They are both typically available as 1 MHz of bandwidth and about 1 Mbps connections, so they offer more data rate compared to the private IoT network options shown above. LTE-M is a defined segment in-band of the 4G or 5G networks, so that means the IoT devices need to capture the entire 5 MHz to 20 MHz broadband channel which definitely challenges battery operated nodes. While the NB-IoT offering in its own discrete carrier and is referred to as out-of-band, so you simply need to capture its stand alone 1 MHz narrowband carrier, so it is far more conducive to battery power nodes.

12./ Federation

A federated network is a network model in which a number of separate networks or locations share resources (such as network services and gateways) via a central management framework that enforces consistent configuration and policies. The essential difference with federated networks beyond the loosely coupled physical structures or tiers of the network that divide it in segments is the way that users are identified and granted access to the data. In a federated network, the difference is between federated identity systems and centralized identity management is that there is no single entity that operates the identity management system. Federated systems support multiple identity providers and a distributed and partitioned store for identity information. Therefore, a federated identity network allows a simplified sign-on to users by giving rapid access to resources, but it doesn’t require the user’s personal information to be stored centrally. With this identity network approach, users authenticate themselves once and can control how their personal information and preferences are used by the service providers. Beyond the network topology, the user ID authentication, all aspects of the network must adhere to the federated architecture, especially security.

13./ Pushing Intelligence to the Edge

All the IoT data needs gathering and managing and processing in real-time in order to maximize its potential. In traditional cloud computing, data is stored and processed in a data centre, but IoT edge computing processes data at the edge of the network, in the devices that produce the data or conceivably in a local network. Conversely, fog computing exists in the computing region between the cloud and the edge, meaning it can perform some processing in the cloud and some in the edge devices. Fog computing is seen as existing within the network fabric. Due to its location on the network fabric, it can process data from multiple devices simultaneously as it is connected to many edge devices. One of the reasons for this is that sending the data transmitted by connected devices to and fro can take too long, and edge computing consumes far less network bandwidth. Processing it locally in the device or in a local network simply saves time. And with it estimated that the average end user will generate around 1.5 Gb of data per day by 2020 and so many more devices connected to IoT generating data all the time, edge computing could give cloud computing vital support with the job of handling it all.

14./ Data Types: Real-time, Legacy, External

Data will come from multiple sources to make sense of IoT systems. Of course, it will come from live sensors producing readings and shipping them for processing in real-time. But, historical data of past processes can also be used to detect patterns, trends, outliers and aberrations, and other anomalies within a real-time process. External data might come from a variety of sources delivered from the internet. The external data is used to determine actions inside a process. Data processes are said to be reactive or proactive, and these actions are built from a combination of live, historical, and remote sources of datagrams.

15./ Derived Data

In many of the Internet of Things (IoT) scenarios, there is a need to derive new data based on certain calculations performed on the real-time, legacy, or external data sent by or to things on the IoT networks. The derived data for a thing is computed based on the rules configured for a specific property set type of data category. Derived data is often a subset or an answer to a query. Therefore, it is a far smaller data package compared to the actual raw data used to derive it. Due to network constraints, it is much better to transport the derived data rather than the raw data. Besides, the derived data may in fact be the answer that we seek so why even ship the raw data if all that we want is the response? Derived data is far more friendly to the constrained networks.


The IoT has the potential to dramatically increase the availability of information, and is likely to transform companies and organizations in virtually every industry around the world.

As such, finding ways to leverage the power of the IoT is expected to factor into the strategic objectives of most technology companies regardless of their industry focus.

The number of different technologies required to support the deployment and further growth of the IoT places a premium on interoperability, and has resulted in widespread efforts to develop standards and technical specifications that support seamless communication between IoT devices and components.  Collaboration between various standards development groups and consolidation of some current efforts will eventually result in greater clarity for IoT technology companies.

It is only when we build IoT solutions based upon the first principles of the technology can we truly achieve the vision and expectations of how the Internet of Things can improve the quality of life for the users.

————————–MJM ————————–

About the Author:

Michael Martin has more than 35 years of experience in systems design for applications that use broadband networks, optical fibre, wireless, and digital communications technologies. He is a business and technology consultant. He offers his services on a contracting basis. Over the past 15 years with IBM, he has worked in the GBS Global Center of Competency for Energy and Utilities and the GTS Global Center of Excellence for Energy and Utilities. He is a founding partner and President of MICAN Communications and before that was President of Comlink Systems Limited and Ensat Broadcast Services, Inc., both divisions of Cygnal Technologies Corporation (CYN: TSX). Martin currently serves on the Board of Directors for TeraGo Inc (TGO: TSX) and previously served on the Board of Directors for Avante Logixx Inc. (XX: TSX.V).  He has served as a Member, SCC ISO-IEC JTC 1/SC-41 – Internet of Things and related technologies, ISO – International Organization for Standardization, and as a member of the NIST SP 500-325 Fog Computing Conceptual Model, National Institute of Standards and Technology. He served on the Board of Governors of the University of Ontario Institute of Technology (UOIT) [now OntarioTech University] and on the Board of Advisers of five different Colleges in Ontario.  For 16 years he served on the Board of the Society of Motion Picture and Television Engineers (SMPTE), Toronto Section.  He holds three master’s degrees, in business (MBA), communication (MA), and education (MEd). As well, he has three undergraduate diplomas and five certifications in business, computer programming, internetworking, project management, media, photography, and communication technology. He has earned 20 badges in next generation MOOC continuous education in IoT, Cloud, AI and Cognitive systems, Blockchain, Agile, Big Data, Design Thinking, Security, and more.