Go to IoT Platform
Home>Tuya News>Build vs. Buy in IoT: Scale and Security
Build vs. Buy in IoT: Scale and Security
Jun 29, 2020

(Note: this is the second part of a three-part series. The first part can be found here: https://www.tuya.com/news-details/K9obl4mocuhib)

When trying to decide if you should be building or buying in IoT, after cost and time to market, the next two considerations that most companies consider are scale and security. Scaling a deployment of IoT products or an entire IoT ecosystem is no easy task, nor is securing such a system or product deployment.

IoT scale and security are inherently linked: the wider your IoT ecosystem and the more smart products you have, the more attack surfaces there are for hackers and cyber criminals to exploit and the greater your chances are for a security or data breach that could lead to damaged reputations and potentially millions of dollars in fines.

In this second article of our Build vs. Buy in IoT series, we will explore the issues of scale and security and the aspects of scale and security that brands, manufacturers, and retailers need to consider when trying to decide if they should build or buy their smart products.

Build vs. Buy in IoT: Scale

Building an easily scalable IoT system involves an incredible amount of complexity and expertise. Just consider the four main parts of an IoT platform—product, cloud, connectivity, and app—and the number of interconnected parts that need to be working well together to make smart living happen. Things that work well for the first few hundred smart products can easily fall apart once you scale to thousands, tens of thousands, or millions of units.

·On the product side, you need to be able to manufacture products quickly and easily and at an extremely good price, otherwise scaling will lead to bill of material (BOM) costs that are untenable.

·For cloud, you need a cloud platform that can process billions of device requests daily and handle the addition of thousands of new devices (and their data) with little or zero downtime, and also be able to store device data and allow you to easily retrieve that data.

·For connectivity, you need to consider gateway device management and monitoring and increased administration costs for data connectivity-related dashboards and device management.

·For apps, since the average household uses various smart device brands, you need to think about how interconnection with smart products from other companies will work with your app and if your app will be able to support the variety of devices and brands used in the typical smart homes.

In light of all of the above, most companies, when considering scale, would do well to consider opting for the buy option for at least one or two parts of their IoT ecosystem. Of course, it doesn’t have to be an all-or-nothing proposition. Given any particular company’s arena of expertise and in-house resources, they may opt to buy certain parts of the IoT ecosystem, such as connectivity modules, and build other parts, such as the app, or vice versa.

Build vs. Buy in IoT: Security

IoT security has been a top concern among IoT-related companies and customers for years. Smart devices have opened up entirely new avenues for hackers and cyber criminals to do their work, whether it’s exploiting a security device such as a smart camera through Wi-Fi or hacking into and bringing down an entire IoT ecosystem.

The security stakes with IoT are so much higher since the average IoT device is connected to a bunch of other devices in addition to a cloud platform. All it takes is one mistake, one bad move, one oversight, one miscalculation, and your entire IoT network is breached and exposed. SecuritySecurity

When it comes to building or buying, you need to assume your IoT ecosystem’s security will only be as safe as its most insecure link. If you’re using a third-party connectivity module that’s not ISO certified, for example, that could later come back to haunt you in the form of a customer’s security or data breach. If your cloud platform isn’t using the most up-to-date data and privacy controls, that could lead to an irreversible mistake that damages your company’s reputation.

There are so many aspects to IoT security that your in-house security team members will have to be, essentially, multifaceted IoT and cyber security experts who fully understand all the way cyber criminals exploit IoT networks. From advanced encryption to access control to identity management, they will really need to know their way around the IoT security landscape. And that’s no to mention the aforementioned dangers of scaling an IoT ecosystem. Remember: the bigger it is, the more attack surfaces there are.

Luckily, on the buying side, there are many IoT ecosystem providers who partner with third-party cyber security experts to ensure their smart devices and smart platforms are totally safe. You could do the same, of course, but consider that a more established IoT ecosystem provider will already have strong relationships with IoT security experts globally and thus will be able to do IoT security much easier and at a lower cost.

Of course, if you do have a team of IoT security experts at your disposal you’ll have far more control over how your devices are built and deployed and potentially better insight into how or why something may have gone wrong with a security breach.

Between scale and security, there’s certainly a lot to think about in terms of building or buying for IoT.

In the next and last blog post of the series, we’ll explore the build vs. buy in IoT issue from the perspective of support and data management.

Got any questions? I'm happy to help!