Last updated: 15 January 2021
IoT systems and their interdependent building blocks can be various and complex.
However, an IoT ecosystem is typically built up with 7 distinct essential components:
- Sensors (and actuators) in the IoT device,
- The device connectivity,
- The local application into the IoT device,
- The network,
- The application in the cloud,
- Data analytics,
- Management, and notably, security.
On this page, we will cover the basics of an industry-grade IoT ecosystem architecture.
Then, we’ll go one step further.
We’ll also list the major associations and industry alliances shaping the IoT and briefly review the latest regulations in the EU, UK, and USA.
If you’re looking for a global picture of the IoT ecosystem in 2021 and understand how it may impact your projects, you’ve come to the right place.
Let's get started.
The 7 components of an IoT ecosystem architecture
We know the feeling.
Navigating the IoT market can be difficult. The perceived barriers to entry when launching a new project seem countless.
By identifying what building blocks IoT service providers need to consider when creating a proof of concept (POC), challenges can be more easily understood and overcome.
Francis D'Souza, Head of Strategy for Analytics and IoT Solutions at Thales, explains the seven IoT ecosystem components that determine the make-up of every successful IoT product.
So, an IoT ecosystem architecture is generally formed from a set of components which can be simplified to the following:
#1. Sensors in the IoT device
One starts from the sensors, which capture the data that one wishes to send back.
The sensors themselves are simple enough. They could take temperature, humidity, measure pressure. That’s self-explanatory.
#2. Device connectivity
The sensors are connected to a device or a part of the device.
And the device itself has an element that allows it to connect to the network to transmit data to the cloud and receive commands.
The network could be Wi-Fi, the network could be cellular; it could be a lot of technologies.
But more about this later.
When the connection is cellular, a SIM card or eSIM is also required as part of the wireless access equipment hardware.
#3. Application in the smart device
On the device itself – and it’s the third building block – is an application. That’s the logic that says, for example, “if the temperature exceeds 20 degrees, I send a notification to the network.”
Or the logic might say, “I set to send temperature every one minute,” so that’s the application, third building block, on the device.
But then, that’s where the complexity starts.
The first set of jargon is in the smart device.
You need to have the application that’s running. The application runs on a processor. That’s called either an MCU, a multi-controller unit, or an MPU multi-processor unit.
#4. The network
The fourth building block is the network itself that connects from the device back to the cloud.
This device connects to the network. The network could be Wi-Fi, it could be Bluetooth, the network could be cellular.
Let’s focus on the cellular because many of the IoT applications are based on it for reasons of reliability and service levels.
And in cellular, you’ve got a host of options based on the bandwidth you want for your application or the battery.
The acronyms out there that you would come across would be the usual 2G, 3G, 4G, 5G of cellular.
But within 4G – which is mainstream of IoT today – there are two broad categories.
- There’s the LPWAN, low powered wide area network, which has two variants: category M (Cat-M or LTE-M) and category NB-IoT (Cat NB-IoT).
- Then you’ve got the mid-range bandwidth, which is category LTE-1 (LTE Cat 1).
And then the high bandwidth applications which typically use networks called LTE Advanced (LTE-A) or LTE Advanced Pro.
And very soon, with the advent of 5G, there’ll be a whole new set of acronyms that will come up.
There’s something called massive IoT, an extension in the 5G world of the CAT-M and CAT NB we spoke about in 4G LTE environments.
Something that’s going to be brand new on networks called Ultra-Reliable Low Latency Communication (URLLC). This is for IoT applications that need extremely low latency between the data being generated and its availability in the cloud.
So that’s the kind of acronyms that one will come across along the way and the type of technology one will have on the network itself.
#5. The application (and processing) on the cloud
We are coming over to the cloud.
Now that the data comes back, it’s stored in a database. It is treated/processed. There are actions taken on it. That’s sitting in the cloud.
This part is typical IT applications.
#6 Data analytics
The one thing that would be different out there, though, more in IoT than in enterprise applications, is machine learning or analytics - some people go to the extent of calling it AI (Artificial Intelligence).
This is really different for IoT because the value in IoT is in the data generated and the results that derive from analyzing the data leveraging virtual data analytics.
So, this is something that will specifically come across the analytic side.
More often, that’s running in the cloud, and this is the sixth layer of the IoT ecosystem.
Big data analytics can benefit the IoT-enabled smart grid, where millions of data are collected and stored.
There’s a seventh element that underlies all of this.
And that’s a security building block: the security at the device, the security at the cloud, and the channel between the device and the cloud.
Security is a very broad concept and needs to be adapted to the use case.
But the general security principles established in IoT and the acronyms used are PKI, public-key cryptography, encryption, mutual authentication, and certificates.
Therefore, an IoT ecosystem has different elements to consider, each with a fair amount of interdependence on each of the other building blocks.
Alliances and consortia
Alliances, consortia, and standardization bodies shape the IoT ecosystem at large with agreements to ensure standardization for compatibility, secure interoperability, safety, and quality.
Many have formed over the past few years to meet the new needs of the IoT.
They are either focus on technology frameworks or vertical industries.
We will find, of course, the "usual suspects": ISO (International Organization for Standardization) and ITU, ETSI, World Wide Web Consortium (W3C), IEEE Internet of Things, IFET (Internet Engineering Task Force).
Major alliances and consortia include Eclipse IoT, Apache Foundation, Open Mobile Alliance (OMASpecWorks), OASIS, IEC, OpenFog Consortium, IoT Consortium, OneM2M, AIOTI, Open Connectivity Foundation (OCF), OMG (Object Management Group), UPnP Forum, HYPER/CAT, OPEN INTERCONNECT (OIC), oneM2M, to name a few.
AllSeen Alliance (merged with OCF) currently focuses on consumer devices when Thread Group and Apple’s HomeKit focus on connected homes.
Apple’s HealthKit focuses on fitness and health, EnOcean Alliance on building automation, ESMIG on smart meters.
Open Automotive Alliance focuses on connected cars, Industrial Internet Consortium (IIC) on industrial and work use cases, GINIVI Alliance on transportation, HART Foundation (focused on industrial IoT).
The RFID Consortium, NFC Forum, Wi-Fi Alliance, Zigbee Alliance, LoRA Alliance help promote connectivity standards and certifications.
The GSMA (Global System for Mobile Communications Association) is well known for its marketing and education activities. It represents mobile operators' interests worldwide, uniting more than 750 operators with almost 400 companies in the broader mobile ecosystem.
Needless to say, the vast array of alliances and consortia reflects the interests of high-tech industry companies for a booming market and illustrates how they compete for control of the IoT ecosystem.
Which leads us to…
The IoT ecosystem and recent regulations
The growing pace of IoT adoption and persistent insecurity of many devices set the stage for regulatory actions.
Lawmakers regulating the IoT industry are facing two distinct challenges:
- Make connected devices more resilient to cyber threats and attacks (IoT cybersecurity).
- Protect the privacy of personal information (IoT privacy).
Overview: Most recent regulations impacting the IoT in Europe and the United States ( Source: Thales DIS January 2021)
Consumer Data Privacy
The General Data Protection Regulation
(EU GDPR Directive 95/46/EC) effective 25 May 2018 and became law in the EU and the UK.
Effective 27 June 2019, and became law in the European Union and the UK.
The NIS Directive
(IoT infrastructure) became effective 24 May 2018 in the EU and the UK. Each country will have to pass a law.
No comprehensive federal law regulating the collection and use of personal information yet but specific laws:
The 2019 IoT Cybersecurity Improvement Act (not passed yet) - see S.734
The California Consumer Privacy Act (CCPA)
SB-1121 became effective 1 January 2020
California’s IoT cybersecurity law
SB-327 became effective 1 January 2020
Self-regulatory regimes inspired (or not) by safety standards are gradually being replaced by country-specific regulations imposing security implementation requirements.
The good news?
Based only on the current legal requirements, the minimum level of requested cybersecurity for manufacturers and vendors is achievable.
But regulatory compliance on basic security for individual IoT devices is just the very first step.
Network operators also need to take additional actions.
They can put in place more high-level cybersecurity and solutions beyond the performance of individual devices to address the IoT more comprehensively.
Where do we fit in?
To support its clients, Thales delivers innovative IoT technology that simplifies and speeds enterprise digital transformation.
For 25 years, our customers - in a wide range of industries - trust our IoT solutions to seamlessly connect and secure their IoT devices, maximize field insights, and accelerate their global business success.
And in the IoT, time is of the essence.
More resources on IoT technologies and solutions
- Visit our IoT resource center.
- Is your FOTA solution efficient?
- The Low Power Modes of the Cellular IoT (video)
- Cellular IoT: connectivity and energy efficiency (video)
- eDRX (extended Discontinuous Reception) and PSM timers (Power Saving Mode) - power-saving modes (video)
- Beyond 4G: a 5G technology overview
- How is IoT reinventing businesses today? (Forbes)
- IoT guidelines and standards: essential reading (NIST January 2020)
- ENISA: how to implement security by design for IoT (November 2019)
Now it's your turn
If you have a question about the components of IoT or the IoT ecosystem architecture in general or want to learn more about how IoT technology is transforming the world, we’ll be glad to help.
We’re looking forward to hearing from you.