IoT — The next wave of applications to protect

Stephen Manley, CTO

Sometimes, even as a technology trend explodes while you’re watching, you still don’t appreciate its magnitude. Today, over 38 billion Internet of things (IoT) devices process data for every industry in every part of the world. While production IoT has already gone mainstream, IoT data protection is still emerging. With the explosion of IoT-driven small data sprawl, organizations will need to protect their data differently.

IoT is everywhere

IoT is so much more than smart meters, self-driving cars, and wearable devices. Companies in every industry have adopted IoT.

Driscoll’s has grown berries for almost 150 years. In 2016, berries were the largest and fastest growing retail produce, and Driscoll’s led the market. They credit their “Driscoll’s Delight Platform,” which uses IoT to track and manage the berries from the first mile (growing) through the middle miles (shipping) to the last mile (retail consumer). Driscoll’s analyzes data at every stage to optimize the production and consumption of berries. Driscoll’s is an IoT technology company that sells berries.

Osram manufactured lightbulbs for almost a century. Then, LED bulbs decimated the lightbulb replacement business. Osram evolved into an IoT lighting solution company. Osram applications optimize customers’ lighting for their houses, businesses, and stadiums. They sold the traditional lightbulb manufacturing business in 2017, so Osram is now a high-tech IoT company.

Manufacturers use IoT devices to create virtual clones of their physical systems, so they can test and monitor more efficiently. The process, called digital twinning, allows industrial organizations to do test and development without making expensive physical duplicates. Over the past 3 years, it has transformed the industry.

IoT video is expanding. Retail and casino operations can better track their patrons with video and facial recognition. Law enforcement is increasingly leveraging video surveillance to assist with everything from traffic management to crime prevention.

We live in an IoT world. What does that mean for IT?

How IoT works

IoT brings immediate data processing closer to the users, while also creating a pipeline for centralized advanced data analytics.

Most IoT applications begin with local streaming analytics. Even 5G does not provide enough performance (response time or throughput) to centrally manage self-driving cars, video surveillance, and health monitoring. Therefore, immediate decisions are made locally, and with new processors from companies like AMD, the devices themselves are able to do more AI/ML functions.

Cloud then powers deep analytics of IoT data. Cloud has the global reach to pull data from millions of devices, and customers use services like AWS IoT Core to manage the environment. Once the data is in the cloud, often via a hop in an AWS local zone, companies build multi-layered applications to process the data. Most industries use the same core components — object storage, databases, containerized processing, etc. Then, vertically-focused (e.g., smart meters, industrial IoT) vendors provide the next layer of the application. Finally, each company adds their own “special sauce” to provide competitive differentiation. IoT applications are a complex amalgamation of infrastructure, 3rd party components, and custom code.

At the top of the stack, IoT solutions share one more factor — eye-catching visualization to get people’s attention. For example, a large power utility used smart meter analytics to identify people illegally swapping meters with a neighbor. While the project would save hundreds of millions of dollars, it did not get anybody’s attention until they connected into Google Earth. Once the executives saw the tool swoop into a view of the offending house, they could scarcely contain their excitement. Sizzle sells IoT.

IoT analyzes data streams at the edge, drives deep analytics in the cloud, and results in clear, appealing visualization.

Data protection for IoT

IoT, like so many new workloads (e.g., SaaS apps, Kubernetes, Cloud-Native), pushes the boundaries of data protection.

IoT creates “small data sprawl,” which means your data will be everywhere. Data will live on the devices, local zones, and in the cloud. While there will be a data pipeline, each stage may transfer only transformed data. Therefore, organizations need to figure out how to protect raw data at each stage of the pipeline — regardless of where it is.

Since IoT applications are so distributed, data protection turns into “metadata protection.” While each part of an AWS IoT pipeline — AWS IoT Core, Amazon S3 storage, Amazon RDS databases, Amazon Sagemaker, and custom code — may be resilient, the challenge is to protect and recover the entire application. Therefore, protecting metadata around how the application components interact becomes as important as backing up the data. Since the devices may be gathering personal data in a variety of regions, the protection must ensure that the data does not violate regulations like GDPR, SOX, PCI, and HIPAA.

In fact, IoT demonstrates that compliance and data protection are increasingly intertwined. For example, a municipality is requiring full reproducibility before allowing law enforcement to deploy IoT-based audio surveillance. For legal and compliance requirements, they must be able to reproduce any result using the version of their AI algorithm from that time against the original data. To meet those standards, they are implementing regular snapshots of their entire environment, both data and metadata. Meanwhile, organizations need to manage IoT data to meet privacy regulations. Among others, a U.S. court ruled that smart meter data can reveal private information about residents, which means all smart meter data must be managed as private data. Since data protection aggregates the IoT data, many companies are using their backup copies to help identify and control personal IoT information.

IoT extends the current data protection trends — data in more places, the need to protect metadata and data, and the growing integration with compliance and privacy.

What you should do differently

The new configurations and requirements for IoT applications require a new approach to backup.

First, you need to protect the entire application. Data has steadily been shifting out of the data center for years. IoT shows the importance of protecting: endpoints, data in cloud (e.g. S3) and data in cloud applications (e.g. AWS RDS). Backup solutions must protect the data where it is. Furthermore, you need to protect the application’s metadata, so you can reconstruct the flow in case of error, audit, or lawsuit.

Second, you need to use the cloud for data protection because that’s where IoT applications run. The cloud learning curve is steep — e.g., costs, security, performance — but it also offers the only environment that can scale with IoT applications. As your IoT applications scale in the cloud, only cloud-native data protection can scale with it. From long-term retention of data for compliance to protecting large data sets like IoT video, cloud is more scalable and affordable (e.g. using Amazon Glacier Deep Archive) than any traditional approach.

Third, you need to stay connected with your business and legal teams to understand the compliance regulations they face. At a minimum, ensure that the backup process does not violate regulations — e.g. backing up across borders, restoring data that should not be accessible. To add value, you can help them meet compliance requirements — flagging personal identification information (PII) as it is backed up, re-creating environments from a point-in-time for AI reproduction, or identifying anomalous patterns in the backup data. In IoT, data protection is as much about compliance and privacy as it is about backup and recovery.


IoT is already ubiquitous and it is growing exponentially across virtually every industry, as companies move closer to their users. IoT applications tie together dozens of components across multiple environments and geographies, which exposes organizations to small data sprawl and complex regulatory requirements. To protect IoT, organizations need to expand their definition of data protection — working on the whole application, embracing the cloud, and connecting with business and legal departments. As IoT and other new workloads expand, your approach to data protection must evolve.

IoT has already changed our world — now, it’s time to protect it.

As IoT data protection continues to expand, learn how Druva inSync delivers unified data protection across endpoints and cloud applications.