Finding the real value (and security) in IoT applications

At the end of 2016 I had the pleasure of talking to Johan den Haan (pic below) the CTO of a company called Mendix to talk about all things IoT (thanks @sarahsalbu).  Mendix is a low code hpaPaaS player; but I’m sure you already knew that ; )

We will get to what the heck hpaPaaS means later but my reason for talking to Johan was to get my head out of the sensor/microcontroller/gateway world I’ve been living in and learn about the world of IoT higher up the stack.  You may remember my 7 point IoT operating model I came up with back in 2013 to help me understand the IoT; Mendix operates at level 5:

1. Sensing and Control
2. Connectivity
3. Analytics (big data) and the cloud
4. Security
5. Applications, ROI and 2nd/3rd order effects
6. Standards and Regulation
7. Ecosystems and Communities

Mendix was started in Holland and is now an 11 year old company so they can’t be accused of recently jumping on the IoT bandwagon.  Today they are headquartered in Boston and you can find then at Mendix.com.  The initial impetus for the company was to make a platform for application delivery for IT departments especially those that needed mobile driven development without the need for heavy coding skills. Mendix saw the mobile developer skills gap early on and we all know that the biggest ROI killer in IT projects is being late, so the need for speed in application implementation convinced them to become a platform company.   Johan describes Mendix as a low code platform meaning your developers aren’t in the code weeds and can get on with building their applications.  This makes Mendix a high productivity application platform as a service (hpaPaaS) company (longest tech acronym winner?).   

Mendix does not supply the sensors or “things” because in Johan’s opinion that's not where the value is (note to my semiconductor friends).  Instead, Mendix takes the customer's data after it has been uploaded to an IoT cloud provider like Amazon IoT (or IBM Watson IoT or Microsoft Azure IoT) and then using an App they can give a user the following:

1. Contextual awareness; what is going on in real time with that particular machine, patient or city street for example.
2. Intelligence; with data analysis in the cloud and/or logic in the Mendix App the user knows the possible consequences of the situation.
3. Proactivity;   the user now has options to adjust the machine, ask for help or get suggestions on how to mitigate any serious consequences

Scotty could have been more productive on the Enterprise if he’d used a Mendix IoT App:

Seriously though the real power of the IoT comes from adding intelligence when it's needed to avert life threatening situations in everyday life.  Say a doctor or nurse walks up to a patient in a hospital bed after a shift change and can instantly pull up all the medical data they need (via a beacon on the patient), now they have intelligence on the patient's history, drugs taken and can  be proactively shown some possible treatments.  Medical errors are the third leading cause of deaths in the United States,  this isn’t a trivial or nice to have application it could be a life saver (and the cost of medical errors is at least $17billion per year).     

Mendix is also getting traction in the Industrial IoT with energy companies who are maintaining the grid in a rapidly changing world of renewables and microgrids.  As the energy market changes then the mobile workforce of a utility need to get access not just their own data but the flow of information coming from customer solar installations and businesses with their own generators.  The number of grid interdependencies and complexities are growing rapidly so the need for contextual analysis and intelligence and making the right decisions is essential.

So this is all very inspiring and obvious in some ways so I asked Johan how do we get there?

His advice is to start with a pilot, build an App fast with Mendix then iterate the business model.  A nice real world example is the Dutch airline, KLM in their fleet maintenance group.  The problem they needed to solve was where are the maintenance tools needed for a specific plane.  The tools could be anywhere in the maintenance facility or airport so the app finds the tools and ramps they need when they need them.  The App was built in 2 weeks and has saved them $1.8m already in downtime.  So the lesson is to do these experiments fast and repeat.  It gives the dev team experience with the concept and where the benefits will come from which are not always obvious.  Check out the Smart Apps Mendix has come up with here: https://www.mendix.com/smart-apps/

I couldn’t let Johan go without grabbing the third rail of IoT right now which is security and he explained that Mendix is not a device software company and they don’t collect data but they help gather what might be sensitive data for customers.  So on the Mendix platform there are granular built in user security settings, these control which users can see what portion of the data which is useful for those managing the application but how secure is this?

IoT security issues are far ranging and not all of them fall on Mendix but Johan told me that they

do penetration testing and have a cloud security certification so they are taking it seriously.  After the Mirai bot attack in October (and Mazar back in February) security is the hot topic in IoT and Johan agreed that some standards organizations will probably get involved soon but I’m not sure who is on first,  do you?  

So the bottom line for me is that the application layer of the IoT is where the bulk of the value is created and you need to start somewhere so Mendix is worth a serious look.  Feel free to comment below and follow me on Twitter for shorter IoT missives.

Postscript added on Jan 10, 2017: Mendix has a free trial available for up to 10 users here: https://www.mendix.com/try-now/ Disclosure: I have no financial interest in Mendix and am not consulting for them.