Internet of Things (IoT) applications are becoming more prevalent, and organizations are implementing many of these into their business strategies. IT organizations that are not planning for IoT are at risk of being left behind in this time of digital transformation. As more and more devices become connected, organizations must understand the opportunities IoT will bring, as well as the challenges that lie ahead.\nIn this post, we will have a Q & A and open discussion with Ken Hosac and Perry Lea of Cradlepoint, where they provide insight on a few surfacing questions around IoT.\nKen Hosac is Vice President of Business Development at Cradlepoint, where he is responsible for IoT strategies and driving industry partnerships to accelerate Cradlepoint\u2019s market growth and leadership. Ken holds a B.S. degree in Electrical Engineering and an M.S. degree in Manufacturing Engineering, both from Stanford University.\nPerry Lea is Technical Director for Cradlepoint, where he leads efforts in IoT and Fog Computing. Perry holds three engineering degrees in computer science and computer engineering and completed his postgraduate work in electrical engineering at Columbia University.\u00a0\u00a0\nQ: With gateways serving a more important role in connecting IoT and being the platform for Edge and Fog Compute, is it now a weak link in robustness or security?\nA: Perry Lea: There is more duty for the gateway in the world of sensors.\u00a0However, that is the correct place to put the burden of security, reliability, and availability.\u00a0Sensors are significantly cost- and resource-constrained except for higher-end devices. Because of that, they can\u2019t offer a complete solution.\u00a0Nor can building a heterogeneous solution of different sensors, management, and security standards be reasonable to maintain in a world of a billion sensors.\u00a0A gateway needs to be the broker and conduit to simplify and unify the management of the Internet of things.\u00a0The gateway can also spread the burden and communicate east-west and north-south in a fog environment.\u00a0This has the potential to create a mesh of gateways and further improve availability.\nA: Ken Hosac: Perry is correct that shifting functionality to the gateway can significantly reduce the cost and complexity of the sensors, but there is a difference between a gateway and a router. Our approach is to use our 4G router as an IoT gateway since the router has advanced networking, security, edge processing, and analytics capabilities not found in a typical gateway.\u00a0\nQ: How does Software-defined Networking (SDN) impact IoT devices that are cost constrained?\u00a0\nA: Perry Lea: SDN will be critical for IoT deployments.\u00a0It provides the ability to choose your lane of traffic rather than being on a single rail.\u00a0Security wise, it isolates, protects, and steers traffic to aid in DDOS prevention.\u00a0There is an on-ramp to support SDN on the client side. I believe that cost is fairly lightweight, but that is where the gateway comes in.\u00a0A gateway can also serve as the SDN on-ramp to all IoT devices it reaches.\nA: Ken Hosac: Traditional private networks based on MPLS or VPN tunnels are often complex and expensive. SDN eliminates much of this complexity, which also reduces the human error that is often at the root of security issues. It is simpler to add cost-constrained IoT devices to a software-defined network than legacy networks, since the lightweight SDN client can be based in the router\/gateway rather than in the IoT device itself. This is also useful for IoT devices that are closed, where installing a client isn\u2019t possible.\nQ: There are new cloud providers, middleware, and communication protocols being invented or developed all the time. How does the industry settle on one?\nA: Perry Lea: We don\u2019t settle on one, but certainly we try to make the decision points easy for the architect and customer.\u00a0 There are more than 150,000 combinations right now. We need cross-industry organizational support to foster open and well-defined standards.\u00a0Look at standards that have stuck over the years:\u00a0802.11, 802.3, MPI, C, C++, Posix.\u00a0It takes energy and give and take to come to accept standards.\nA: Ken Hosac: As Perry said, we promote customer choice. Today\u2019s IoT use cases vary widely, and are very fragmented and customer-specific. Different applications have different needs. Our goal is to provide the flexibility to choose your own sensors and choose your own cloud.\nQ: Out of the combination of clouds providers, protocols, and middleware, what are some of the standards you see emerging as winners? \nA: Perry Lea: The winners I see are 5G,\u00a0Bluetooth 5.0,\u00a0OpenFog, and some low-bandwidth, long-range protocols such as LoRa.\nA: Ken Hosac: For the local interfaces, it appears that Bluetooth 5.0 will be fairly successful. Due to its broad capabilities, it may actually obsolete some of the other local wireless standards. For wide-area networks, the choice depends on the application \u2013 including throughput and duty-cycle requirements. Applications that are battery-powered with low duty cycles will gravitate toward the low-power protocols. High-throughput and high-duty cycle applications will gravitate toward cellular (4G LTE today, 5G tomorrow) or possibly WiFi-as-WAN. We see the IoT cloud providers adopting MQTT as the common denominator, but we may see other protocols emerge in the future.\u00a0\nQ: What can be done to improve security in a Wireless Personal Area Network now? \nA: Perry Lea: Certainly, using all prescribed methods available:\u00a0frequency hopping, MAC randomization, and encryption.\u00a0Then it\u2019s the duty of the gateway host in the Internet community to find, report, and isolate a local disruption.\u00a0\nA: Ken Hosac: Continuous improvements in authentication, encryption, and resiliency. Device fingerprinting should include not just physical identification, but also behavioral profiling and monitoring. The cloud provides the ability to monitor wide populations of devices and identify anomalies that can\u2019t be seen at the device level. These results can be used to make better decisions at the edge to improve local security.