You need to build a software application. Now what?
What should you do? How should you do it? What should you look out for? This guide will help you spot the most common pitfalls and avoid them. Advice you won’t find elsewhere.
Applied Visions Inc. was founded in 1987 by Frank Zinghini. Since then, we’ve grown into a family of companies, including Jybe Mobile and Software Design Solutions. We blend our substantial experience in software development with our knowledge of how to make an application that actually makes money.
Internet of Things
Developing applications for embedded systems and the Internet of Things (IoT) requires more than just software development. Because there is a “thing” involved, the hardware matters. And, of course, the user matters. And, because we write more than just code, the marketability of the product matters.
When we develop IoT applications and products, we often find we are working with clients who are experts in their industry, having developed the hardware (the “things”) that they now want to transform into intelligent sensing, communicating, and control devices. This development requires more than just adding technical functions to the “thing” or connecting it to the internet. There are still those considerations involving market readiness, goals, functions, cost, platforms and, often most importantly, usability of the application being used to sense, communicate, and control.
There’s also the reporting function, something that is almost always overlooked by coders who aren’t looking at the whole picture. Once the data has been gathered, someone in the field or in management will want to make sense of it and make appropriate operational and business decisions. Dumping a CSV file is rarely the answer. How will that data be presented? Sorted, filtered, or otherwise manipulated? How often should it be displayed or distributed? What kind of value is the customer expecting to get from that data? How easy can it be for them to do something meaningful with the data?
Finally, coders often miss that high-quality code and high-quality security need to be woven together to create an application that is truly secure. When the application is high-quality, the code does what it is supposed to do. When the application is secure, the code does not do what it shouldn’t do.
Areas of risk for an Internet of Things application include:
- Network defense: This aspect should be covered external to the device by intrusion detection systems (IDS), which monitor a network for unauthorized activity; intrusion prevention systems, which follow traffic to prevent network vulnerability exploits; firewalls; and antivirus scanners.
- Device defense: This includes simple things such as password protection, policy management, and patching systems to keep up-to-date with new security protocols. Two-factor authentication should be employed whenever practical. For example, withdrawing funds from an ATM requires both a debit card and a PIN; having one or the other is not enough.
- Application defense: Security standards should be in place during the development process. Vulnerabilities should be found during the development stage, not after the application is completed. Third-party code that is embedded into the application—especially open-source libraries—should be scrutinized for vulnerabilities. Any software that is purchased to help produce the application—indeed, any that is used on terminals upon which the application is developed, including things unrelated to it—should also be held to high security standards. Even things like third-party browser toolbars should be monitored closely to make sure they do not represent a security risk. Finally, the application should be protected by a firewall.
- Shared threat intelligence: It’s extremely important for developers to share information concerning cybersecurity threats. Not only could learning something new protect your own application, but any information you provide may also help another developer do the same. The Information Technology Information Sharing and Analysis Center, or IT-ISAC, is an invaluable resource for developers to help prevent cyberattacks, as is the Common Vulnerability Enumeration (CVE).
- User-created issues: Users themselves will often unknowingly create vulnerabilities within an application’s infrastructure. For example, users often will only keep a few simple passwords to access multiple applications and accounts; their email password is usually the same as the one they’ll use when they shop on Amazon, or when they access their banking information online. A vulnerability in one account, even if it’s entirely unrelated to your application, can create a security risk for others because of this. Your users need to be educated as best as possible to maintain a secure environment for themselves and other users.
We typically do a physical mockup for Internet of Things applications. Our team members have significant mockup experience, from the simplest device to things as complex as aircraft cockpits. Usability is not a niche aspect of product development; it is essential to commercial success.
If you’re interested in working with us on applications for the Internet of Things, please contact us!
You will be able to spot the most common mistakes before they can hurt you, and lead your team with more confidence.