What Makes a Good Connected Product?

DZone 's Guide to

What Makes a Good Connected Product?

Here's everything you need to know as an IoT entrepreneur.

· IoT Zone ·
Free Resource

This article is featured in the new DZone Guide to IoT: Connecting Devices & Data. Get your free copy for insightful articles, industry stats, and more!

Defining "good" is a matter of culture, but people around me have been asking themselves what makes a good product based on the Internet of Things. We've seen plenty of examples of "bad" behavior — products made defunct after acquisitions, aggressive T&Cs applied to the detriment of consumers, and cybersecurity issues are only a few of what's out there now, 18 years after the term "Internet of Things" was coined by Kevin Ashton.

A time of reflection was kicked off in 2012 at an event that I helped organize in London: the "Open Internet of Things Definition." In 2014, friends of mine started Thingscon with a Berlin conference exploring "responsible IoT." In 2015, the IoT Security Foundation held its first event in Bletchley Park. In 2017, I helped organize an event that explored a possible certification mark for connected products, "IoTmark" (now a free tool called Better IoT), and the US passed a law called IoT TIPS Act that same year. The Department for Culture, Media, and Sports published the Code of Practice for Consumer IoT Security in March 2018, followed by the British Standards Institute with an IoT Security Kitemark™ in May 2018. More recently, Thingscon co-founder Peter Bihr launched the Trustable Tech Mark last December. All these and many more around the world show that for a startup considering building a connected product, ethical and technical decisions have to be made to protect their customers and consumers at large. Here's a breakdown of what any budding Internet of Things entrepreneur should consider today.


Does your website or packaging communicate clearly to your customers how long they can expect the product to work for? In the event of your company's demise (hey, it happens to the best of us), what will happen to the product? Will it stop working altogether? Ideally, you will think about open-sourcing the hardware or backend service to allow a third party to support it on your behalf, and you'll think about who that might be. It's really important that consumers feel like they're buying a product that will stick to its expected lifespan even if you're not around. Back in 2016, Revolv, a smart home hub, had its service unexpectedly terminated by Google, which had recently acquired the company. That wasn't the most elegant way to go about it, and there was an uproar from consumers.

Another aspect of lifecycle to bear in mind is the idea that the product someone buys should maintain the core functionality no matter what. Sonos made it compulsory for consumers to accept their change of Terms and Conditions; otherwise, their connected sound systems would cease to function. These kinds of draconian techniques don't put the consumer in charge of the product they bought. And in the eyes of many Consumer Protection Acts around the world, they have rights over — and aren't at the mercy of — digital business models.

Of course, many consumer rights are limited to refund periods (usually30 days) and don't impose a period of functionality. How disposable connected products are because of their lack of long-term digital service support contributes to e-waste and pollution, which regulators are bound to examine in the coming years. We can eventually expect a "minimum support clause" to become part of the export and certification process for these products. You should prepare yourself by making it very clear what you'll support, how, and how quickly. This will always help a consumer understand what they're buying and make you stand out on public forums like Trust Pilot.

It's hard being an IoT entrepreneur, as the mixture of software and hardware multiplies the problems that you're likely to encounter —but that doesn't mean that the journey is impossible.

Privacy and Permissions

Chances are that more than one person will use your product — especially if you're a smart thermostat company, for example — and offer multiuser access or work on the premise that the product will eventually be sold on eBay. With this in mind, the consumer you sold your product to might not be the one who uses it years after the purchase was made, and you should be flexible about the number of users engaged at any given time because consumer's lives are complicated. The reason why most companies don't offer this is that they'd like to track individual use so that the data produced becomes more valuable, but this is usually at the expense of enjoyable user experience, which ends up costing you in lost recommendations and purchases from other people.

Privacy is another key concept that, in a world post-GDPR, is still very tangible and makes things difficult for companies. When disposing of a connected toothbrush, a consumer should have the choice to archive that data in a way that is both machine-readable and understandable to them. A connected product should always advertise when it is connected (with a status LED, for example, which voice assistants could do with) and have a button to reset to its factory settings so that all the data that might be collected locally is wiped. This gets complicated with products like Amazon Alexa and all other voice-activated services, as it's unclear to the consumer how much is being captured at any given time, where it goes, and who ends up storing it. For them not to pose a privacy and security risk, those processes should be made clear with simple-to-understand language and without legalese hidden in the terms and conditions.


From a technical standpoint, security is big business for security firms that are rarely equipped to offer their services to startups. This means that certain technical decisions are taken without malice but backfire when a product gets hacked by a third party. Penetration (PEN) testing is prohibitive to startups, so mitigating as many risks as possible can be achieved with some simple digital security decisions outlined by the OWASP Top 10 Project. Some of these include:

  • Minimum cryptographic security on the backend and secure configuration

  • A backend that implements additional security options

  • Implementing reliable and appropriate backend patching

  • Enforcing a strong user identity policy

  • Developing clear admin user rights management tools

It's hard being an Internet of Things entrepreneur, as the mixture of software and hardware multiplies the problems that you're likely to encounter but that doesn't mean that the journey is impossible. Many companies have built sustainable and growing businesses, and many of them will end up growing internationally. The first step to success is to mitigate future problems — and doing so ethically makes successful customer interactions more likely. That's not to say that building things ethically is a guarantee of success, but as the fair trade movement proves, it can create its own voice within an industry and give the products a great platform. As more governments get behind some of these efforts, entrepreneurs who design ethically will find it easy to make friends in high places, and that's never a bad thing.

This article is featured in the new DZone Guide to IoT: Connecting Devices & Data. Get your free copy for insightful articles, industry stats, and more!

connected products, devices, entrepreneur, iot, lifecycle, permissions, privacy, security

Published at DZone with permission of Alexandra Deschamps-Sonsino . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}