The words you need to know

A component that detects and measures something from the physical world and converts it into data. Temperature, pressure, humidity, motion, light, proximity, vibration, sound. The sensor is how an IoT device perceives its environment. Without sensors, a device is just a computer. The choice of sensor determines what a device can know, and the accuracy and power consumption of the sensor determine most of the hard design constraints that follow.

A component that converts a signal into a physical action. A motor that opens a valve. A relay that switches a light. A speaker that produces sound. Where a sensor reads the world, an actuator changes it. Most IoT systems do both: sense a condition, decide what to do, act on it. A smart thermostat senses temperature (sensor) and controls the boiler (actuator). The combination is what makes IoT useful rather than just observational.

A small, low-power integrated circuit that combines a processor, memory, and programmable input/output in a single chip. The brain of most IoT devices. Unlike a general-purpose computer, a microcontroller is designed to run one dedicated programme continuously. Arduino and ESP32 are popular development microcontrollers. In production devices, MCUs are chosen for their power consumption, processing capability, and connectivity features. The right MCU for a battery-powered sensor is very different from the right MCU for a gateway.

The software embedded in a device's hardware, typically stored in non-volatile memory, that controls its core functions. Unlike an app, firmware runs directly on the hardware without an operating system in between. It is the lowest layer of software a device has. Firmware is harder to update than application software, which is why IoT security vulnerabilities persist so long: millions of devices in the field with firmware that cannot easily be patched.

Updating a device's firmware or software wirelessly, without physical access. Critical for IoT at scale: you cannot physically touch ten thousand field-deployed sensors to patch a security vulnerability. OTA update capability must be designed in from the start. It requires a reliable connection, enough storage to hold the new firmware alongside the old (so the device can roll back if the update fails), and a mechanism to verify the update is authentic and hasn't been tampered with.

The total energy a device has available and how that energy is allocated across its components. For battery-powered devices, the power budget determines how long the device will run before it needs recharging or a battery replacement. Every component costs power: the radio draws significantly more than the microcontroller, and the radio transmitting draws significantly more than the radio listening. Designing a device to a tight power budget requires careful decisions about when each component is active and for how long.

A low-power mode in which a microcontroller shuts down most of its functions to conserve energy, then wakes on a timer or external trigger to take a reading and transmit it. A sensor that takes a temperature reading once per hour spends 99% of its time in deep sleep. The difference in power consumption between active and sleep modes is often two to three orders of magnitude. Battery-powered IoT devices that don't use deep sleep effectively tend to have very short lives.

The most common wireless connectivity option for IoT devices in homes and offices. High bandwidth, reasonable range, infrastructure already present in most buildings. Drawbacks: relatively high power consumption compared to other options, and dependency on existing network infrastructure. Fine for a smart plug that is always mains-powered and near a router. Poor fit for a battery-powered field sensor three kilometres from the nearest building.

A short-range wireless protocol designed specifically for low-power devices that transmit small amounts of data infrequently. A fitness tracker syncing step counts. A smart lock communicating with a phone. A beacon broadcasting a location signal. BLE devices can run for months or years on a small battery. The trade-off is range (typically ten metres) and bandwidth. The "Low Energy" part distinguishes it from classic Bluetooth, which is designed for continuous audio streaming and consumes far more power.

A long-range, low-power wide-area network protocol designed for IoT devices that need to transmit small amounts of data over distances of kilometres, on a single battery, for years. A water meter in a field. A soil moisture sensor in a vineyard. A GPS tracker on livestock. LoRaWAN sacrifices bandwidth (you cannot stream video over LoRaWAN; a typical payload is a few dozen bytes) for range and power efficiency. Requires a gateway to connect devices to the internet, and either public or private network coverage.

A short-range, low-power mesh networking protocol widely used in home automation and smart building devices. Lights, sensors, and switches communicate with each other and with a central coordinator. Unlike Wi-Fi or BLE, Zigbee devices form a mesh: each device can relay messages for others, extending the effective range of the network. The smart home standard Matter (launched 2022) uses Thread, a similar mesh protocol, alongside Wi-Fi and BLE.

The category of network technologies designed for IoT devices that need long range, low power, and low bandwidth. LoRaWAN, Sigfox, NB-IoT, and LTE-M are all LPWANs. The category exists because Wi-Fi and cellular LTE are both too power-hungry for battery-operated field devices, and Bluetooth is too short-range. LPWANs fill the gap between "very local and very efficient" and "everywhere but expensive."

A cellular standard designed for IoT devices, operating on licensed spectrum (the same infrastructure as mobile networks) with very low power consumption. Better indoor and underground penetration than LoRaWAN. Managed by mobile network operators, so no private gateway infrastructure needed. Used for smart meters, parking sensors, and asset trackers. The trade-off versus LoRaWAN: NB-IoT requires a SIM and a network subscription; LoRaWAN can run on private infrastructure at no per-device network cost.

A network topology in which devices communicate with each other directly and relay messages on behalf of others, rather than all connecting to a single central point. In a mesh, every node can be a router. The network is self-healing: if one device fails, messages route around it. Zigbee and Thread are mesh protocols. Mesh is well-suited to environments where a single central hub would create a single point of failure, or where devices are spread across an area too large for direct connection.

A device that sits between IoT endpoints and the internet, translating between protocols and aggregating data. A LoRaWAN gateway receives signals from dozens of sensors and forwards the data to the cloud over an internet connection. A home hub translates Zigbee commands from light switches into Wi-Fi messages to a cloud service. Gateways handle the protocol translation that would be too complex or power-intensive to perform on the sensor itself.

A lightweight messaging protocol designed for constrained devices and unreliable networks. The dominant protocol for IoT device-to-cloud communication. MQTT works on a publish/subscribe model: devices publish messages to a topic (temperature/sensor-1/reading), and any subscriber to that topic receives the message. A central broker routes messages between publishers and subscribers. MQTT is efficient: its overhead is tiny, making it suitable for devices sending frequent small messages over slow or unreliable connections.

A messaging pattern in which senders (publishers) send messages to a named channel or topic, and receivers (subscribers) declare interest in topics and receive messages addressed to those topics. Publishers and subscribers do not communicate directly: a broker sits between them. This decoupling makes systems easier to scale and modify. Adding a new consumer of sensor data requires no changes to the sensor; the new system simply subscribes to the relevant topic. MQTT uses pub/sub. So do most cloud IoT services.

In MQTT and other pub/sub systems, a named channel to which messages are published and from which subscribers receive them. Topics are hierarchical strings: building/floor3/room12/temperature. Subscribers can subscribe to specific topics or use wildcards: building/floor3/# to receive all messages from the third floor. Good topic design is part of IoT system architecture: a well-structured topic hierarchy makes routing, filtering, and access control straightforward.

The actual data content of a message, as distinct from the headers and routing information wrapped around it. In IoT, a sensor payload might be a temperature reading, a battery level, and a timestamp, encoded as compactly as possible. Over constrained networks like LoRaWAN, payload size directly affects transmission time and battery consumption. Payloads are often encoded in binary rather than JSON to reduce size. The tension between human-readable and compact encoding is a recurring IoT design decision.

A standard interface for requesting and sending data over HTTP, widely used for IoT device management and data retrieval. Less efficient than MQTT for high-frequency device telemetry (each request requires a full HTTP handshake) but well-suited to less frequent operations: provisioning a device, retrieving historical data, updating configuration. Most IoT platforms expose a REST API for integration with other systems, alongside MQTT for real-time data.

The encryption protocol that secures data in transit. The same technology that puts the padlock in a browser address bar, applied to IoT communications. Data sent from a sensor to the cloud without TLS can be read by anyone who intercepts it. Implementing TLS on constrained devices is non-trivial: the handshake is computationally expensive and the certificates require management. Many IoT deployments have skipped TLS to save power and complexity, which is how IoT became one of the most significant attack surfaces on the internet.

Processing data on or near the device that generates it, rather than sending it all to the cloud. A camera that detects motion locally and only sends a clip when something happens, rather than streaming continuously. A factory sensor that filters out normal readings and only transmits anomalies. Edge computing reduces bandwidth consumption, latency, and cloud costs. It also enables operation when connectivity is unavailable. The trade-off: more processing capability required on the device, which costs power and money.

A layer of compute and storage between devices and the cloud, typically at a local gateway or server. Where edge computing happens on or very close to the device, fog computing happens in a local hub: a machine on the factory floor, a server in the building basement, an aggregation point in the field. Fog nodes can handle more complex processing than edge devices, aggregate data from multiple devices, and act as a buffer when cloud connectivity is intermittent.

A virtual model of a physical device, system, or process, kept in sync with the real thing through sensor data. The digital twin of a jet engine reflects its current state: temperature, vibration, wear patterns, operating history. Operators can run simulations, predict failures, and test changes on the twin without touching the physical asset. Digital twins are used in manufacturing, infrastructure, and building management. The value scales with the fidelity of the model and the frequency of the data feeding it.

A stored representation of a device's last known state in the cloud, accessible even when the device is offline. A device shadow lets applications read and write device state without needing a live connection to the device. If a device is offline when a configuration change is made, it retrieves the change when it reconnects and synchronises its state. AWS IoT, Azure IoT Hub, and Google Cloud IoT all implement variants of this pattern. It is the mechanism that makes intermittently-connected devices manageable.

Data collected at regular intervals over time: temperature readings every minute, power consumption every second, machine vibration every millisecond. Most IoT telemetry is time series data. It has different storage and query requirements from conventional database records. Time series databases (InfluxDB, TimescaleDB) are optimised for ingesting large volumes of timestamped readings and querying them efficiently: "show me the average temperature between 2pm and 4pm over the last thirty days." Standard SQL databases handle time series poorly at scale.

Data transmitted automatically from a device to a remote system for monitoring or analysis. Temperature, location, battery level, error codes. Telemetry is the outbound data stream from a device. The word comes from remote measurement systems in aerospace and military contexts and has been adopted wholesale by IoT. "Telemetry" implies automated, periodic, or event-triggered transmission rather than data retrieved on request.

The process of registering a device with a platform and configuring it with the credentials and settings it needs to operate. Before a device can connect to a cloud service, the platform needs to know it exists and trust its identity. Provisioning at scale is one of the more complex operational challenges in IoT: how do you securely enrol a hundred thousand devices without manual intervention for each one? Zero-touch provisioning, where a device presents a factory-installed certificate and is automatically enrolled, is the target state.

The total set of points where an attacker could try to enter or extract data from a system. In IoT, the attack surface is large and often poorly defended: devices with default passwords, unencrypted communications, firmware with known vulnerabilities, physical access to hardware. Each additional device added to a network extends the attack surface. IoT devices are attractive targets because they are numerous, often unmonitored, and frequently connected to higher-value systems.

A network of compromised devices under the control of an attacker, used to conduct coordinated attacks. IoT devices have been among the most recruited: cameras, routers, and smart home devices with default or weak credentials have been hijacked at scale. The Mirai botnet in 2016, which used compromised IoT devices to conduct some of the largest distributed denial-of-service attacks ever recorded, was a demonstration of what a fleet of insecure devices looks like as a weapon.

A process in which a device verifies the integrity and authenticity of its firmware before executing it, using cryptographic signatures. If the firmware has been tampered with or is not from a trusted source, the device refuses to start. Secure boot prevents an attacker who has modified the firmware from having it run. It is a foundational security feature in well-designed IoT devices and absent from many cheaply manufactured ones.

The system of digital certificates, certificate authorities, and cryptographic keys that establishes trusted identity for devices and services. Each device has a unique certificate that proves who it is. The cloud service checks the certificate before accepting a connection. PKI is how IoT platforms know they are talking to a legitimate device rather than an attacker pretending to be one. Managing PKI at scale, including certificate issuance, renewal, and revocation, is one of the more demanding aspects of running a large IoT deployment.

The application of IoT technologies to industrial settings: manufacturing, energy, utilities, logistics, agriculture. Higher stakes than consumer IoT: a failed sensor on a production line or a power grid has consequences that a failed smart bulb does not. IIoT deployments prioritise reliability, long device lifetimes, and integration with existing industrial systems. The environments are often harsh (heat, vibration, electromagnetic interference) and the connectivity options more limited than in an office building.

The control systems that monitor and manage industrial infrastructure: power plants, water treatment, pipelines, factories. SCADA systems predate IoT by decades. The convergence of SCADA and IoT is one of industrial technology's most significant and most dangerous developments: connecting legacy industrial control systems to internet-connected infrastructure creates attack vectors that did not previously exist. The Stuxnet attack on Iranian nuclear centrifuges was an early demonstration of what this means in practice.

Hardware and software that monitors and controls physical equipment, processes, and events. As distinct from IT (information technology), which processes data. OT includes PLCs (programmable logic controllers), industrial sensors, and SCADA systems. The convergence of OT and IT is a defining challenge of industrial IoT: the two have different security models, update cadences, and failure tolerances. An IT system can be rebooted for a patch. A furnace controller on a production line cannot.

Using sensor data and analysis to anticipate equipment failure before it happens, and scheduling maintenance accordingly rather than waiting for breakdown. A bearing running hotter than usual, or vibrating at an unusual frequency, is a signal. Traditional maintenance is calendar-based (service every six months) or reactive (fix it when it breaks). Predictive maintenance aims to be condition-based: service when the data says it is needed, not before and not after. The economic case is strong; the data infrastructure required is significant.