Here's why IoT testing is really going to matter to QA pros

It's easy to ignore the challenge of IoT and testing if that's not your job, but that's soon going to change. Expert Jennifer Lent explains what you need to know.

We all heard the horror stories about why internet of things testing matters: The intruder who wirelessly hacks your car's command center or the thief who steals the credit card data your washing machine relies on to buy more detergent from Amazon.

The stories are engaging. They raise legitimate, even alarming, concerns. But frankly, IoT testing always seemed like a specialized discipline to me. If you weren't building software for cars, big box home appliances or tiny wearable devices, its immediate relevance to quality assurance (QA) pros escaped me. For years, I heard and read a lot about it, but it wasn't clear to me why IoT testing mattered outside its own arena.

But last week at the IoT Dev + Test conference held in San Diego from April 24-29, the light bulb went on for me. I learned that IoT testing has significant implications for all QA pros -- even if it has next-to-no impact on the job you do today. "The internet of things is really about the 'internet of threats' and the 'internet of testing,'" said Theresa Lanowitz, founder of research firm voke Inc.

In a session called "IoT -- Let's Code Like It's 1999!" Lanowitz made the case that the internet of things brings to the fore key aspects of the software testing and development that have long gotten short shrift: security testing, performance testing and API testing. "It's always been about functional testing," she said. "Let's make sure the software works and get it out the door." But concerns about how IoT works in the real world place new emphasis on nonfunctional types of testing, including performance and security, she said. That presents a career path for software testers who spot the opportunity. "QA pros should build up their resumes for nonfunctional testing skills."

Here's a quick take on how IoT testing concerns are bringing security, performance and API testing to the fore.

Security testing: Get serious

The value of application security -- building software that is inherently difficult to breach -- is well understood. But it remains an afterthought for most organizations. "They don't pay attention until they've been hacked," and customer data and the company's reputation are at risk, Lanowitz said in her presentation.

To bolster her point, she showed a slide that compared 1999 and 2017 from an IoT standpoint. (In 1999, Sun Microsystems released Jini -- essentially, a precursor to today's IoT technology.) In most categories, significant strides were gained across 18 years. But in the security category, the gains were nil. "It didn't get much attention in 1999 and it doesn't now," she said.

In other areas, progress was dramatic. "In 1999, the word 'device' was not commonly understood. Now, everyone knows what it is. In 1999, network availability was unreliable; in 2017, network connections are pervasive," Lanowitz told the audience. She noted that the emphasis on IoT testing will force organizations to take application security seriously and that will benefit all software, not just those IoT applications.

Performance testing

Performance testing -- another QA practice that doesn't get enough attention -- will also get a boost from IoT, Lanowitz predicted. "When your washing machine is constantly sending data to your home network, you have to make sure [the network] is at 100%," she said.

Performance testing is important because it shows how software operates in real-world conditions, where, for example, IoT-enabled appliances continually extract capacity from the network. That's true in a workplace, where an elevator pings the network at frequent intervals to report the status of various parts or reports the number of people using it. Network overload will become the new normal with IoT, forcing software teams to address application performance management early in the development cycle, Lanowitz said.

API testing

The rise of IoT-enabled appliances, devices and other machines will also force QA pros to focus on API testing, Lanowitz said. The idea is to make sure the API that software depends on to interact with e-commerce sites works properly and performs reliably. Your washing machine is set up to order your preferred detergent from your preferred supplier, depending on the best price, Lanowitz explained. "You have to test the APIs from the washer to Amazon, the washer to Costco, the washer to Target. API testing is more of an issue with IoT use cases."

So, there you have it: Concerns around IoT testing will inadvertently give a big boost to security, performance and API testing. Will it happen? Early indicators are good. In late 2016, voke conducted its annual survey that asks, among other things, "What's more important: quality (47%), time to market (45%), or cost (8%)?"

"For the time in 10 years, quality is the top priority," Lanowitz said. "In the past, it was always "time to market."

What do you think? Will IoT force your team to do more security, performance and API testing? Let me know!

Next Steps

The IoT testing algorithm that works

Do you have what it takes to succeed in the future?

Should testers learn to code? Maybe

Dig Deeper on DevSecOps and automated security