Internet of Things (IoT) devices are becoming increasingly ubiquitous, e.g., at
home, enterprise environments, and production lines. To support the
advanced functionalities of IoT devices, IoT vendors, as well as service and
cloud companies, operate IoT backends---the focus of this paper. We propose a
methodology to identify and locate them by (a) compiling a list of domains used
exclusively by major IoT backend providers and (b) then identifying their server
IP addresses. We rely on multiple sources, including IoT backend provider
documentation, passive DNS data, and active scanning. For analyzing IoT traffic
patterns, we rely on passive network flows from a major European ISP.
Our analysis focuses on the top IoT backends in terms of revenue and unveils diverse operational strategies---from operating their own infrastructure to utilizing the public cloud. We find that the majority of the top IoT backend providers are located in multiple locations and countries. Still, a handful are located only in one country, which could raise regulatory scrutiny as the client IoT devices are located in other regions. Indeed, our analysis shows that up to 30% of IoT traffic is exchanged with IoT backend servers in other continents. We also find that at least six of the top IoT backends rely on other IoT backend providers. We also evaluate if cascading effects among the IoT backend providers are possible in the event of an outage, a misconfiguration, or an attack.