In early October, our team had the opportunity to attend the first embedded world North America conference in Austin, Texas. The conference ended on October 10th, 2024, and although smaller than the accompanying Nuremberg event, it welcomed over 3,500 attendees and 180 vendors across its three-day schedule.
The conference touched on many hot topics in the IoT space, including the vast regulatory landscape, OS and RTOS decisions, and orchestration challenges while managing sizable IoT fleets. Throughout the conference, the team was busy at the Mender booth, showcasing extensive OTA demonstrations and advanced use cases. Mender also presented with Keyfactor on managing verified security throughout the IoT device lifecycle.
The inaugural North American embedded world was an exciting success highlighting the importance of open discussion and thought leadership on a global scale throughout the vast footprint of the embedded community. With Austin a distant memory, embedded world North America will return in 2025 in Anaheim, California. Considering the success of this inaugural event and the announcement of its continuation, we wanted to cover the Mender team's main takeaways and significant trends to watch for as the IoT landscape continues to grow.
The changing regulatory landscape and IoT compliance
The regulatory landscape was a key theme at embedded world 2024, with the European Union Cyber Resilience Act (CRA), formally adopted on October 10th, a central point of discussions. As IoT fleets scale, manufacturers must prioritize compliance to remain competitive and avoid detrimental penalties in an evolving market. The EU CRA applies horizontally across products with digital elements and emphasizes security by design, requiring manufacturers to ensure their devices are resilient against cyber threats throughout their lifecycle.
The Cyber Resilience Act regulation is particularly significant for IoT developers managing large, complex device ecosystems, as it mandates regular updates, vulnerability management, and robust security protocols. Failure to comply with these standards could lead to hefty fines and European market restrictions. Still, some noncompliance fines are so intense they may jeopardize global market competition. With North America watching closely, these regulations could influence the global IoT market, driving a shift toward increased transparency, accountability, and security across the industry. Renowned for its focus on secure and robust OTA updates even within complex environments, Mender aligns naturally with the CRA requirements. Mender ensures IoT devices are updated securely and efficiently to meet compliance requirements, reducing risks, and supporting long-term device resilience from design to decommission. The dialogue surrounding the CRA at embedded world North America reinforced the importance of adopting solutions that streamline compliance while minimizing operational friction.
The importance of choosing the correct operating system for IoT: Zephyr gaining prominence
Another prevalent discussion throughout embedded world 2024 was the importance of choosing the correct operating system (OS) to scale an IoT project. Throughout these discussions, the theme of a Linux-based architecture versus a real-time operating system (RTOS), like Zephyr or freeRTOS, was at the forefront of developer decisions. Since FreeRTOS was purchased by Amazon, concerns of lock-in have been building; as an alternative, the Linux Foundation-backed Zephyr has been gaining prominence in the embedded space. While Linux-based systems are known for their scalability and rich feature sets, real-time operating systems (RTOSes) offers distinct advantages for resource-constrained IoT devices that require real-time processing and deterministic performance. RTOSes are designed to handle time-sensitive tasks with minimal latency, making it ideal for applications that demand precision and reliability, such as industrial automation, medical devices, and automotive systems.
Unlike traditional Linux-based architectures, RTOSes focus on simplicity and efficiency, which require minimal memory and processing power. These characteristics make RTOSes a perfect fit for IoT devices with limited hardware capabilities. Furthermore, RTOSes typically include built-in support for power management, which is essential for IoT devices that rely on long battery life. The decision to use an RTOS versus a more full-featured Linux-based OS ultimately depends on the project's specific needs. Still, RTOSes offer a compelling option for real-time, low-power, and secure IoT environments. Continuing to expand OS support, including RTOS, further enhances the value Mender offers, providing secure over-the-air (OTA) updates and ensuring devices can be continuously updated and safe throughout their lifecycle without compromising operational efficiency. The flexibility, security, and scalability of RTOSes make it a top choice for developers seeking to future-proof their IoT solutions with limited hardware or tight deadlines.
The challenges with orchestrating over-the-air (OTA) updates across extensive fleets
A prominent discussion amongst IoT leaders was the difficulty of managing updates across systems with diverse embedded components, such as software-defined vehicles or complex IoT systems. Ensuring that updates across systems with diverse electronic components are appropriately synchronized presents a difficult challenge in the IoT space, and a common consensus was the need for orchestration capabilities across the industry. In heterogenous IoT environments, devices often have interdependent software components, and updating one part without considering the others can lead to system failures or operational downtime. In these IoT systems, effective orchestration becomes essential, as it ensures that updates roll out smoothly and only when all components can be successfully updated.
Orchestration capabilities address this challenge by managing atomic updates—either all components are updated successfully or none at all—to ensure software dependencies are honored while avoiding an entire system outage. Partnering orchestration with robust OTA features like rollback mechanisms prevents partial failures. Additionally, a robust solution must track the system's actual state and compare it to the desired state from the server, calculate the gap, and orchestrate updates only when necessary. Orchestration solutions must retrieve missing or delta software packages in real time; from there, the OTA ensures that devices receive the specific updates they need. This approach minimizes risks, maximizes uptime, and provides smooth, coordinated updates across diverse IoT fleets.
Managing verified security throughout the IoT device lifecycle: Mender and Keyfactor
The Mender team's participation at Embedded World 2024 included two key in-person events that showcased robust and secure over-the-air (OTA) update capabilities and reinforced the importance of end-to-end IoT device security.
In partnership with Keyfactor, Mender explained how to establish verified security throughout the IoT device lifecycle. The presentation explored the potential attack surfaces—including the device, fleet, operations, and legal layers—and outlined the need for a robust security framework across the entire device lifecycle. Key topics included secure boot, OTA updates, firmware signing with public key infrastructure (PKI), and centralized control over certificates and update processes. Together, these elements ensure that IoT fleets remain secure from the design phase through decommissioning, providing reliable device lifecycle management across the board. The presentation concluded by highlighting how the Mender-Keyfactor partnership helps maintain secure, compliant, and fully up-to-date IoT environments.
A recurring theme, the presentation reinforced the necessity of comprehensive security and effective update management in the rapidly evolving IoT landscape.
Future-proofing IoT with Mender
In the aftermath of the first embedded world in North America, it is clear that comprehensive IoT security and device lifecycle management practices will define the winners in the industry moving forward. With new regulations, like the EU CRA that govern security horizontally, manufacturers must cover their bases to avoid scrutiny and succeed in the industry. On an operational front, the increased prominence of RTOS systems requires a deeper understanding of the requirements of an IoT project to provide consumers with the most secure and efficient solution. Additionally, as IoT systems become increasingly complex with software dependencies, the challenge of update orchestration shines through, requiring additional consideration around update compatibility and security assurances. The prominence of connected devices will only continue to grow alongside regulations, dependencies, and threats; throughout embedded world 2024, the conversations all pointed toward the importance of future-proofing infrastructure to provide the best and most secure experience to customers across the globe.
Recent articles
The scope of EU Cyber Resilience Act (CRA) compliance
An overview of EU Cyber Resilience Act (CRA) compliance
Challenges in complying with the EU Cyber Resilience Act (CRA)
Learn why leading companies choose Mender
Discover how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices. Focus on your product, and benefit from specialized OTA expertise and best practices.