The recent Embedded World North America conference highlighted trends in IoT technologies across industries. The attendees, a diverse group of professionals, were interested in more than just the technical execution. From conversations at our booth and across the event, it's clear the embedded landscape is evolving beyond silicon and code into a strategic, lifecycle-driven approach.
As products become more complex and their uses more dynamic, challenges in fleet observability, device and tech stack heterogeneity, real-time analytics and action, and continual management expand. Product managers, compliance officers, and business leaders — attendees wrestle with how to keep products secure, compliant, and revenue-generating over the years, not just through launch.
Products are becoming increasingly dynamic and software-defined. This trend is not new. However, heightened demands for recurring revenue and new feature sets in IoT products add a growing layer of complexity. OEMs can no longer follow a “ship-it and forget it” mindset; software products need to be monitored, updated, secured, and continuously improved over time to deliver new capabilities and maintain competitive value.
Many of these new capabilities involve artificial intelligence (AI), whether for predictive maintenance, edge analytics, or autonomous decision-making. But implementing AI for automation and insight also adds another component that must be managed and secured. AI integrations are a double-edged sword, where removing manual oversight reduces human error, but also allows anomalies to go unnoticed without additional monitoring systems in place. And as devices grow more autonomous, the stakes for security and reliability only increase.
Interestingly, a concentrated, strong engagement from Latin American companies, particularly from Chile, attended this year’s event. Latin American mining operations are undergoing rapid modernization, and even in bare-metal microcontroller environments, gateway devices are becoming key entry points for over-the-air (OTA) update infrastructure. It's a clear reminder that a secure and robust OTA update platform isn't just a nice-to-have; it's mission critical in industrial contexts where downtime costs millions.
If there was a single consensus across talks, booth discussions, and partner interviews, it's that OTA update capabilities are now table stakes. With the increasing complexity of connected environments, requirements, regulations, and threat vectors, the applicability of OTA updates extends far beyond remote firmware delivery. OTA updates are now a survival mechanism for products, with battle-tested robustness and reliability serving as a product differentiator in the connected market.
Robustness and security are mentioned throughout many conversations about connected device management; however, in production, robust OTA updates mainly encompass:
Applying these features of robust and secure OTA updates to today’s typical product fleet reveals the criticality and complexity of a proper OTA update infrastructure. Here are a few common scenarios:
Modern IoT deployments often include devices running different architectures and operating in environments with varying degrees of connectivity. Supporting OTA updates across this heterogeneous landscape, from Linux-based gateways to resource-constrained microcontrollers, requires a flexible, unified approach to fleet management.
During the conference, Luis Ramirez-Vargas, Embedded Linux Customer Engineer at Northern.tech gave a demonstration of Mender for Zephyr real-time operating system (RTOS). The robust capabilities of Mender-powered OTA updates are now available for Zephyr-based RTOS projects.
Mender MCU enables robust firmware updates on resource-constrained devices through Zephyr integration. Mender provides an Update Module interface that integrates with MCUboot to provide A/B updates. These capabilities allow MCUs to perform fail-safe OTA updates with rollback support.
The Zephyr ecosystem offers several OTA options. Selection should hinge on project complexity, scale, hosting requirements (SaaS vs. on-premise), and compliance needs. Start simple, test each step, and design the OTA update infrastructure and process to manage your fleet and operations with future growth in mind—not just successful file transfer.
As devices scale, visibility becomes non-negotiable. An OTA update decision must be made early on with future-proofing in mind. Project constraints, such as rollback strategies and connectivity requirements must be planned early on to avoid costly outages or downtime later in a product's lifecycle.
From AI to connectivity, traditional device management approaches weren't built for this level of dynamism. Today’s software-defined, continuously evolving products are expected to improve over time while remaining functional and secure. To keep pace, manufacturers need a structured, end-to-end framework that spans the entire product journey, from initial design to eventual decommissioning.
While OTA updates handle the "how" of updates and maintenance, device lifecycle management (DLM) addresses the "why" within the broader operational context.
DLM is a strategic framework spanning the entire product journey, from design and manufacturing through provisioning, commissioning (first-boot updates), ongoing maintenance (CI/CD and vulnerability management), and eventual decommissioning.
Five core elements play a key role in comprehensive DLM:
In software-defined product management, DLM requires cross-functional alignment between engineering, security, compliance, and operations teams. It starts with a cultural “buy-in” centered on a shared understanding of the framework's importance for both the OEM and the end consumer.
Mender delivers the robust OTA update infrastructure that makes security and compliance achievable at any level of complexity, providing the visibility, traceability, and update capabilities required throughout the entire product lifecycle.
In an environment where AI models can be poisoned, firmware can be hijacked, and devices are deployed in mission critical settings, security can't be a one-time effort. It must be continuous, automated, and built into the fabric of device management.
In recent years, IoT has become increasingly intelligent. But, as with any novel technology, there are new threats, opportunities, and responsibilities. Devices that learn, adapt, and operate autonomously must also be secure, compliant, and maintainable over time.
DLM provides the structure, tooling, and mindset needed to keep connected products secure, operable, and market-ready, from first deployment to final retirement.
The manufacturers who embrace DLM today will be the ones leading innovation tomorrow. Those who don't risk falling behind, outpaced by competitors, outdated by regulations, and outmaneuvered by adversaries’ security threats they can't patch fast enough.
The future of IoT is intelligent, connected, and dynamic; successful product offerings require an equally dynamic lifecycle management strategy.