Device companies are embracing the ability to future-proof their products with the quick security updates, easy new feature deployments, valuable device data and more that OTA firmware management provides.
But before you choose a solution provider, here are some key questions to consider when thinking about OTA update solutions for IoT devices:
Are updates authenticated and integrity protected from end-to-end?
It’s important to select a platform that will allow you to secure the entire OTA update process. One tool you can use is authentication, which may include authentication of the server, the device and the firmware package.
Authenticating your server and the firmware package tells the device the update they are receiving is, in fact, from you and not a man-in-the-middle server trying to take over the device. Securing the device is a bigger challenge.
You should have your server authenticate your device to prevent malicious access. But devices are out in the world and can be physically captured – someone could walk away with your remote heart rate monitor – and eventually a thief may be able to crack the device. This means you must limit the server access you give to a device. If the heart monitor thief cracks the device and is able to connect to the hospital server, you don’t want it to have privileges that will allow the thief to change server setting or access other devices on the server. Device authentication and limiting functionality of a device connecting to your server are the best ways to manage security on the device side.
How do you authenticate? Signatures. Signing is a way to authenticate that data can only come from a verified source. The signer has a private key and the reader has the public key which verifies the private key but isn’t capable of generating a signature of its own.
Every IoT device is different – many are resource-constrained with limited processing power – and it’s important to select a platform that allows you to implement the ideal security for your particular product.
Does the OTA update platform provide recovery from failed updates?
A failed update should be capable of rolling back to the previous stable version. An update should never have the ability to disable a device’s connection to the update server and preventing further updates from being pushed. Make sure the OTA update solution you choose supports A/B device partitioning to ensure seamless updates.
Can you customize the deployment of OTA updates to minimize risk and resources?
Look for a platform that allows you to reduce the risk of fleet malfunction and quickly identify issues by creating a customized update rollout plan. Phased rollouts allow you to push updates incrementally to a percentage of your devices to test updates before you deploy to your entire fleet. Device grouping enables you to split your devices into specific groups like beta users, customers facing a bug, groups defined by geography and more and only rollout to those that need the fix.
Does the OTA update solution integrate seamlessly into diverse environments?
There is no single platform of standardization for IoT devices. As a result, there is a multitude of different languages, protocols and standards being used. A good OTA update platform should be hardware agnostic support updates on any operating system, allowing you to manage software updates across your diverse fleet of devices from a seamless and unified interface.
Will the platform scale with your growth?
OTA update platforms must be scalable to large number of devices without incurring additional network bandwidth. When additional devices are added to the OTA platform it adds to the network traffic, and if the platform is not designed to scale, it could lead to a breaking point. As IoT deployments increase, networks must be able to automatically adapt to avoid a platform slow down or crash.
You should implement an IoT platform that’s able to scale quickly and efficiently right from the start. Cloud-based update platforms enhance scalability and make OTA updates more efficient, while reducing bandwidth usage and costs.