Reducing the Cost and Complexity of Firmware Updates

2 Minute Read

This article originally appeared on IoT for All.

The market is starting to figure out what our customers have known for a long-time, firmware updates, the ability to modify devices operations, is a foundational device management service.

Firmware Updates

Why? Firmware updates future-proof IoT solutions in a world where change is perhaps the only constant. Not a day goes by where IoT security challenges, operational needs, and regulatory issues don’t continue to evolve.

Some examples include security, operational needs, and regulations.


From a security standpoint, each security flaw must be “patchable,” as in the case of this recently discovered widespread TCP/IP vulnerability.

Operational Needs

Customers sometimes need to make changes to security settings, data-objects, etc. For example, LPWAN customers are continually looking at ways to save energy, extending device lifespans. Recently a customer changed the data reporting frequency to improve energy efficiency.


US: The passage of the IoT Cybersecurity Improvement Act of 2020  requires all IoT devices used by government agencies to comply with strict NIST standards. One of the IoT Device Cybersecurity Capability Core Baseline (8259A) is software upgradeability.

In Europe, The European Telecommunications Standards Institute (ETSI) recently published EN 303 645 Cyber Security for Consumer Internet of Things: Baseline Requirements. Once again, firmware updates are a requirement.


To control costs, software updates, often referred to as firmware updates in IoT, are best automatically delivered via the network to the device and installed remotely without the necessity of costly service interventions.  In more concrete terms, we can’t manage billions of devices if we need service people. The industry refers to this capability as firmware over-the-air (FOTA).

Here are some FOTA best practices to keep in mind.


FOTA device management capabilities should be an early solution consideration and part of an overarching IoT strategy. You’ll want the following FOTA capabilities:


FOTA should be easy for developers and IT managers to implement.  Until recently, IoT was the domain of costly specialists. Fortunately, the technology is maturing. How easy should delivering a FOTA update be?

Ideally, there should be no cost or technological barriers.


FOTA updates use resources at the network, server/cloud, and device level. Conserving resources is both morally and economically responsible, but resource management is critical for battery-dependent LPWAN solutions.

These highly optimized solutions stay in the field for ten plus years. Updating the device consumes energy. FOTA services based on Lightweight wM2M 1.1 device management standards have been optimized to be as efficient as possible, conserving energy.

For example, in LwM2M 1.1, instead of FOTA requiring several energy-consuming client-server interactions, everything has been reduced to a single composite read-write function. This little detail saves picoamps resulting in substantial monetary savings.


IoT solutions are composed of devices and servers or cloud infrastructure to collect the data and manage the devices. Integrating FOTA services using a standard, like LwM2M future-proofs IoT. IoT needs to become about business choice, not technological constraints.

If your devices support LwM2M you can use any compatible device management service. In-hour or third-party.  Need developers to modify your solution? If you built using LwM2M, your talent pool is larger due to reduced complexity.


Although firmware updates are critical for maintaining IoT security, if proper security measures are not implemented, they may in fact, increase risk. Providing FOTA services based on a standard like LwM2M eliminates much of the risk.

What are the benefits? Firstly, you are using FOTA services that experts designed for precisely these types of Applications in mind, so your risk-plane is smaller, resulting in economic benefits.


Assuming you need FOTA capabilities or the market requires you to have them, the question becomes, what is the most economically rational way to implement them? Whether you are building consumer-focused solutions or business solutions, you’ll want a proven, secure, financially sound approach supporting future business objectives.

CoAP is Cool: Building Sustainable LPWAN Solutions
How Plug and Play is Key to Bringing IoT into the Future

Newsletter Sign-up