As the volume of IoT devices used in organizations increases, keeping devices updated will present a challenge. Teams that develop a strategy for IoT software updates early in their deployment will find themselves in a more manageable situation than those who don't.
Even though a standard IoT device workflow would make device updates easier, for the most part, IoT devices have individual update workflows. It's up to the device owner to manage them. But it's nearly impossible to do because enterprises tend to have hundreds, if not thousands, of devices in their fleet.
Many organizations don't have an update strategy because they rushed to deploy IoT into their tech stack without developing an overall IoT strategy. They tackle each part of the strategy, such as security, integrations or connectivity, individually and don't circle back to the overall plan.
Several years into the IoT experiment, there's no turning back. By 2025, IoT will have a global economic impact of as much as $11 trillion across multiple sectors, with nearly 70% of it from the B2B market, according to the McKinsey Global Institute report "Unlocking the potential of the Internet of Things." Enterprises must take control of their IoT infrastructure and develop a thorough update process to sustain them reliably now and for the future.
Why organizations don't already have an IoT update process
Ask any IT business leader, and they will likely give multiple reasons why they haven't created an IoT software update process yet, including:
- They've been piggybacking on other update processes or relying on IoT management software to do the updates.
- They thought another team was handling it or forgot which team they were collaborating with on it.
- They didn't realize a piece of legacy technology had failed and didn't allow the update to finish.
- Their legacy software isn't compatible with the IoT devices and bypasses the update process for devices connected downstream from it.
Regardless of the situation, organizations that use IoT need to create an IoT-specific update process to ensure the integrity of their systems and keep them safe from cyberattacks.
Best practices to create an IoT update workflow
Consider these seven best practices when developing an IoT update workflow:
1. Think about the updates before deployment. Understand where IoT devices will be located, how they can be updated and who will update them. Developing an update process before it's needed ensures that IT leaders have prepared for most scenarios by speaking to most stakeholders and considering all the technical details before deploying the devices.
Adopt a progressive deployment approach for minor, major and emergency updates, so stakeholders will know what is done and when. Define what will be included in each update and how to schedule them for all devices.
Consider criticality of use issues when scheduling updates because software or firmware may encounter severe, but unintended, consequences while updating. For example, when deploying to medical devices, implement measures to detect when the device is off and can be safely updated.
2. Consider the type of IoT devices in the fleet. Also known as IoT asset management, it's essential tech experts who know the composition of their IoT fleet. Devices may come from a single manufacturer, or they may be composed of one or more components from multiple manufacturers. Each manufacturer will provide updates for their components, which can be a problem for organizations with thousands of deployed devices. Ask the device manufacturer and IoT device management provider for support on how to best manage multiple device types.
3. Test the IoT software updates before rolling them out. As with most technology, a testing period will help identify gaps or unintended issues. Plan to update a small number of IoT devices as a test, then deploy the update on a broader scale. Give people a way to contact support if they notice any failures or errors.
4. Be aware of update timing and schedules. Be mindful of who is affected during an update, both internally and externally. Schedule it during off-peak times to reduce the effects on users and connected technology.
Consider network bandwidth usage, update server performance and individual device performance during updates. Any degradation of performance or congestion of bandwidth could lead to rollbacks and device failure, causing outages across the network.
5. Provide a recovery procedure for failed updates. Outline what will happen if an update fails, including how to:
- Back up and store the current working configuration of the device locally before applying an update and how the backup is deleted.
- Roll back a failed update for each device type and who's notified when it happens.
- Reschedule an update for a future date, such as manual or automatic rescheduling after several unsuccessful tries. For example, after five unsuccessful attempts, the update must wait at least 48 hours before another attempt.
- Define the retry period and procedure for failed updates, such as whether an update is skipped if a newer one is available during the next update period.
6. Security updates throughout the process. Security measures should be put into place to protect the device itself and any network-connected devices providing updates. All update files downloaded from cloud storage should be authenticated before being used.
Bonus update security method. Security services should only allow authorized rollbacks on IoT devices. This protects them from criminal exploits through downgrade assaults that load an older, unsecured version of software or firmware to exploit a known vulnerability.
7. Communicate with all stakeholders throughout updates. Communicating with stakeholders before, during and after an IoT device update decreases support calls from people who aren't directly involved or affected by the update. Timely communications are also an opportunity to enlist the help of other employees if connected devices must be turned off before updating or rebooted in the case of a failed update.