Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Rhys Knipe
on 5 November 2024


IoT device management refers to processes or practices used to deploy, monitor and maintain IoT devices. As organizations scale up their IoT efforts, a solid device management approach is essential to running a secure, streamlined fleet of devices. 

The proliferation of connected devices worldwide (projected to reach 18.8 billion in 2024) means that IoT device management is growing more complex, a reality that has not gone unnoticed by bad actors. In fact, 2023 saw an average of 60 IoT attacks per organization per week. This is because devices, and their connections to one another and your management system, constitute a considerable attack surface.

In this blog, we’ll run through the fundamentals of IoT device management by focusing on 3 objectives you need to achieve: visibility, interoperability and security. We’ll cover how an open device management approach can ensure you cover these 3 objectives in any fleet, of any scale, in any industry.

One umbrella to unite and protect your devices

Autonomous delivery robots are an example of IoT devices

You can think of your IoT management approach as an umbrella. It brings all of your devices together under one roof, and protects them all from threats. 

Depending on your compliance requirements, you might conduct IoT device management on a cloud, or on a local, on-premise system. Whatever your platform or OS, for good device management you must be able to connect to your devices, obtain information about their current state and deploy modifications. We talk often about device fleets – and it’s important to remember that for the devices to have real value, the fleet must function as a whole. If devices are behaving differently or transmitting inconsistent information, you’ll only be aware if you can compare the statuses of different devices. 

As such, your IoT device management approach should unify your device fleet, facilitate the easy collection of status information and allow for seamless updates to roll out across the fleet.

An IoT device could be anything from a car or a smart domestic appliance to an industrial controller in a factory or even an agricultural sensor. The possible applications are vast and the number of connected devices is growing every day.

Open device management for your stack

Canonical Landscape’s dashboard gives you full visibility over your fleet

A unified solution can come in different forms, but interoperability must be at the heart of your choice. If your devices cannot seamlessly communicate with one another and with your administrators, you won’t be able to create a unified solution. Proprietary systems can certainly offer a uniform environment, but given that they use closed source code, the constraints of that vendor’s ecosystem can limit your interoperability. Indeed, the risks of vendor lock-in may mean that you are compelled to select future devices and hardware based on compatibility with that vendor’s ecosystem – which limits your interoperability considerably.

By contrast, an open device management approach prioritizes business agility and flexibility, and rests on the belief that your system should accommodate your devices, not the other way round. Open device management places standardization and interoperability at its heart, by making use of open source software (OSS). This is because OSS is not wedded to any particular vendor, software or solution, which provides you with the flexibility to make choices about device management software and platforms without fear of incompatibility. 

For example, choosing an open source deployment OS, such as Ubuntu Core, can help ensure your devices readily integrate with one another, your wider stack and your chosen monitoring platform. Ubuntu Core is entirely containerized, which means that applications are packaged into isolated units that can be deployed, updated and redeployed with ease. And while being OSS, Ubuntu Core is built upon strict security requirements and reliability. 

With regard to systems management platforms, OSS offers integration with a wider range of platforms than you would find with proprietary software. For example, with Ubuntu Core, you can opt to deploy the IoT management platform of your choice, such as Azure IoT and Intel IoT. Alternatively, with Ubuntu Pro for Devices, you can use Landscape, Canonical’s systems management tool. 

Ubuntu Pro for Devices is not a different version of Ubuntu. It is a subscription service that adds on automated tools for hardening, compliance and device patching, in order to simplify the task of creating a secure fleet. We’ll now cover this in more detail in the next section of this blog.

Control patching for security and uptime

Open IoT device management goes beyond ensuring that your fleet is highly performant. It is crucial to keeping your whole estate secure in the face of continually evolving threats. Once you obtain full visibility over your device fleet, you are always aware of the vulnerability state of every device. This means that you can roll out the changes needed to any or all of the devices that require them. 

The solution you adopt will depend on your circumstances, particularly your patching schedule. It’s important to ensure your approach equips you with the tools to pivot and react quickly to critical vulnerabilities. Indeed, 42% of organizations report breaches occurring due to failure to apply a patch for a known vulnerability. Open device management, through its focus on interoperability, empowers you to make patching as straightforward as possible, and help your security teams keep pace. 

For example, Ubuntu Core is made up entirely of Canonical’s containerized packages, known as snaps. Snaps are isolated packages that can be deployed, updated and redeployed with ease. This isolation also means that organizations can confine patching to the units that require it, without potentially causing widespread compatibility issues. 

The key is to be able to control your security cadence, to ensure the right balance between uptime and patching. With snaps, you can choose to control the frequency of updates, set specific times or adopt a fully manual approach. As your deployment OS consists of containerized packages, your updates will reach the base OS, the kernel and the application.

If you wish to enhance your security approach and meet compliance requirements more quickly, Ubuntu Pro for Devices offers access to automated hardening tools for the major compliance frameworks, including FIPS-140, CIS and DISA-STIG. This allows you to seamlessly integrate your compliance efforts into your wider security strategy.

Focus on results, not risks

IoT device management allows your developers and administrators to focus on making your device fleets produce insights for your business, rather than on costly maintenance hours.

Placing your fleet under a single approach allows you to both scale and secure your efforts. Your goal should be to use tools, platforms and OSes that enable you to have full visibility and control over your fleet at all times, for a truly open device management approach. 

If you would like to learn more about automated security patching and device management for your fleets, we’d recommend exploring Ubuntu Pro for Devices.

Further reading

Related posts


Canonical
2 September 2024

Japanese device manufacturer I-O DATA DEVICE’s business expansion with Ubuntu Pro for Devices

Canonical announcements Article

I-O DATA has entered into a partnership with Canonical, aimed at bringing the benefits of open source and Ubuntu Pro for Devices to thousands of devices across Japan. ...


Canonical
19 November 2024

Canonical provides the ideal platform for Microsoft Azure IoT Operations

IoT Article

London, 19 November 2024. Canonical has collaborated with Microsoft as an early adopter partner and tested Microsoft Azure IoT Operations on Ubuntu Core and Kubernetes, which is notable as Microsoft today released Azure IoT Operations, a unified data plane providing significant improvements in node data capture, edge-based telemetry proce ...


Stephanie Domas
30 September 2024

What the Cyber Resilience Act (CRA) means for IoT manufacturers

Compliance Article

The EU Cyber Resilience Act has considerable repercussions for the IoT device manufacturers. In this blog, we explore these new regulatory requirements and give our blueprint for compliant, market-ready devices. ...