DevSecOps・OTA・オブザーバビリティ：セキュアでスケーラブルなIoTの実現

ソフトウェアDevSecOps、展開、オブザーバビリティ、OTAソリューションは、IoT機器やシステム向けのソフトウェア開発およびリリースの手法の変化に対応するために進化しています。IoT市場での競合が激化する中、開発組織は、ソフトウェアを開発から展開までより迅速に移行させる必要があり、そのためには可能な限り多くのプロセスを自動化して、市場投入までの時間を短縮することが求められています。また、標準や規制の強化により、機器のセキュリティや健全性に対する責任が製造業者に移ってきており、それに対応するため、機器のフリートを継続的に監視し、ソフトウェアのメンテナンスやアップデートを継続的に提供できる、堅牢な商用ソリューションへの需要が高まっています。

本レポートでは、IoT向けソフトウェアDevSecOps、展開、オブザーバビリティ、OTAソリューションの市場を調査し、市場規模の推移・予測、主要動向、新興国市場、地域市場、主要ベンダーについて考察し、組み込みデバイスのエンジニアと研究開発者を対象とした厳選した洞察を提供しています。

どのような質問に対応していますか？

• IoT向けソフトウェアDevSecOps、展開、オブザーバビリティ、OTAソリューション市場の規模はどれくらいで、2029年までにどれほど成長するか？
• どの産業および地域市場が最も急速に成長しているか？
• 主要なパートナーシップ、買収、標準化、規制は、この市場にどのような影響を与えているか？
• どの市場がOTAソリューションの広範な導入に適しているか？
• AIおよびML（機械学習）は、ソフトウェアの開発と展開の自動化にどのように活用されているか？
• IoTシステム向けソフトウェアDevSecOps、展開、オブザーバビリティ、OTAソリューション市場で、どのベンダーがリードしているか？

主な調査結果：

• さまざまな業界のデバイスメーカーや事業者は、拡張機能やパッチの展開を行う主要な手段として、OTAを選択する傾向が強まっており、この流れは政府や標準化団体による規制や監視の強化を招いています。
• 開発組織の19.3%はIoTデバイスや組み込みシステムへのソフトウェア展開とOTAアップデートの手段として、コンテナ技術に注目しています。
• ソフトウェアDevSecOps、展開、オブザーバビリティ、OTAソリューションの市場では、M&Aの動きが活発になっており、主要企業の統合が進行しています。このツール領域や機能の融合は、プラットフォーム全体の性能と機能性を大幅に向上させています。
• 欧州のCyber Resilience Act (CRA) などの規制が、IoTシステム向けのソフトウェアDevSecOps、展開、オブザーバビリティ、OTAソリューションの需要を大きく後押ししています。

目次

本レポートの内容

どのような質問が取り上げられますか?

本レポートを読むべき人は誰ですか?

本レポートに掲載されている組織

エグゼクティブサマリー

• 主な調査結果

イントロダクション

• 導入アプローチは多様
• 導入を成功させることで、堅牢なソフトウェア開発ライフサイクルが確立されます
• オブザーバビリティ
• ライフサイクル管理の考慮事項

世界市場の概要

垂直市場

• 航空宇宙および防衛
• 自動車車載
• CE製品
• 産業オートメーション
• 医療機器
• 輸送

地域市場

• 南北アメリカ
• 欧州・中東・アフリカ
• アジア太平洋

最近の市場動向

• AI主導のアップデートキャンペーン管理
• 成熟しつつある手法がプロセスを効率化
• デバイス群の寿命が延びている
• アプリケーションのスケーラビリティ：IoT市場でのコンテナ技術への注目を促進
• 買収、提携、市場転換
• 組織
• アーキテクチャとフレームワーク
• 関連規格
• OTA導入を促進する規制

競合情勢

• 主要ベンダーの洞察
  • Aeris
  • Balena
  • CloudBees
  • Elektrobit (Continental)
  • Excelfore
  • GitLab
  • HARMAN
  • JFrog
  • Memfault
  • Sibros
  • Telit Cinterion
  • Vector Informatik
  • Wind River

エンドユーザーの洞察

• リモートIoTアプリケーションの導入が継続的に増加
• OTA購入の意思決定を促すセキュリティ上の懸念
• SDLCの統合

著者について

Inside this Report

Software DevSecOps, deployment, observability, and over-the-air (OTA) solutions are evolving to keep pace with the changing methods of building and releasing software for IoT devices and systems. As competition in IoT markets intensifies, developer organizations must accelerate the transition of software from development to deployment, automating as many processes as possible to achieve rapid time-to-market. Rising standards and regulations have shifted the responsibility for device security and health to manufacturers, creating a demand for robust commercial solutions that continuously monitor device fleets and provide ongoing software maintenance and updates.

This report explores and sizes the IoT market for software DevSecOps, deployment, observability, and OTA solutions. It discusses trends, vertical and regional markets, leading vendors, and provides selected insights from VDC Research's survey of embedded device engineers and developers.

What Questions are Addressed?

• What is the size of the IoT market for software DevSecOps, deployment, observability, and OTA solutions and how fast will it grow through 2029?
• Which vertical and regional markets are growing the fastest?
• How are key partnerships, acquisitions, standards, and regulations shaping the market?
• Which markets are primed for widespread adoption of OTA solutions?
• How are Artificial Intelligence and Machine Learning used to automate software development and deployment?
• Which vendors are leading the software DevSecOps, deployment, observability, and OTA solutions for IoT systems market?

Who Should Read this Report?

• CEO or other C-level executives
• Corporate development and M&A teams
• Marketing executives
• Business development and sales leaders
• Product development and strategy leaders
• Channel management and channel strategy leaders

Organizations Listed in this Report:

Executive Summary

As DevSecOps methodologies and continuous integration/continuous delivery (CI/CD) practices mature, developers integrate faster feedback loops into the earlier stages of the software and device development lifecycle, improving time to market, product quality, and software deployment in IoT. This blending of development processes is evident in the commercial market for deployment and maintenance solutions, where platforms now combine software testing with deployment features, offering developers a unified solution for automation across the design, build, test, and deploy phases.

DevSecOps observability enables teams to continuously monitor, measure, and analyze the health, performance, and security of applications and infrastructure throughout the software development lifecycle. It includes a combination of metrics, logs, and traces to provide insights into the system's operational and security aspects, allowing teams to detect issues early and respond quickly. The secure wireless distribution of software updates supports the continuous delivery aspect of the CI/CD pipeline.

OTA updates, initially introduced for mobile phones, expanded into the consumer electronics and automotive sectors. Vendors help fuel the wider adoption of updates by integrating OTA solutions across diverse IoT industries, offering both specialized solutions for specific applications and versatile platforms designed to serve multiple IoT market segments. The combination of regulations mandating the updatability of connected devices and the growing adoption of CI/CD and DevSecOps practices within development organizations is increasing the demand for commercial solutions to replace in-house developed alternatives.

Key Findings

• Device manufacturers and operators across multiple industries are choosing OTA updates as their primary means to deliver enhanced features and rollout patches, a trend which is bringing increased scrutiny and regulations from governments and standardization bodies.
• 19.3% of developer organizations are looking toward container technology as an emerging method of deploying software and delivering OTA updates to IoT devices and embedded systems.
• Merger and acquisition activity in the software DevSecOps, deployment, observability, and OTA solutions market has led to increased consolidation among key players. This convergence of tool domains and functionalities has significantly enhanced platform capabilities.
• Regulations like the European Cyber Resilience Act (CRA) are significantly driving the demand for software DevSecOps, deployment, observability, and OTA solutions for IoT systems.

Security Concerns Driving OTA Purchasing Decision

Tied with cost sensitivity, ease of use ranks as the second-most important factor influencing the selection of OTA deployment solutions [See Exhibit 13]. The deployment of OTA update campaigns is oftentimes a very manual task, requiring engineers to weigh multiple factors including rollout timing, device downtime, and potential versioning issues. This is one area where AI-driven OTA campaigns and the pairing of monitoring solutions can introduce increased ease of use to OTA solutions. By intelligently connecting update campaigns to real-time device status and analytics, device manufacturers/fleet managers can minimize the potentially costly consequences of failed update campaigns. Vendor reputation noticeably ranks amongst the lowest purchasing decision factors, suggesting a yet-to-be-determined competitive positioning of embedded OTA solution vendors. This consumer sentiment offers a considerate opportunity for new entrants seeking to deliver OTA capabilities to embedded markets. For those seeking to enter or increase their positioning within this segment of the IoT, focus should be dedicated towards enabling seamless yet confident deployment capabilities, bolstered by real-time capabilities and insights into campaign rollouts.

As with many areas of the IoT, the impact of integrating OTA solutions into toolchains and software stacks remains the topmost priority for development organizations. Failed software deployments can not only cause monetary and opportunity costs in the form of patches and downtime but also increase the attack surface for exploitation. Furthermore, an insecure OTA solution can enable threat actors to deploy malware alongside software packages to devices. Other opportunities for exploitation within the deployment process include hijacking and interrupting updates mid-deployment, leading to corrupted devices and systems. Partnerships with IoT security vendors (e.g., public key infrastructure (PKI) vendors) offer one avenue for OTA solution providers to bolster the security of their solutions (such as those between Excelfore/IIJ Global, Karma Automotive (Airbiquity)/QNX, and Telit Cinterion/Thales).

Table of Contents

Inside this Report

What Questions are Addressed?

Who Should Read this Report?

Organizations Listed in this Report

Executive Summary

• Key Findings

Introduction

• Deployment Approaches Vary
• Successful Deployment Establishes a Robust Software Development Life Cycle
• Observability
• Lifecycle Management Considerations

Global Market Overview

Vertical Markets

• Aerospace and Defense
• Automotive In-Vehicle
• Consumer Electronics
• Industrial Automation
• Medical Devices
• Transportation

Regional Markets

• The Americas
• Europe, the Middle East & Africa (EMEA)
• Asia-Pacific (APAC)

Recent Market Developments

• AI-driven Update Campaign Management
• Maturing Practices Streamline Processes
• Device Fleet Longevity Increasing
• Application Scalability Driving Interest in Containers Within the IoT Market
• Acquisitions, Partnerships and Market Pivots
  • Karma Automotive Acquires Airbiquity to Bring OTA In-house
  • Aurora Labs Pivots Away From OTA
  • Excelfore Partners With Microsoft to Deploy AI-driven Update Campaigns
  • Qualcomm Acquires Foundries.io
  • JFrog Acquires Qwak AI
  • Sibros Partners with Harbinger Motors and ZM Trucks to Deploy OTA to Medium-Duty Vehicles
  • CloudBees Acquires Launchable
• Organizations
  • Cloud Native Computing Foundation
  • Continuous Delivery Foundation
  • eSync Alliance
• Architectures & Frameworks
  • AUTOSAR
  • SOAFEE
  • Eclipse Kanto
  • Pantavisor Linux
  • Uptane
• Relevant Standards
• Regulations Driving OTA Adoption
  • AUTOMOTIVE
  • MEDICAL DEVICES
  • OTHER IOT

Competitive Landscape

• Selected Vendor Insights
  • Aeris
  • Balena
  • CloudBees
  • Elektrobit (Continental)
  • Excelfore
  • GitLab
  • HARMAN
  • JFrog
  • Memfault
  • Sibros
  • Telit Cinterion
  • Vector Informatik
  • Wind River

End-User Insights

• Sustained Increases in Remote IoT Application Deployments
• Security Concerns Driving OTA Purchasing Decision
• Unifying the SDLC

About the Authors

List of Exhibits

• Exhibit 1: Worldwide Revenue for Software DevSecOps, Deployment, Observability, and OTA Solutions for IoT Systems
• Exhibit 2: Worldwide Revenue for Software DevSecOps, Deployment, Observability, and OTA Solutions for IoT Systems 2024 & 2029, Share by Vertical Market
• Exhibit 3: Worldwide Revenue for Software DevSecOps, Deployment, Observability, and OTA Solutions for IoT Systems 2024 & 2029, Share by Geographic Region
• Exhibit 4: Software Design Methodologies Used and Expected to Be Used
• Exhibit 5: Software DevSecOps, Deployment, Observability, and OTA Solutions for IoT Systems Forecast Scope
• Exhibit 6: Estimated Number of Years of Useful Life for Product Once Deployed, 2022 & 2024
• Exhibit 7: Factors Driving Organization to Adopt Container Technology in Current Project
• Exhibit 8: Worldwide Revenue for Software DevSecOps, Deployment, Observability, and OTA Solutions for IoT Systems, Share by Vendor
• Exhibit 9: Over-the-air (OTA) Software/Firmware Deployment Solutions Used on Current Project
• Exhibit 10: Most Important Factors in Selection of OTA Deployment Solutions, by Solution Source
• Exhibit 11: Current & Expected Use of Remote Application Deployment & Management
• Exhibit 12: Current Use of Remote Deployment & Management by Vertical Market
• Exhibit 13: Most Important Factors in Selection of OTA Deployment Solutions
• Exhibit 14: Most Important Factors in Selection of Release Management/Continuous Deployment Tools