Exaud Blog

IoT Embedded Software: Architecture Decisions and Common Pitfalls

IoT embedded software fails most often at the architecture layer. Here are the decisions that matter, the patterns that work, and the pitfalls to avoid. Posted onby Exaud

Industry surveys consistently find that between 60% and 80% of IoT projects fail to reach successful deployment. A Cisco research across 1,845 business and IT decision-makers found only 26% of IoT initiatives are considered successful. The hardware works, the cloud platform is configured, and the demo runs cleanly. Then the device population grows, connectivity becomes intermittent, and the architecture that looked reasonable at 50 devices starts breaking at 5,000.

 

The decisions that determine whether an IoT system scales reliably are almost all made at the embedded software layer, and most of them are made early. This post covers the architectural choices that matter most, the failure patterns that appear most often in production, and how to structure IoT embedded software to avoid them.

 


What Is IoT Embedded Software?


IoT embedded software is the firmware and software running directly on a connected device, responsible for reading sensors, processing data locally, managing connectivity, handling power states, and communicating with backend systems. It sits between the hardware and the cloud, and it operates under constraints that general-purpose software does not face: limited memory, restricted processing power, unreliable network access, and the expectation of running unattended for months or years.

Unlike a server or a mobile application, an IoT embedded system cannot simply restart when something goes wrong. As we cover in our post on embedded software in IoT, the software layer needs to handle failures gracefully because there is no human in the loop to intervene. This requirement shapes every architectural decision.

 

 

The Core Architecture Decisions 

 

Before writing a line of firmware, the architecture of an IoT embedded software system requires decisions in five areas. Getting these right early avoids the most expensive refactors later.

 

Edge versus cloud processing

Every data point your device generates can be processed locally, sent to the cloud, or some combination. The correct split depends on latency requirements, bandwidth costs, and what decisions need to happen without network connectivity. Time-sensitive control loops almost always need to run on the device. Aggregated reporting and complex analytics almost always belong in the cloud. The mistake is treating this as binary when the answer is usually a tiered architecture: raw sensing on-device, edge aggregation at a local gateway, and cloud analytics for the full picture.

 

Communication protocol selection

The protocol stack you choose has cascading effects on power consumption, latency, message reliability, and the complexity of your backend. MQTT is the most common choice for device-to-cloud messaging due to its low overhead and quality-of-service guarantees. CoAP suits constrained devices with HTTP-like semantics. AMQP fits enterprise environments that need strong message queuing. The wrong choice here is usually picking the protocol the team knows best rather than the one that fits the device's power budget and connectivity profile.

 

State management and local persistence

Connected devices operate in disconnected environments. Your firmware needs a strategy for what to do when the network is unavailable: queue messages locally, discard them, or make decisions autonomously. This requires local storage, a defined queue depth, and a reconciliation strategy for when connectivity returns. Systems that assume continuous connectivity will lose data in production.

 

Power management architecture

Battery-powered devices need a software-controlled power management strategy that coordinates sleep modes, wake intervals, and radio duty cycles. This is not something you add later. Power management affects the RTOS configuration, the interrupt structure, and the peripheral initialisation sequence. Retrofitting a power budget onto firmware written without it typically means a near-complete rewrite.

 

Over-the-air update capability

Devices in the field need to receive firmware updates without physical access. OTA update architecture requires a bootloader that can manage two firmware partitions, a rollback mechanism for failed updates, and a cryptographic verification step to prevent unauthorized firmware. Devices deployed without OTA capability from day one are effectively unserviceable after release.

 

 

The Most Common Pitfalls in IoT Embedded Software

 

Across IoT embedded projects, the failure patterns that cause the most damage in production are consistent. Inmarsat research finds that 46% of organizations cite skills shortages as the biggest barrier to IoT deployment, but technical architecture decisions are the second most common cause of project failure. These are the pitfalls that appear most often.

 

Hardcoded connectivity assumptions

Firmware that assumes a stable network connection fails in any real-world deployment. Production environments include dead zones, packet loss, and intermittent connectivity. Embedded software needs retry logic with exponential backoff, a local queue for outbound messages, and a defined behavior for prolonged disconnection. Testing only in environments with reliable connectivity masks this class of problem entirely.

 

Memory fragmentation in long-running systems

Devices running continuously for months without a restart accumulate heap fragmentation if dynamic memory allocation is used carelessly. Static allocation where possible, memory pool patterns for variable-size objects, and careful accounting of the worst-case memory footprint under concurrent operations are the standard mitigations. Discovering memory fragmentation after deployment requires a firmware update to fix.

 

Clock and timing drift

Embedded systems without accurate time synchronization produce data that is difficult to correlate with other sources. Time-series data from sensors that drift by seconds per day becomes unreliable for analysis. NTP synchronisation on network-connected devices and careful interrupt timing on local clocks are standard requirements that are easy to overlook when prototyping.

 

Security treated as an afterthought

Devices connected to networks are attack surfaces. Softeq research found that 46% of US companies using IoT solutions have already experienced at least one security breach. Hardcoded credentials, unencrypted communication, and firmware without cryptographic signing are the three most exploited vulnerabilities in deployed IoT systems. These cannot be patched in without architectural changes. Security requirements need to be part of the initial design, not a review item before shipping.

 

No mechanism for remote diagnostics

Production devices that produce no observable state when something goes wrong are effectively opaque. Structured logging with configurable verbosity, heartbeat reporting, and remote diagnostic capability built into the firmware from the start dramatically reduce the time to diagnose field failures. This is often omitted to save flash space and is almost always regretted.

 

 

How Architecture Choices Differ by IoT Vertical

 

The five architecture decisions above apply across IoT deployments, but the constraints and priorities differ significantly by application context.

Consumer IoT and smart home devices face tight power budgets, strong setup and onboarding UX requirements, and the expectation of operating across variable network conditions in residential environments. The emphasis is on low-power design, seamless connectivity recovery, and over-the-air updates that cannot disrupt the user experience. Our post on IoT in smart homes covers how these requirements translate into product behavior.

Industrial IoT applications prioritize determinism and uptime above almost everything else. A sensor on a production line that produces unreliable data is worse than no sensor at all. The architecture emphasis shifts toward redundancy, real-time guarantees, and certification to standards such as IEC 62443. Healthcare IoT adds data integrity and audit trail requirements to this. Our broader work on embedded engineering services in modern product development covers how these requirements shape the full development process.

 

 

How Exaud Approaches IoT Embedded Software

Our embedded team works across the full IoT software stack, from firmware design and RTOS configuration through to cloud integration and OTA update systems. We have built IoT embedded software for healthcare devices, industrial monitoring systems, and consumer connected products.

The approach is consistent: architecture decisions are made explicitly at the start of a project, with the production environment and the full device lifecycle in mind, not just the development environment. The most expensive embedded software problems are always the ones that were not considered architecture questions early enough.

If you are at the architecture stage of an IoT embedded project, or if you are looking at an existing system that is not scaling as expected, we are happy to do a technical review. Get in touch and let us know where your project stands.

 

 

Frequently Asked Questions

 

What is the difference between IoT firmware and IoT embedded software?

Firmware is the low-level software stored in a device's non-volatile memory that initializes the hardware and provides the most basic operational capability. IoT embedded software is a broader term that includes firmware but also covers the application logic, communication stack, data management, and update mechanisms running on the device. In practice, the distinction is less important than the total software architecture of the device, which needs to address all of these layers coherently. Most IoT embedded projects involve both: a firmware layer managing hardware and real-time tasks, and an application layer handling business logic and connectivity.

 

How do you handle firmware updates for IoT devices already deployed in the field?

Over-the-air (OTA) update capability needs to be designed into the firmware from the start. This requires a dual-partition bootloader that can hold the current firmware and a candidate update simultaneously, cryptographic verification of the update package before applying it, and a rollback mechanism that restores the previous firmware if the update fails or the device fails to boot after applying it. Devices without this capability from day one are difficult and costly to service after deployment. Adding OTA to firmware that was not designed for it typically requires a bootloader redesign, which itself needs to be delivered to the device somehow.

 

What RTOS should I use for IoT embedded software? 

The right RTOS depends on your hardware platform, your timing requirements, and your team's experience. FreeRTOS is the most widely deployed option across microcontroller platforms and has strong community support and extensive documentation. Zephyr is increasingly common for projects that need a broader hardware support library and a more modern architecture. ThreadX suits applications that require a commercially certified, deterministic real-time behaviour. For very constrained devices, a bare-metal approach without an RTOS may be more appropriate than the overhead a task scheduler introduces. The decision should start with your hardware platform and your latency requirements, not with familiarity.

 

How do you test IoT embedded software before deployment?

Testing IoT embedded software requires a layered approach. Unit testing of application logic should run on the development host, not the target hardware, to enable fast iteration. Hardware-in-the-loop testing validates the interaction between software and the physical peripherals on actual target devices. System-level testing needs to simulate production conditions including intermittent connectivity, power interruptions, and sustained operation over days or weeks. Fault injection testing, where connectivity is deliberately severed or power is cut at unexpected moments, is particularly valuable for validating the resilience behaviours that matter most in deployed systems.

 

What security requirements should IoT embedded software meet?

Baseline security requirements for IoT embedded software include: unique device credentials provisioned at manufacture, not hardcoded in firmware; mutual TLS or equivalent for all device-to-cloud communication; cryptographic signing and verification for all firmware updates; secure boot to prevent execution of unauthorised code; and a defined process for credential rotation. In regulated industries such as healthcare or critical infrastructure, additional requirements around data encryption at rest, audit logging, and certification to standards such as IEC 62443 or ETSI EN 303 645 apply. The specific requirements depend on the deployment context, but treating security as a post-launch concern is not viable for connected devices.

Blog

Related Posts


Subscribe for Authentic Insights & Updates

We're not here to fill your inbox with generic tech news. Our newsletter delivers genuine insights from our team, along with the latest company updates.
Hand image holder