Viktor Petersson logo

Podcast

Podcast Host

Follow Me

Join Viktor, a proud nerd and seasoned entrepreneur, whose academic journey at Santa Clara University in Silicon Valley sparked a career marked by innovation and foresight. From his college days, Viktor embarked on an entrepreneurial path, beginning with YippieMove, a groundbreaking email migration service, and continuing with a series of bootstrapped ventures.

Balena, IoT Security, and the Future of Connected Devices

Play On Listen to podcast on YouTube Listen to podcast on Spotify Listen to podcast on Apple Listen to podcast on Amazon music
28 FEB • 2025 1 hour 4 mins
Share:

In this insightful conversation with Marc Pous from Balena, we explore the evolving landscape of IoT and connected devices. Marc, who has been deeply involved in the IoT space since 2007, brings a wealth of experience from his journey through academic research, entrepreneurship, and his current role at Balena, where he’s approaching his fifth anniversary.

We begin by discussing Balena’s core mission: enabling developers to manage fleets of IoT devices at scale. Marc explains how Balena helps companies handle everything from remote management to over-the-air updates for hundreds of thousands of devices. The platform’s unique approach focuses on Linux devices running Balena OS, which exclusively runs Docker containers, bringing modern DevOps practices to the embedded world.

A significant portion of our discussion centers around the technical architecture behind Balena’s platform:

  • The use of Yocto for building BalenaOS
  • Support for over 100 different ARM devices and x86 platforms
  • The automated testing infrastructure (Autokit) that ensures reliable updates
  • The importance of secure boot and full disk encryption
  • The role of Docker containers in simplifying device management

We dive deep into the challenges of maintaining IoT devices at scale, particularly the critical nature of over-the-air (OTA) updates. Marc shares real-world examples of companies learning the hard way why proper update mechanisms are essential, including a cautionary tale of a company that had to physically replace 500 devices due to inadequate update capabilities.

The conversation takes an important turn toward security and compliance, particularly the upcoming EU Cyber Resilience Act (CRA). Marc emphasizes how this legislation will fundamentally change how companies approach IoT security, requiring:

  • Proper security assessments
  • Software Bills of Materials (SBOMs)
  • Regular security updates
  • Clear product lifecycle management

We also explore the evolution of IoT business models, discussing how companies are adapting to the shift from one-time sales to ongoing service relationships. Marc provides valuable insights into why some IoT projects succeed while others fail, emphasizing the importance of clear return on investment and sustainable business models.

The episode concludes with Marc’s interesting perspective on the future of IoT, suggesting that the term “IoT” itself might disappear as connectivity becomes an expected feature rather than a special category. This reflects a broader maturation of the industry, where the focus shifts from the novelty of connection to the actual value provided by smart, connected products.

For developers and organizations looking to get started with modern IoT development, Marc recommends exploring Balena’s open source projects and documentation at balena.io. Whether you’re using Balena Cloud or Open Balena, the platform offers a proven path to managing connected devices at scale while maintaining security and reliability.

If you found this episode interesting, you might also enjoy my blog post Yocto, RockPi and SBOMs: Building Modern Embedded Linux Images.

Transcript

Show/Hide Transcript
[00:00] Viktor Petersson
Welcome to the show, Marc! It's great to have you here today.
[00:05] Marc Pous
Thank you for having me, Viktor. I'm excited to share my experiences and insights about IoT and connected devices.
[00:12] Viktor Petersson
You've been with Balena for almost five years now, and in the IoT space since 2007. Could you tell us about your journey and what led you to Balena?
[00:20] Marc Pous
Of course. My journey started in academic research, then I moved into entrepreneurship, and now I'm at Balena where we're helping companies manage their IoT device fleets at scale.
[00:35] Viktor Petersson
Let's start with Balena's core mission. What problems are you solving for developers and companies in the IoT space?
[00:42] Marc Pous
Our core mission is enabling developers to manage fleets of IoT devices efficiently. We handle everything from remote management to over-the-air updates for hundreds of thousands of devices.
[01:00] Viktor Petersson
Could you explain how Balena OS and Docker containers fit into this picture?
[01:07] Marc Pous
Balena OS is our Linux-based operating system that exclusively runs Docker containers. This brings modern DevOps practices to embedded devices, making it much easier to manage and update applications.
[01:25] Viktor Petersson
Let's talk about the technical architecture. How do you support such a wide range of devices?
[01:32] Marc Pous
We use Yocto to build Balena OS, which allows us to support over 100 different ARM devices and x86 platforms. Our Autokit testing infrastructure ensures reliable updates across all these devices.
[01:50] Viktor Petersson
Security is a crucial aspect of IoT. How does Balena approach device security?
[01:57] Marc Pous
Security is built into every layer. We implement secure boot, full disk encryption, and our container-based approach provides isolation. We also emphasize the importance of regular updates.
[02:15] Viktor Petersson
Speaking of updates, could you share some real-world examples of why OTA updates are so critical?
[02:22] Marc Pous
I remember one company that had to physically replace 500 devices because they didn't have proper update capabilities. It's a costly lesson that demonstrates why OTA updates are essential from day one.
[02:40] Viktor Petersson
The EU Cyber Resilience Act is coming up. How will this affect IoT companies?
[02:47] Marc Pous
The CRA will fundamentally change how companies approach IoT security. It requires proper security assessments, SBOMs, regular updates, and clear product lifecycle management. Companies need to prepare now.
[03:10] Viktor Petersson
How do you see IoT business models evolving?
[03:15] Marc Pous
We're seeing a shift from one-time sales to ongoing service relationships. Successful IoT projects focus on clear ROI and sustainable business models rather than just adding connectivity for its own sake.
[03:35] Viktor Petersson
What's your perspective on the future of IoT?
[03:40] Marc Pous
Interestingly, I think the term 'IoT' might disappear as connectivity becomes an expected feature. We're moving towards a world where everything is just a 'connected product' rather than specifically an IoT device.
[04:00] Viktor Petersson
For developers wanting to get started, what resources would you recommend?
[04:07] Marc Pous
I'd recommend exploring our open source projects and documentation at balena.io. Whether you use Balena Cloud or Open Balena, we provide a proven path to managing connected devices at scale.
[04:25] Viktor Petersson
Thank you for sharing your insights today, Marc. This has been incredibly informative.
[04:32] Marc Pous
Thank you for having me, Viktor. It's been a pleasure discussing these important topics.

Found an error or typo? File PR against this file or the transcript.