I'm researching a potential project in the IoT and OT security and device management space, and I'd love to hear directly from those of you who deal with these devices daily. If you're in IT, OT, cybersecurity, networking, facilities, or any related field, please share your major frustrations with IoT and OT devices. Here are a few areas I'm specifically curious about:
1. How do you keep track of all the IoT or OT devices on your network?
2. Is your asset inventory process automated, manual, or chaotic?
3. Do you have visibility into the firmware versions of these devices?
4. How often do you encounter outdated or unpatchable devices?
5. Are you required to maintain Software Bill of Materials (SBOMs) or perform firmware audits?
6. Have you tried any tools that were too complex or expensive?
Any ongoing issues you can't believe are still a thing in 2025 would be great to hear about too! This isn't a sales pitch—just looking to understand the real problems people face so I can avoid building something that's not useful.
5 Answers
What’s frustrating for us is that we really don’t have a solid way to keep track of our devices. A lot are installed without IT approval and land on our guest Wi-Fi. We use systems like SNIPE with QR codes for inventory, but things slip through the cracks. It would really help if our IoT devices required certificates to connect instead of just a password. We’re often left scrambling when devices go outdated, and with a tiny IT team, maintaining SBOMs just isn't feasible for us. It’s all a bit chaotic!
Totally feel your pain! The biggest issue we have is that many devices don’t meet our insurance requirements, so we end up needing additional ISP links, which increases costs. Even for the devices that do meet requirements, they often require more investment than simpler systems, plus that second ISP link. It's a tough pill to swallow!
From what I see, firmware visibility and device management are just ongoing struggles in this field. We have some integrations through protocols like SNMP or LLDP, but overall, it’s hit or miss. Keeping our audit scans accurate is tough too—it’s a mix of automation and a lot of manual upkeep to ensure we know what we’re dealing with. It just feels like there’s always more work to be done. And those unexpected device issues? They pop up all the time, usually without warning!
Honestly, we don’t even know how many devices we have! Our team is so small that keeping an inventory feels impossible—like we’d need a handful of extra folks just for that. As for keeping firmware updated, it’s a constant battle. Vendors change their apps without notice and it often falls to me to find out what went wrong and why things aren’t working. I spend a good chunk of my time dealing with support tickets and vendor mishaps. It’s exhausting!
Exactly! That 'oops' moment must be infuriating, especially when you’re just trying to keep everything running smoothly!
Managing IoT devices here is a nightmare! We’re stuck with a manual inventory method since we can’t get proper automation going. Our higher-ups just don’t want to embrace change, which makes tracking these devices super complicated. We typically rely on network scanners to catch unauthorized devices, but our processes are pretty much a mess as it stands. We put all these devices on their own subnets with strict firewall rules to prevent internet access unless absolutely necessary. It’s a juggling act!
That sounds like a grind! You’d think vendors would keep their systems consistent, but it’s like they enjoy throwing curveballs. Have you ever considered writing integration tests? It might save you some headaches later.