Why ToloMEO: make or buy

The first mistake is thinking that it’s enough to simply “connect the device to the cloud.” Beneath the surface, there is much more involved, and each of the following items is effectively a project in its own right:

• Secure device provisioning and onboarding;
• Reliable OTA (Over-the-Air) updates, including rollback mechanisms and A/B partitioning;
• Fleet management and real-time monitoring;
• Security: secure boot, hardware encryption, identity and access management;
• Compliance with the Cyber Resilience Act: SBOMs, CVE tracking, and vulnerability management;
• Production traceability and full lifecycle management, from testing and deployment through to decommissioning.

None of these areas are “completed” when the product is released. They all require specialized expertise and ongoing maintenance for years to come.

Developing everything in-house may seem like the option that offers the greatest level of control. However, the real cost is almost always hidden. Time-to-market is extended by months—sometimes years—spent building infrastructure before any work can begin on the product’s actual value proposition. It requires rare and highly specialized skills—embedded Linux engineers, cybersecurity experts, cloud architects, and DevOps specialists—who are difficult to hire and even harder to retain. Maintenance is perpetual: security patches, regulatory updates, and platform upgrades never truly end. And every hour spent on infrastructure is an hour taken away from what genuinely differentiates the business. Not to mention the regulatory risk: getting CRA compliance wrong is not just a technical issue—it is a business and market risk.

In short, the “make” option rarely costs what was originally estimated.

Buying a generic IoT platform solves only half of the problem. Most of these solutions are cloud-only: they stop at connectivity and do not address the edge layer, where the real industrial challenges reside—BSPs, secure boot, hardware encryption, low-level OTA updates, and real-time constraints. The result is a “gap” between the device and the cloud that manufacturers still have to bridge themselves, effectively bringing them back to the make approach. What is needed is something designed for industrial environments rather than consumer applications, capable of covering the entire edge-to-cloud chain.

ToloMEO, DAVE Embedded Systems’ IIoT platform, covers the entire product lifecycle—from firmware to cloud—through a modular architecture that allows customers to select only the components they actually need.

On the Edge side, it provides an industrial Linux distribution based on Yocto, featuring Secure Boot, A/B OTA updates, SBOM export, and integration with hardware security features and ML accelerators.

On the Cloud side, ToloMEO offers a set of integrated modules: Administration for managing tenants, users, roles, and permissions; Fleet Manager for real-time fleet monitoring and control; PMS for managing parts, devices, customers, manufacturing events, and OTA uploads; Embedded Manager for firmware build automation; and Cybersecurity for SBOM ingestion, CVE analysis, vulnerability triage, and compliance reporting.

In addition, the roadmap includes the AI module, enabling MLOps and edge-optimized AI models, and Event Tracker, designed for blockchain-based event notarization.

The platform is complemented by a comprehensive set of tooling—including a command-line interface (CLI) and Python libraries—providing programmatic access and enabling workflow automation.