A botched over-the-air (OTA) update can now halt production lines, disrupt entire fleets, or render connected devices completely unusable.
As the Internet of Things (IoT) becomes increasingly vital to core business functions, these risks are escalating rapidly.
At a large scale, that traditional approach simply falls apart.
In this episode of the ‘Trending Tech’ podcast, Transforma Insights’ Jim Morrish speaks with Aeris’ Grant Bishop to discuss:
Currently, many businesses still have little to no oversight over their entire IoT infrastructure.
Jim Morrish: [00:00:00] Hello, and welcome to this episode of the Trending Tech podcast, where we’ll be discussing IoT connectivity against the backdrop of changing enterprise demands and shifting regulations. A warm welcome to all our listeners tuning in globally. I’m Jim Morrish, co-founder of Transforma Insights, an industry analyst firm specializing in digital transformation. Joining me for this discussion is Grant Bishop, Sales Engineering Director for Europe, Middle East, and North America at Aeris.
Jim Morrish: Welcome, Grant.
Grant Bishop: Hi, Jim. Glad to be here.
Jim Morrish: Great to have you. As I briefly mentioned, today’s podcast centers on IoT connectivity within the context of evolving enterprise needs and regulations. To set the stage, modern IoT is no longer just a background function for businesses; it’s now at the heart of mission-critical operations. From manufacturing and logistics [00:01:00] to healthcare and retail, connected devices are powering essential services. This makes outages, failed software updates, and security breaches far more disruptive and expensive than in the past. Alongside this, we’re seeing a rapidly changing regulatory environment that is accelerating transformation across all types of IoT deployments, even those supporting less critical business functions. The primary goal here is to bolster the overall security posture of an enterprise’s entire device ecosystem and broader systems. In this new landscape, capabilities like over-the-air updates have quickly shifted from being a premium feature in advanced IoT applications, such as connected vehicles, to a fundamental requirement. In this episode, we’ll examine some of the implications as IoT adoption matures to support increasingly critical applications that are often central to a business’s value proposition.
So, Grant, welcome aboard. It’s wonderful to have you as our guest.
Grant Bishop: Happy to be here once more.
Jim Morrish: Excellent. Now, before we dive [00:02:00] into the complex world of IoT connectivity, let’s quickly review some significant tech news stories we’ve come across recently. We’ll return to some lighter news in our “What the Tech” segment at the end of the show.
So, Grant, what major tech news has caught your eye?
Grant Bishop: Well, when I look at tech news these days, everything is predictably centered on AI,
Jim Morrish: Right.
Grant Bishop: given the current climate. I came across an article from the World Economic Forum titled “As AI Rises, So Does the Need for Human Creativity.” I find this particularly thought-provoking because with AI, what role will it play in our future? I actually think about my own children—what careers will they pursue? What skills will be most valuable in an AI-driven world? The one thing a computer cannot replicate is creativity. So, this story really resonates with me. It discusses how as AI progresses, the need for human qualities becomes even more important. I’ll actually touch on this again in my fun story later. [00:03:00] It’s a very compelling piece, and I believe that when we consider AI, the human element must always be part of the equation. There’s a saying in security circles: “a fool with an advanced tool is still a fool.” We must constantly consider the human aspect and impact of AI whenever we deploy it.
Jim Morrish: Absolutely. I’ll actually pick up on a couple of those points later, especially regarding employment impacts, in my lighter story.
But as you point out, AI today is largely derivative. The key takeaway, as that article emphasized and you’ve noted, is to leverage AI as a tool to augment human creativity. However, this often conflicts with corporate profit motives and an employee’s need to simply complete tasks more efficiently. It’s a tough balance to strike, as the returns on fostering creativity are slow, and right now, you can achieve 95% of an ideal outcome in just 10% of the time. It’s undoubtedly a disruptive period, but conversely, it presents an opportunity for organizations that get it right to disrupt their markets.
Grant Bishop: Exactly.
Jim Morrish: I also found another interesting story, [00:04:00] though it focuses more on the practicalities of evolving technology and geopolitics. This concerns China’s somewhat catchily named “Regulations on Security of Industrial Supply Chains” (Decree Number 834). To highlight some of its provisions: it’s a complex document, but key points include the fact that ending a Chinese supplier relationship to comply with, say, US export controls could trigger Chinese countermeasures. This represents a further escalation of current geopolitical tensions, where companies might have to choose between adhering to US regulations or Chinese ones—and picking one side can be quite challenging. There are some intriguing second-order effects as well. The decree also mentions restrictions on collecting supply chain information, which in many cases is prohibited. This puts it in conflict with certain EU and [00:05:00] US regulations concerning forced labor, and potentially also ESG audits, supplier assessments, and even basic due diligence. More interestingly, from my viewpoint, there’s a growing number of regulations, certifications, best practices, and other guidelines being issued by governments and regulators worldwide, focusing on the management of a software bill of materials (SBOM) and requiring it to be kept current. Last count, this included around 40 documents from various global regulators and governments. China’s decree focuses on physical supply chains, but the collection of software bill of materials data could be interpreted as a form of supply chain information. If that’s the case, it could become very complicated to manage a software BOM when you’re not permitted to analyze a supply chain. There’s truly no way to predict how this will unfold. The regulation is quite new, but it’s definitely something worth monitoring closely.
Did you come across that one, Grant?
Grant Bishop: Yes, I reviewed it, and it’s a highly complex [00:06:00] issue. I think that’s inherent to its nature—the reason behind its creation is clearly a countermeasure against over-regulation. But from a practical standpoint, what should you do? That’s the current challenge. How do you determine the right course of action? Because—
Jim Morrish: Yeah…
Grant Bishop: just developing that strategy will be challenging for all organizations, and I don’t envy the people who have to make those decisions.
Jim Morrish: Of course. Far from it. And as we both noted, the path ahead is unclear. Navigating it will all about weighing risks and finding a way forward. It’s certainly going to get complex.
On that note, let’s dive into our primary topic — cellular connectivity for IoT. We’ve already discussed how IoT is evolving from a supporting tool into a central part of how businesses actually operate. This shift has a big effect on how we deal with outages, security issues, or even botched software updates.
Grant Bishop: Definitely. I’ve been in this industry for 25 years, regretfully enough, and when I first got started, IoT projects were a lot more straightforward. It was all about the end result: “We need this function — let’s build it.” But the landscape has shifted. Connectivity is no longer just a box to check. Today, an outage doesn’t just slow things down — it can hit revenue, threaten safety, even put lives on the line with autonomous vehicles if something goes wrong. There’s also regulatory risk, all of which can seriously harm a brand’s reputation. IoT infrastructure demands a completely different mindset than what was common 20 years ago. Based on many conversations with OEMs and customers over the years, it’s not only about losing a connection. It could be a broken API linking back to the connectivity management platform, which brings an assembly line to a halt. A dropped connection during a software update that fails could essentially “brick” an entire vehicle — again a massive disruption on the individual level.
So organizations can no longer rely on “best-effort” oversight of their IoT operations. They need ongoing, continuous monitoring, because IoT has become foundational infrastructure with serious business consequences.
Jim Morrish: Agreed, and like you said, it’s no longer just about efficiency. It’s about these IoT-powered processes carrying much higher stakes, including safety. Your mention of connectivity management platform APIs is telling — that kind of concern exists far outside what used to be considered traditional enterprise IT-
Grant Bishop: Yep.
Jim Morrish: Yet it’s something enterprises now need to account for. That said, regulators have also been stepping up. We’re seeing the EU’s Cyber Resilience Act, NIS2 directives, and a rising push around data localization and sovereignty — not to mention the broader geopolitical dimensions.
So how are these forces reshaping global IoT deployments?
Grant Bishop: The regulatory push is definitely intensifying the momentum, and it only seems to be heading in one direction — more regulation. Over the past three years especially, rules are mounting. Even your example around China highlights that regulation simply can’t be overlooked in IoT strategy. Organizations need to be more accountable. Data sovereignty is a real hurdle — you need to be able to prove where your data lives and how it’s handled. And local performance expectations are increasingly common. It’s a demanding environment. Most businesses would love nothing more than a single global roaming SIM, but that’s never been a real viable option for every region. As technology evolves, the requirements around localization become more visible, whether driven by technical needs or policy. So companies face a tricky balancing act — right now, many are dealing with fragmented IoT solutions purely because regulations and localization needs have forced those silos across their operations. Managing all of that requires clear visibility and orchestration. You can’t handle it one-off, module by module, across a sprawling global deployment.
So yes — there’s a clear need for a unified platform with global orchestration that still respects those localized requirements. And this orchestration goes well beyond coordinating connectivity suppliers and their pipelines. It’s about having insight into what flows through those pipelines, and being able to monitor and control it.
Jim Morrish: There’s something of a full-circle moment here, because in the early days of IoT, one of the big selling points was: “If you can’t monitor it, you can’t manage it.”
Grant Bishop: Right.
Jim Morrish: And now, IoT ecosystems have grown so complex, varied, and distributed that they demand monitoring at an even deeper level-
Grant Bishop: Exactly.
Jim Morrish: The same kind of rigor. It’s not just about roaming anymore — it’s about localization, juggling multiple networks, and navigating diverse technical realities on the ground.
As these IoT operations expand across geographies, device categories, and embedded software variations, end-to-end visibility becomes absolutely essential. What role do you see it playing in sustaining performance, security, and keeping operations running smoothly?
Grant Bishop: It’s everything. It comes back to the core truth: if you can’t see it, you can’t monitor it, and if you can’t monitor it, you can’t manage it. But when you think about these sprawling global networks, you need to understand more than just the network itself — you need to know what “normal” looks like on that network. Monitoring is one layer, but understanding network behavior is just as important, and that goes deeper than control-plane metrics. You need to understand the data flowing through those networks to truly grasp what normal behavior is, especially at that scale. That’s a fundamental shift we need to embrace. Without that understanding, you can’t establish a baseline.
And if you don’t know what normal looks like, how can you support the network? Having what the industry calls a “single pane of glass” — a unified orchestration layer — lets you cascade security policies, segment the network in a manageable way, and ultimately resolve issues faster with fewer incidents. You move from reacting to problems to proactively managing the network.
Jim Morrish: So this is network intelligence becoming-
Grant Bishop: Right.
Jim Morrish: woven into the very fabric of the solution, rather than-
Grant Bishop: Exactly.
Jim Morrish: just being the pipe that connects devices.
In my introduction, I mentioned that over-the-air (OTA) updates are becoming increasingly critical — practically a baseline expectation, especially given certain regulations. So how does the enforcement and management of those OTA updates tie into this network intelligence picture? Is there a case for driving OTA logic from the network side rather than handling it purely device-to-device or cloud-to-device?
Grant Bishop: Well, I think the criticality
The demand for OTA updates is so intense that a multi-layered strategy is essential. You must adopt this comprehensive approach and address as many factors as possible. From a network standpoint, looking at some of our customers and the challenges they’ve faced, if you don’t manage the bandwidth consumed by OTAs, it can consume all available bandwidth. So, what’s the solution? You might think to simply scale up, add more connections, or increase the pipe size. And we often see our OEMs doing exactly that—expanding their fleet and enlarging the pipe repeatedly. However, with OTAs, the more bandwidth you provide, the more it tends to consume. Therefore, from a networking perspective, simply throwing more bandwidth at the problem won’t work for OTAs, as they will simply utilize it all. It’s almost the opposite approach that’s needed: you must restrict bandwidth to enhance OTA performance. This makes features like rate limiting absolutely essential for effectively managing OTAs across a network, especially an IoT network, which inherently has many unmanaged and unmonitored points due to the nature of the end devices.
So, yes, you need to be able to segment the network, implement Quality of Service (QoS), and apply rate limiting. These are all capabilities we’re seeing driven by our OEMs. Beyond that, there’s the aspect of assurance, and now regulations require you to demonstrate that you can assure and perform these functions. So, it’s a twofold challenge: one is performance, and the other is meeting regulatory requirements.
Jim Morrish: Yeah. So [00:14:00] you’ve described a great deal of intelligence in a network context. Clearly, some of that helps reduce costs by optimizing bandwidth as
Grant Bishop: Yeah
Jim Morrish: the allocator for OTAs. You’d assume some of it would increase costs due to the sophistication of the overall solution. So, what are the net impacts in terms of cost predictability and total cost of ownership when you introduce this level of intelligence into the network?
Grant Bishop: Well, that’s the key point. We often say, “If you can’t see it, you can’t secure it.” The world is advancing, so that level of visibility is crucial. If you have that visibility across your entire fleet and introduce automation—so your IoT network includes a Connectivity Management Platform (CMP) and security capabilities with APIs that can be automated into security environments, and potentially into OEM environments for various functions—it enables you to shift from reactive firefighting to proactive, policy-driven operations. This is where many of our customers are heading. They want to control OTAs, as we’ve discussed. They want to implement stronger security measures like zero [00:15:00] trust across network access to make the network more efficient and predictable. Once you achieve this, you’ll detect issues earlier, reduce their number through automated responses, and improve cost predictability. Historically, you’ve had legacy tools, siloed systems, and friction everywhere. But we now have the technology within IoT to break down these barriers. They’re disappearing rapidly. So, I believe automation will transform much of the chaos into predictable costs, and it’s definitely the future.
Jim Morrish: Yeah. It certainly feels like a significant evolutionary step from where we started this conversation, simply connecting a device and retrieving information from it—
Grant Bishop: Yeah
Jim Morrish: and then having some remote monitoring capability. This is a much more integrated proposition, driven by critical applications and regulations. But what we’re moving towards is a much more proactively managed environment, truly extending from the device to the cloud and throughout the network, managed in a far more intelligent way, I think.
Grant Bishop: Yeah. Agreed.
Jim Morrish: [00:16:00] Excellent. Thank you. That was a really interesting discussion. What we should do now is move on to the promised “What the Tech” section of this discussion, where we highlight some interesting and/or amazing stories. So, Grant, what news story made you smile—or frown—recently?
Grant Bishop: And this kind of links to my serious news story earlier on. Um, it was on the BBC News this week. OpenAI tells ChatGPT models to stop talking about goblins, and I find this quite funny ’cause apparently there’s been an increase in the mention of goblins and gremlins in metaphors used by ChatGPT, significantly up by 175% since November. And one of the explanations from OpenAI is that this has been part of the “nerdy personality” that’s been introduced into ChatGPT. And I was talking earlier about humanness with AI, and it seems that potentially they are trying to address this by incorporating nerdy personalities into the system. So, I suppose for me, I’d be really intrigued to understand, after I spend, I don’t know, a week or so on ChatGPT, what personality it derives that [00:17:00] I have. Will I fit into the category of mentioning goblins in metaphors, or will it be something different? So, I just thought that was quite interesting.
Jim Morrish: Yeah, absolutely. It does make you wonder what other kinds of bias might be present in the models that aren’t quite as obvious as a preponderance of goblins. Although, this does seem to be a bias in the presentation layer rather than the underlying analysis, or at least I’d hope that’s the case.
The interesting story that I came across actually circles back to some of the comments you made earlier, Grant, around your kids and how they would interface with the world and what jobs would remain in decades to come.
And I’m going to take us back to China, because it seems that a Chinese court has made it illegal to replace human workers with AI. What I found particularly entertaining about this story is that the case in question involves a worker who had, in fact, been hired to check the outputs of AI models and to filter them, removing illegal or privacy-violating content. It seems that what happened is the models improved, so his job was no longer needed. [00:18:00] So, he had no job to do. But the court decided that using AI to perform a worker’s job does not automatically justify terminating that contract, and that’s now an established principle in case law.
You know, it’s one approach, but it’s illustrative of the problem you highlighted earlier, Grant, and a problem that many governments and many others are struggling with right now. You know, how do you deal with the impact that AI is going to have on economies as a whole? How do you retrain the folks who get displaced? How do you collect tax from them, and how do you stop—
Grant Bishop: Yeah
Jim Morrish: paying them benefits because they’re not working? So, it’s a really critical thing to solve, and there’s a range of remedies being considered, ranging from retraining employees to a universal basic income, and now seemingly bans on terminating employees.
But it doesn’t seem like the world, the community, the tech community, or governments around the world have really coalesced around some kind of agreed approach. Did you spot that as something that’s—
Grant Bishop: Well, I spotted it. I think it’s an inevitable… as technology evolves, it’s an [00:19:00] inevitability, you know. You go back 100 years, how many people would’ve worked in telephone exchanges just plugging and unplugging connections? It’s an inevitability. My bigger concern is that AI shouldn’t be designed to replace jobs; it should be used to improve humanity. Yes. And we need to make sure organizations focus their AI strategy not just on simplistic economics and efficiencies. So, um—Yes… um, it’s a challenge.
Jim Morrish: I definitely agree that using AI to enhance an employee’s capabilities is the way to go. But, you know, when there’s a boss sitting there saying, “You gotta have this done by the end of this day,” you know, the temptation is—
Grant Bishop: Yeah,
Jim Morrish: is to move fast. So, it’s a challenge.
Grant, it’s been an extremely interesting discussion. Thank you for joining us.
Grant Bishop: You’re welcome.
Jim Morrish: Fantastic, and with that, I think we should draw this episode of this podcast to a close. Just a reminder that you can subscribe to the ‘Trending Tech’ Podcast wherever you found us today. Indeed, thank you for joining us. We’re delighted to have you listening as part of our growing audience, and we’ll be back with another edition of the ‘Trending Tech’ Podcast soon, [00:20:00] focusing on another aspect of digital transformation. So, thanks again for joining, and goodbye for now.
