Software Engineering for Secure and Scalable IoT-Edge Microservices: A Thematic Mini-Review

Abstract

IoT deployments are accelerating across critical sectors. However, engineering dependable, secure, and scalable software for these environments remains a tough hurdle. Most studies look at these issues separately. We lack a unified analysis that ties these solutions into a single, coherent framework. This paper delivers a purposive thematic mini-review on how software engineering can build secure and scalable IoT setups. We focus specifically on combining microservices with edge computing. Using an expert sampling strategy, we selected 30 high-impact, peer-reviewed papers published between 2016 and 2024, adding a few foundational texts for baseline context. 
Our qualitative trend analysis shows a major shift in recent work (2020–2024). Most recent designs embed service meshes like Istio to safeguard inter-service data flows, whereas earlier setups (2016–2019) used them only occasionally. Furthermore, 40% of these reviewed frameworks run lightweight Kubernetes setups, including K3s and MicroK8s. These specialized distributions cut the system memory footprint down by 30–45%. 
Our analysis demonstrates that microservices boost modularity and ease scaling. Even so, they open up fresh security gaps, creating a sharp "security-latency trade-off." For instance, implementing a service mesh can add a latency overhead of 5–15 ms, hitting up to 20% in specific setups. We map out the core challenges and solutions across four pillars: scalability, security, data management, and interoperability. In doing so, we identify four metrics that researchers use consistently: end-to-end latency, resource utilization, throughput, and security overhead. 
Key research gaps still persist. We notice a distinct lack of unified security-scalability frameworks, a shortage of lightweight cryptographic protocols for the edge, and no standardized interoperability options. This review offers a thematic map of these issues (visualized in Figure 1 and detailed in Table 1) to guide researchers through the state-of-the-art and help practitioners build more resilient IoT environments. Finally, we outline upcoming research paths, highlighting AI-driven adaptive security, edge-optimized cryptography, and green authentication protocols.