That is true for "knocking up working hardware" quickly, and the chinese do that a lot, but it is most suitable for short-life products, after which you get constant production hassles. And unless the CPU is fast, with lots of RAM, you end up with a painfully slow box.
Whereas if you build an ARM32 box with LWIP, you should get 10 (and possibly 20, with some "last time buy" stock grabbing) years out of the design. I've got 25 years out of a H8/323 box (with considerable LTB grabbing).
TLS is something else, with crypto suite fashions changing faster than a *****'s knickers
But if you make a suitable field upgrade provision, then you will have control for
- as many years as the crypto can be run
in software (already a 32F417, not that old, has no "useful" hardware crypto apart from AES)
- as many years as somebody in your company is able to maintain a machine for rebuilding the firmware (
that is what kills many products in reality, as people leave, etc)
I am no expert but it's already clear to me that you have to pick your market.
- retail IOT, talking to a 3rd party server -> you will get shafted unless you build a "PC"
- retail IOT, talking to your private server-> you can do what you like (even IPV4 will be around for ever)
- industrial IOT -> talking to your private server -> got to do crypto to impress the customer but basically whatever you want in terms of details
- industrial IOT -> talking to anything else -> got to build a "PC"
My box is #3, with dire warnings to not use it for the others