Security, connectivity are just two of the many benefits of digital transformation for IT/OT networks
Digitalization initiatives have become a vital aspect of bridging the gap between operational technology (OT) and informational technology (IT) networks, presenting financial benefits to an organization as well as heightened optimization. As these two worlds converge while the world has shifted toward remote work, we continue to identify new ways of understanding risk and the evolution of challenges associated with addressing it.
One initial challenge to consider when discussing digital transformation and IT/OT convergence is that we are dealing with a major 25+-year gap between the state of IT and OT security, due to the fact that a majority of OT networks were running on legacy networks, which in the past were unconnected and isolated. This incongruity, coupled with the impact of the current pandemic, has forced organizations of all kinds to pivot and adapt to new ways of working efficiently—particularly from a remote environment. With much of the workforce transitioning to a dispersed work environment, this exposes OT networks to a new host of challenges and cyber risk.
There are some particularly unique implications when it comes to securing an OT network from a remote environment. OT networks house incredibly sensitive information, as they connect to our nation’s critical infrastructure. Our world is dependent on the seamless operations of critical infrastructure such as oil and gas, water and electric, along with discrete manufacturing plants for industries such as food and beverage, automotive, mining and pharmaceuticals. A cyberattack against sectors such as these can have serious consequences not only for the victim organization but also for the wider population and economy. Organizations that have decided to run operations from afar need a secure way to connect to these facilities with greater visibility, without compromising service levels.
Historically, a key challenge surrounding OT security is a lack of buy-in from the C-suite on digitization projects. Thankfully, however, this resistance to buy-in has decreased over the past couple of months due to the realization that digitalization initiatives lessen the pain points when transitioning to a remote working environment.
What I have observed from speaking to CISOs across industries is that the current situation has accelerated these digital transformation projects. Organizations are engaging more with cloud infrastructure digitalization and seeing this as the path to progress rather than an obstacle to their operations. The internet of things (IoT) has penetrated the industrial ecosystem across all sectors. Demand for real-time analytics to ensure uptime and enable better decision-making has ushered in a whole new reality for manufacturing companies and critical infrastructure operators. IT, OT and IoT devices are converging to form an integrated ecosystem in which the shop floor is connected to the back office, which is then connected to the cloud. Because these organizations are embracing the cloud approach, they have much more flexibility in terms of how to structure their dispersed workforce. As a result, the issue surrounding remote connection for employees is diminished, as these networks are isolated and run in a zero-trust type of environment. Once an organization does the work of lifting those components into a cloud infrastructure, this means fewer pain points while so many employees are forced to work from home.
Equally, in times like these, the need for secure remote access (SRA) has increased dramatically. If we enable engineers on the shop floor to continue their work in a remote setting, they will need access to these environments to perform certain activities, whether they are controlling the actual devices, providing maintenance or performing analytics. In the past, this has been strongly discouraged because these are sensitive networks, but with today’s agile working environment, this has become a necessity. Security teams that are responsible for monitoring access to the OT environment have to ensure there is an identity management solution in place so that they are aware of who is on the other end. In addition to this, they need to be able to monitor these sessions in real-time and terminate them if necessary. When you look at SRA solutions, the access needs to be extremely granular—each and every user needs separate accounts, completely different permissions and audit capabilities. Those who hadn’t thought about these variables, along with other key digitalization initiatives on an ongoing basis, have been forced to implement secure remote access quickly during a major crisis, which is far from ideal.
Digital transformation throughout industrial organizations is here, but it must be done securely. The impact of additional security threats will most likely continue to increase, especially as resources have been stretched thin. Thus, ensuring the proper safeguard of OT networks during periods of digitalization begins by eliminating blind spots and increasing visibility at any time, anywhere.
IT and OT teams have never been more valuable to an organization and its ability to adapt to the ever-changing innovation landscape. C-suite executives are starting to realize that IT and OT networks hold the business together, enabling them to make decisions, act upon and, ultimately, charge ahead with greater confidence even in the face of disruptions.