How Converging IT and OT Has Enhanced Security

When OT and IT teams reach across the aisle to manage and secure the edge, the whole company wins.

Edge Computing

With recent data citing that the manufacturing industry is more prone to cyberattacks than any other, it is critical that manufacturing organizations are taking proactive steps to secure their operations. But manufacturing environments are unique – not only is there a data center where front- and back-office information is stored, there are also a plethora of Internet of Things (IoT) sensors spread throughout the warehouse and on the plant floor.

Edge computing solutions are purpose-built for these environments because they offer increased cybersecurity protection, better remote access, and are close to where data is collected, saved and used for real-time analytics and decision making. However, cybersecurity in these environments goes beyond traditional methods and requires two groups that don’t typically work together – IT and OT – to collaborate and execute over the security processes they each manage. 

Edge security is the responsibility of the OT team. If there’s a vulnerability that gets exploited and production quotas are not met, OT gets the blame. However, ensuring platforms are running as they should and that security management processes are being mapped consistently across the business falls to IT. 

When OT and IT teams reach across the aisle to manage and secure the edge, the whole company wins. 

Breaking Down the Silos

In theory, that sounds simple, but in most organizations the IT and OT relationship has been fraught with conflict. OT has been laser focused on how the company’s critical systems are operating. IT, has been a fly in the ointment, focused more broadly on the efficiency, security (and, ultimately, cost) of supporting enterprise systems. IT and OT departments have been siloed and only shared data between departments on a formal, sometimes as infrequently as quarterly, basis. 

However, a couple of macro issues impacting business have rendered the “you skate your lane, I’ll skate mine” approach ineffective. Digital transformation initiatives have consistently been on the rise for the last 10 years, but the pandemic accelerated those efforts. This increases the systems and sensors that need access to and share data.

The pandemic also changed the nature of the workforce. While the world has largely returned to normal, the workforce hasn’t – and won’t. Remote work is here to stay, which also puts more of a burden on the network and protecting vulnerabilities associated with remote access.   

These two trends are responsible for exposing previously isolated OT Edge networks to new and existing IT security vulnerabilities, particularly as data is shared across the business. So OT needs IT’s expertise.

On the flip side, OT networks are not easily secured using traditional IT security measures because of the volume of data being taken in from the production floor. So, IT needs OT. 

It took the better part of the decade, but Gartner accurately predicted that the industrial world would see OT and IT teams combine in a shared environment to optimize business practices, enhance decision-making processes, reduce costs, lower risks and shorten project timelines – all the way back in 2011. IT and OT teams both play a critical role in maintaining the security measures from physical and cyber security standpoints.

In some cases, IT departments lack the capabilities or resources to prevent a breach through Edge devices and need a better understanding of the OT environment. In this scenario, OT security software can provide companies with a proper level of protection. 

On the contrary, OT departments sometimes lack the capabilities to prevent a breach through Edge devices. Under these terms, the IT team can help the OT team by adopting a zero-trust approach, which would verify all users before allowing them to gain access, assuming malicious intentions before trusting a user. 

By having OT and IT teams work together, manufacturers can more quickly realize Edge Computing’s benefits while enhancing cyber security practices.

A Comprehensive Cybersecurity Plan

The best Edge security strategies for successful and full protection will have a mix of cyber and physical points of security. Prior to deploying an Edge Computing platform, manufacturers must secure their computing solutions in both cyber and physical security aspects. Both cyber and physical security risks can cost companies a great deal if not secured correctly - in terms of monetary value and reputational damage. 

Traditionally, physical security is thought to be a lower-profile problem when compared to potential malware attacks. However, some of the largest industrial security breaches could have been prevented by simply locking a cabinet or USB port.

One security measure many companies use is to employ identity control measures that prevent hackers from getting access to sensitive areas on a physical device. On the cyber security side, IT teams can ensure that there is a plan in place for keeping software systems up to date to make sure applications don’t become obsolete or outdated. 

Edge computing makes security programs more effective with its ability to protect data collection and analysis points. The technology decreases the time it takes for programs to register and process security threats, enabling businesses to respond in real-time. Further, by standardizing on computer platforms to run standard off the shelf (OTS) industrial software and deploy regular patching, manufacturers can have peace of mind with enhanced security protocols.

Typically, an edge computing platform facilitates running third-party cyber security software, which ensures that devices are visible for management in larger factory settings and protected by standard OS security features as a layer between supervisory control and control/PLCs. 

With the convergence of OT and IT teams, IT teams can look out for cyber security protocols, and OT teams can ensure physical measures are in place, setting up manufacturers for smooth sailing, knowing that they are operating securely. As a result, manufacturers will not only benefit from enhanced security, but also reap benefits like improved ROI, performance, productivity and agility.

More in Facility