The Convergence of IT and OT Systems Requires a Complete Reassessment of Security

 

This world of digital transformation means the convergence of Information Technology (IT) and Operational Technology (OT) has opened up unprecedented opportunities for operational efficiency. However, this utopia comes with its own Pandora’s box: more vulnerabilities that attract hackers. The antiquated strategy of top notch technologies for security is no longer sufficient. What’s needed is a unified security platform that would centralize analytics. This would also provide a holistic view of the network and enabling machine learning to identify vulnerable spots and threats. 

However, the path towards a unified platform has its challenges. Beyond organizational resistance, there’s a significant gap in the market. No single vendor offers an end-to-end security solution that adequately addresses IT-OT integration. In turn that makes selecting a primary platform vendor that provides robust tools to fill in gaps.

Zeus Kerravala, the Founder and Principal Analyst at ZK Research, has more than two decades of experience in researching and advising companies on various technology trends. Specializing in digital transformation, cloud services, and enterprise communications, Kerravala’s insights into the intersection of IT, OT, and security make him a notable thought leader in the field. He has worked with a broad range of clients from tech giants to small businesses. Kerravala offers a well-rounded view on the challenges and opportunities that exist in the evolving digital landscape. 

He mentioned that IT and OT convergence has a lot of benefits for companies. But added there is even more to benefit in considering the entirety of a security systems when converging. Kerravala emphasized the importance of security.

Kerravala’s Thoughts on IT and OT

The Increased Attack Surface with IT Integration

“So the first step in that would be to put technologies in like micro-segmentation that actually can make the attack surface smaller. But then after that, I think companies need to move away from this concept of best of breed and think of a security platform.”

Integrating IT with OT and IoT

“Well, the concept of bringing IT together with OT and IoT is to create better operational models by having all your connected devices on one network. The downside of that is it creates new security risks because you have all your devices connected to one network. And so if you’re going to bring IT and OT together, then you also need to bring the security elements together to create one operational model across it.”

New Security Risks with IT-OT Integration

“Otherwise, you’ll have a number of blind spots and different entry points into your network that your traditional IT security won’t see. Therefore, a breach on your OT system could actually cause a pretty big internal breach on your IT system.”

Rethinking Security Approaches

“The approach for securing an integrated IT-OT system requires actually a complete rethink of security. Historically, security pros have had the idea that if they deploy best of breed technology everywhere, that’s going to create the best possible threat protection.”

The Role of Analytics in Modern Security

“But security has evolved. It’s not about protecting an endpoint. It’s not about protecting a network. It’s not about protecting the cloud. It’s about analytics. And it’s about being able to take data from across all the different elements that touch a network and then being able to analyze that data and be able to find those insights in those areas where things are unprotected.”

Using Machine Learning for Threat Protection

“I think companies need to move away from this concept of best of breed and think of a security platform where perhaps not every element is best of breed, but you do get best of breed threat protection because all the data from across those different security elements can be analyzed using machine learning.”

Challenges in Converging Security Tools

“I think there’s a couple of key challenges when trying to converge your security tools to be able to keep up with the changes in IT-OT convergence. The first is just the concept that networking, security, and your operational technology teams need to work together.”

The Issue of Organizational Silos

“Historically, these groups have lived in silos. They have very tight domains and walls around their operational models. Smaller enterprises I’ve talked to seem to be more willing to do this, but when you get to the large enterprises, there are silos that still exist. And operationally, they do not like to share data and do not like to share tools.”

Selecting a Security Platform Vendor

“A bigger challenge is on the technical side. While the concept of the security platform is the best way to address IT-OT convergence, the reality is there are no security vendors that have a broad end-to-end platform that cover everything. So I think from an organizational perspective, you need to pick your platform vendor.”

The Need for Ecosystem Building by Security Vendors

“And to do that, you need to evaluate the tools that they have, but also the partnerships that they have to fill in the gaps in the areas that they don’t play. But then also look at how open they are and how willing they are to work with other companies, the types of APIs they have, the way they go to market, and things like that. Because I do think security platform is the way forward, but no vendor can deliver a security platform. So it’s incumbent on that security vendor to build a large ecosystem around it to help it fill the gaps where it doesn’t have product.”

Follow us on social media for the latest updates in B2B!

Image

Latest

Women's empowerment
Seizing the Narrative: The Transformative Impact of Storytelling on Women’s Empowerment
April 19, 2024

With gender equality becoming a significant global agenda, the narrative around women’s empowerment is more relevant than ever. Amid rising awareness and shifting societal norms, women are increasingly seeking avenues for self-expression and empowerment. A recent study by the Global Gender Gap Report highlights that while progress is being made, substantial efforts are still […]

Read More
V2G technology
Plug into the Future: Decoding V2G for Utility Applications
April 19, 2024

Brian Rudy from Verizon IoT and Melissa Chan of Fermata Energy explore the cutting-edge potential of vehicle-to-grid (V2G) technology at DISTRIBUTECH 2024. Their discussion highlights how this innovation transforms electric vehicles into dynamic energy storage units, capable of stabilizing the grid by storing and discharging power as needed. This technology represents a significant shift […]

Read More
zero trust architecture
Secure Grid Modernization with Zero Trust Architecture
April 19, 2024

Ray Bauer of Verizon Business engages with Del Rodriguez from Palo Alto Networks at DISTRIBUTECH 2024. Rodriguez shares insights into the significance of cybersecurity within the utility sector, particularly in light of increasing cyber threats and the convergence of IT and operational technology (OT). Bauer and Rodriguez discuss Palo Alto Networks’ initiatives to enhance […]

Read More
private wireless networks
Private Wireless Networks
April 19, 2024

Verizon host Wayne Weeks discusses the evolving utility industry with John Gaster, CEO of KSI Data Sciences at DISTRIBUTECH 2024. Together, they explore how KSI focuses on harnessing data from remote sensing devices to enhance the safety, efficiency, and cost-effectiveness of utility operations. Gaster emphasizes the significant role of AI and machine learning in […]

Read More