The Convergence of IT and OT Systems Requires a Complete Reassessment of Security

 

This world of digital transformation means the convergence of Information Technology (IT) and Operational Technology (OT) has opened up unprecedented opportunities for operational efficiency. However, this utopia comes with its own Pandora’s box: more vulnerabilities that attract hackers. The antiquated strategy of top notch technologies for security is no longer sufficient. What’s needed is a unified security platform that would centralize analytics. This would also provide a holistic view of the network and enabling machine learning to identify vulnerable spots and threats. 

However, the path towards a unified platform has its challenges. Beyond organizational resistance, there’s a significant gap in the market. No single vendor offers an end-to-end security solution that adequately addresses IT-OT integration. In turn that makes selecting a primary platform vendor that provides robust tools to fill in gaps.

Zeus Kerravala, the Founder and Principal Analyst at ZK Research, has more than two decades of experience in researching and advising companies on various technology trends. Specializing in digital transformation, cloud services, and enterprise communications, Kerravala’s insights into the intersection of IT, OT, and security make him a notable thought leader in the field. He has worked with a broad range of clients from tech giants to small businesses. Kerravala offers a well-rounded view on the challenges and opportunities that exist in the evolving digital landscape. 

He mentioned that IT and OT convergence has a lot of benefits for companies. But added there is even more to benefit in considering the entirety of a security systems when converging. Kerravala emphasized the importance of security.

Kerravala’s Thoughts on IT and OT

The Increased Attack Surface with IT Integration

“So the first step in that would be to put technologies in like micro-segmentation that actually can make the attack surface smaller. But then after that, I think companies need to move away from this concept of best of breed and think of a security platform.”

Integrating IT with OT and IoT

“Well, the concept of bringing IT together with OT and IoT is to create better operational models by having all your connected devices on one network. The downside of that is it creates new security risks because you have all your devices connected to one network. And so if you’re going to bring IT and OT together, then you also need to bring the security elements together to create one operational model across it.”

New Security Risks with IT-OT Integration

“Otherwise, you’ll have a number of blind spots and different entry points into your network that your traditional IT security won’t see. Therefore, a breach on your OT system could actually cause a pretty big internal breach on your IT system.”

Rethinking Security Approaches

“The approach for securing an integrated IT-OT system requires actually a complete rethink of security. Historically, security pros have had the idea that if they deploy best of breed technology everywhere, that’s going to create the best possible threat protection.”

The Role of Analytics in Modern Security

“But security has evolved. It’s not about protecting an endpoint. It’s not about protecting a network. It’s not about protecting the cloud. It’s about analytics. And it’s about being able to take data from across all the different elements that touch a network and then being able to analyze that data and be able to find those insights in those areas where things are unprotected.”

Using Machine Learning for Threat Protection

“I think companies need to move away from this concept of best of breed and think of a security platform where perhaps not every element is best of breed, but you do get best of breed threat protection because all the data from across those different security elements can be analyzed using machine learning.”

Challenges in Converging Security Tools

“I think there’s a couple of key challenges when trying to converge your security tools to be able to keep up with the changes in IT-OT convergence. The first is just the concept that networking, security, and your operational technology teams need to work together.”

The Issue of Organizational Silos

“Historically, these groups have lived in silos. They have very tight domains and walls around their operational models. Smaller enterprises I’ve talked to seem to be more willing to do this, but when you get to the large enterprises, there are silos that still exist. And operationally, they do not like to share data and do not like to share tools.”

Selecting a Security Platform Vendor

“A bigger challenge is on the technical side. While the concept of the security platform is the best way to address IT-OT convergence, the reality is there are no security vendors that have a broad end-to-end platform that cover everything. So I think from an organizational perspective, you need to pick your platform vendor.”

The Need for Ecosystem Building by Security Vendors

“And to do that, you need to evaluate the tools that they have, but also the partnerships that they have to fill in the gaps in the areas that they don’t play. But then also look at how open they are and how willing they are to work with other companies, the types of APIs they have, the way they go to market, and things like that. Because I do think security platform is the way forward, but no vendor can deliver a security platform. So it’s incumbent on that security vendor to build a large ecosystem around it to help it fill the gaps where it doesn’t have product.”

Follow us on social media for the latest updates in B2B!

Image

Latest

Community and belonging
Community and Belonging in the DisruptED World of Education
October 2, 2024

Creating a sense of community and belonging in education has never been more important, especially with online learning and AI-driven platforms reshaping the ways students engage with educational content. Research shows that a sense of purpose and belonging can significantly impact student success, improving both academic outcomes and overall well-being. With institutions navigating post-pandemic…

Read More
Demystifying Self-Funded Benefits Can Forge a New Path for Employers
October 2, 2024

Healthcare costs are skyrocketing in the U.S., placing significant pressure on both businesses and individuals. With health insurance premiums on the rise, businesses are searching for innovative solutions to manage these escalating expenses. As traditional fully-insured models become less sustainable, more employers are turning to self-funded benefits as a way to take control of…

Read More
The Next Frontier in Nursing: Embracing Tech & AI
The Next Frontier in Nursing: Embracing Tech & AI
October 2, 2024

In the latest episode of Care Anywhere: The Global Health Workforce Podcast, Lea Sims, CMO of CGFNS International, speaks with two leading figures in nursing informatics: Kathleen McGrow, CNIO at Microsoft, and Romina Elias, Healthcare CNIO at Dell Technologies. Together, they explore how technology is transforming the future of nursing and healthcare. Kathleen and Romina…

Read More
career paths
Navigating Career Paths and the Future of Pro AV with Insights from 40 Under 40 Awardee Andie Mace
October 1, 2024

The conversation around recruitment, career paths and retention in Pro AV is gaining attention, particularly as the industry navigates the shift toward hybrid work models and the influx of new talent. Around 70% of companies are either implementing or planning to implement hybrid work models, and businesses in the AV space are rethinking how…

Read More