The Convergence of IT and OT Systems Requires a Complete Reassessment of Security


This world of digital transformation means the convergence of Information Technology (IT) and Operational Technology (OT) has opened up unprecedented opportunities for operational efficiency. However, this utopia comes with its own Pandora’s box: more vulnerabilities that attract hackers. The antiquated strategy of top notch technologies for security is no longer sufficient. What’s needed is a unified security platform that would centralize analytics. This would also provide a holistic view of the network and enabling machine learning to identify vulnerable spots and threats. 

However, the path towards a unified platform has its challenges. Beyond organizational resistance, there’s a significant gap in the market. No single vendor offers an end-to-end security solution that adequately addresses IT-OT integration. In turn that makes selecting a primary platform vendor that provides robust tools to fill in gaps.

Zeus Kerravala, the Founder and Principal Analyst at ZK Research, has more than two decades of experience in researching and advising companies on various technology trends. Specializing in digital transformation, cloud services, and enterprise communications, Kerravala’s insights into the intersection of IT, OT, and security make him a notable thought leader in the field. He has worked with a broad range of clients from tech giants to small businesses. Kerravala offers a well-rounded view on the challenges and opportunities that exist in the evolving digital landscape. 

He mentioned that IT and OT convergence has a lot of benefits for companies. But added there is even more to benefit in considering the entirety of a security systems when converging. Kerravala emphasized the importance of security.

Kerravala’s Thoughts on IT and OT

The Increased Attack Surface with IT Integration

“So the first step in that would be to put technologies in like micro-segmentation that actually can make the attack surface smaller. But then after that, I think companies need to move away from this concept of best of breed and think of a security platform.”

Integrating IT with OT and IoT

“Well, the concept of bringing IT together with OT and IoT is to create better operational models by having all your connected devices on one network. The downside of that is it creates new security risks because you have all your devices connected to one network. And so if you’re going to bring IT and OT together, then you also need to bring the security elements together to create one operational model across it.”

New Security Risks with IT-OT Integration

“Otherwise, you’ll have a number of blind spots and different entry points into your network that your traditional IT security won’t see. Therefore, a breach on your OT system could actually cause a pretty big internal breach on your IT system.”

Rethinking Security Approaches

“The approach for securing an integrated IT-OT system requires actually a complete rethink of security. Historically, security pros have had the idea that if they deploy best of breed technology everywhere, that’s going to create the best possible threat protection.”

The Role of Analytics in Modern Security

“But security has evolved. It’s not about protecting an endpoint. It’s not about protecting a network. It’s not about protecting the cloud. It’s about analytics. And it’s about being able to take data from across all the different elements that touch a network and then being able to analyze that data and be able to find those insights in those areas where things are unprotected.”

Using Machine Learning for Threat Protection

“I think companies need to move away from this concept of best of breed and think of a security platform where perhaps not every element is best of breed, but you do get best of breed threat protection because all the data from across those different security elements can be analyzed using machine learning.”

Challenges in Converging Security Tools

“I think there’s a couple of key challenges when trying to converge your security tools to be able to keep up with the changes in IT-OT convergence. The first is just the concept that networking, security, and your operational technology teams need to work together.”

The Issue of Organizational Silos

“Historically, these groups have lived in silos. They have very tight domains and walls around their operational models. Smaller enterprises I’ve talked to seem to be more willing to do this, but when you get to the large enterprises, there are silos that still exist. And operationally, they do not like to share data and do not like to share tools.”

Selecting a Security Platform Vendor

“A bigger challenge is on the technical side. While the concept of the security platform is the best way to address IT-OT convergence, the reality is there are no security vendors that have a broad end-to-end platform that cover everything. So I think from an organizational perspective, you need to pick your platform vendor.”

The Need for Ecosystem Building by Security Vendors

“And to do that, you need to evaluate the tools that they have, but also the partnerships that they have to fill in the gaps in the areas that they don’t play. But then also look at how open they are and how willing they are to work with other companies, the types of APIs they have, the way they go to market, and things like that. Because I do think security platform is the way forward, but no vendor can deliver a security platform. So it’s incumbent on that security vendor to build a large ecosystem around it to help it fill the gaps where it doesn’t have product.”

Follow us on social media for the latest updates in B2B!



telecom project success in healthcare
Telecom Project Success in Healthcare Usually Comes Down to Working with the Right Decision Maker
April 15, 2024

In the rapidly evolving landscape of healthcare technology, telecommunications plays a crucial role. As healthcare providers increasingly rely on digital solutions—from telemedicine to electronic health records—telecom companies are finding new opportunities and challenges in this sector. Successfully implementing telecom projects in healthcare requires a nuanced understanding of the industry’s legacy communications infrastructure, unique demands […]

Read More
visitor management systems
Enhance Security with Faster Adoption of Digital Visitor Management Systems
April 15, 2024

As workplaces evolve into hybrid environments, the urgency to replace traditional paper logbooks with advanced digital visitor management systems has become a critical focus for organizations aiming to bolster security. The reliance on outdated methods poses significant security risks, a concern highlighted by increasing incidents of unauthorized access and data breaches globally. This pressing […]

Read More
access control
Redefining Access Control: Mobile Credentials Integrate Security, Privacy, and IT Seamlessly
April 15, 2024

As businesses increasingly lean on technology to enhance security and operational efficiency, the topic of access control has surged to the forefront. This rise is particularly driven by advancements in mobile credential technology—a shift from traditional physical credentials to digital solutions hosted on personal devices like smartphones. The growing ubiquity of smartphones and heightened […]

Read More
brick-and-mortar store resurgence
Unique In-Store Experiences Are Driving a Brick-And-Mortar Retail Resurgence
April 15, 2024

What’s behind the recent brick-and-mortar store resurgence? Could it be that big box stores recognize the one-of-a-kind shopping experiences that can occur in person? Finding unique ways to capitalize on those in-store experiences may lead to a brighter future for retail. Big box stores are reasserting the importance of their physical presence, continuing to […]

Read More