The Convergence of IT and OT Systems Requires a Complete Reassessment of Security
This world of digital transformation means the convergence of Information Technology (IT) and Operational Technology (OT) has opened up unprecedented opportunities for operational efficiency. However, this utopia comes with its own Pandora’s box: more vulnerabilities that attract hackers. The antiquated strategy of top notch technologies for security is no longer sufficient. What’s needed is a unified security platform that would centralize analytics. This would also provide a holistic view of the network and enabling machine learning to identify vulnerable spots and threats.
However, the path towards a unified platform has its challenges. Beyond organizational resistance, there’s a significant gap in the market. No single vendor offers an end-to-end security solution that adequately addresses IT-OT integration. In turn that makes selecting a primary platform vendor that provides robust tools to fill in gaps.
Zeus Kerravala, the Founder and Principal Analyst at ZK Research, has more than two decades of experience in researching and advising companies on various technology trends. Specializing in digital transformation, cloud services, and enterprise communications, Kerravala’s insights into the intersection of IT, OT, and security make him a notable thought leader in the field. He has worked with a broad range of clients from tech giants to small businesses. Kerravala offers a well-rounded view on the challenges and opportunities that exist in the evolving digital landscape.
He mentioned that IT and OT convergence has a lot of benefits for companies. But added there is even more to benefit in considering the entirety of a security systems when converging. Kerravala emphasized the importance of security.
Kerravala’s Thoughts on IT and OT
The Increased Attack Surface with IT Integration
“So the first step in that would be to put technologies in like micro-segmentation that actually can make the attack surface smaller. But then after that, I think companies need to move away from this concept of best of breed and think of a security platform.”
Integrating IT with OT and IoT
“Well, the concept of bringing IT together with OT and IoT is to create better operational models by having all your connected devices on one network. The downside of that is it creates new security risks because you have all your devices connected to one network. And so if you’re going to bring IT and OT together, then you also need to bring the security elements together to create one operational model across it.”
New Security Risks with IT-OT Integration
“Otherwise, you’ll have a number of blind spots and different entry points into your network that your traditional IT security won’t see. Therefore, a breach on your OT system could actually cause a pretty big internal breach on your IT system.”
Rethinking Security Approaches
“The approach for securing an integrated IT-OT system requires actually a complete rethink of security. Historically, security pros have had the idea that if they deploy best of breed technology everywhere, that’s going to create the best possible threat protection.”
The Role of Analytics in Modern Security
“But security has evolved. It’s not about protecting an endpoint. It’s not about protecting a network. It’s not about protecting the cloud. It’s about analytics. And it’s about being able to take data from across all the different elements that touch a network and then being able to analyze that data and be able to find those insights in those areas where things are unprotected.”
Using Machine Learning for Threat Protection
“I think companies need to move away from this concept of best of breed and think of a security platform where perhaps not every element is best of breed, but you do get best of breed threat protection because all the data from across those different security elements can be analyzed using machine learning.”
Challenges in Converging Security Tools
“I think there’s a couple of key challenges when trying to converge your security tools to be able to keep up with the changes in IT-OT convergence. The first is just the concept that networking, security, and your operational technology teams need to work together.”
The Issue of Organizational Silos
“Historically, these groups have lived in silos. They have very tight domains and walls around their operational models. Smaller enterprises I’ve talked to seem to be more willing to do this, but when you get to the large enterprises, there are silos that still exist. And operationally, they do not like to share data and do not like to share tools.”
Selecting a Security Platform Vendor
“A bigger challenge is on the technical side. While the concept of the security platform is the best way to address IT-OT convergence, the reality is there are no security vendors that have a broad end-to-end platform that cover everything. So I think from an organizational perspective, you need to pick your platform vendor.”
The Need for Ecosystem Building by Security Vendors
“And to do that, you need to evaluate the tools that they have, but also the partnerships that they have to fill in the gaps in the areas that they don’t play. But then also look at how open they are and how willing they are to work with other companies, the types of APIs they have, the way they go to market, and things like that. Because I do think security platform is the way forward, but no vendor can deliver a security platform. So it’s incumbent on that security vendor to build a large ecosystem around it to help it fill the gaps where it doesn’t have product.”