IT/OT convergence: make security your foundation to drive digital transformation

Cybersecurity is an essential issue for companies in all sectors, but with the growth of information technology/operational technology (IT/OT) convergence in industrial organizations, it has become essential. Security must underpin every activity and direction.

There is now a clear performance divide between digital and non-digital companies – and the fear of security threats is preventing some companies from exploiting their digital potential and thriving. In industrial companies, OT generally supports factory infrastructure and production lines, while IT is typically used for back-office functions like procurement, supply chain, and administration. In Industrial Internet of Things (IIoT) approaches, and as companies move towards smart factories and more connected objects in production lines and supply chains, security becomes an increasingly vital factor.

As industrial IT/OT environments become more connected, they become bigger targets for malicious actors. “Attacks are increasing in frequency and severity,” says Lorenzo Veronesi, Research Manager, IDC Manufacturing Insights, EMEA. “Industrial companies like manufacturers have been subject to major ransomware attacks for example, and companies cannot ignore the risks of increased connectivity in OT environments and the potential cost and disruption caused by security incidents.”

Examples of manufacturing companies falling victim to major ransomware attacks include pharmaceutical giant Merck reporting losses of around $870 million, American food and beverage producer Mondelez at $188 million, and Taiwanese semiconductor manufacturer TSMC at $250 million. According to the IDC InfoBrief sponsored by Orange, The Road to Digital Transformation: Enabling OT-IT Convergence, equipment downtime and financial loss are the top two concerns for manufacturing companies from a cyberattack.

Another report – the Smart Factory Study by Deloitte and Manufacturers Alliance for Productivity and Innovation (MAPI) – finds that manufacturing is consistently among the most frequently-targeted industries for cyberattacks. In the UK, manufacturing has become the most attacked industry as cybercriminals look to exploit the COVID-19 emergency. Regrettably, as IIoT increases and the convergence of IT and OT grows in manufacturing companies, the threat landscape grows significantly.

Where are companies in terms of addressing this?

Companies have now recognized that IT/OT integration is central to enabling new capabilities and helps them drive towards improved performance, reduced costs and better customer service. Indeed, the IDC study found that operational performance and reduced costs were ranked the top two motivations for investing in IT/OT integration.

The IDC InfoBrief also found that by 2021, around 60% of companies would describe their governance models as “integrated,” wherein control and execution system investment decisions are made through a shared services organization, a center of excellence or a corporate function, and there is daily collaboration between IT and OT.

However, companies are still relatively far off achieving real-time integration. “IT/OT integration is a complex issue, and companies have to consider things like heterogenous factory environments that are home to many different types of machinery and connectivity, with different standards,” said Werner Reuss, Head of Industry 4.0 International Business, Orange Business. “Security concerns also come into play and can create a barrier to integration.”

IDC research found that companies fell into four distinct approaches to IT/OT integration: 15% said they had manual integration, where IT and OT integration mostly involves manually providing data to systems as needed; 29% said they utilized a batch integration approach, in which integration takes place mostly via scheduled batch processing; 41% said they take a mixed approach depending on business requirements; and 15% said most of their IT and OT systems are being integrated in real time.

Barriers to integration

According to the IDC InfoBrief, security is the main barrier to companies moving forward with IT/OT integration. Fear of cyberthreats is a major factor in preventing companies from maximizing their digital potential. “When we asked companies what they consider the top three barriers to IT/OT integration in their organization, almost 50% said concerns about security was their number one worry,” says Lorenzo Veronesi.

Only 26% of European companies say they manage physical and data security as an integrated system. And while integrating IT and OT can potentially expose a company to threats and increase its vulnerability, adopting appropriate security-related policies can help them mitigate that risk. Tight alignment and collaboration between IT and OT executives can deliver positive results here, and security must be a core element of any IT/OT convergence initiative.

Removing what holds you back

Companies need the freedom and resources to enact IT/OT integration properly and securely, but many still face internal hurdles to getting it done. IDC asked companies what their main limitations were to improve cybersecurity capabilities, and almost 40% said their top limitation was budget constraints. The second top concern was that operations resources are generally too busy with routine operations. A third-party solution provider can be the essential partner in helping companies along the path to IT/OT integration.

“Companies often struggle to manage IT/OT integration and appropriate security internally, and it is mainly because budgets are tight and many operations teams and workers simply don’t have the capacity to spare,” says Reuss. “However, it is important to view cybersecurity as an enabler of your digital investments and your digital transformation, and by working with a specialist partner, you can enhance your operations with no drop-off in cybersecurity, while enabling you to focus on your core business.”

Make security your foundation, not an afterthought

“Security simply must be a central element of an IT/OT convergence initiative”, says Lorenzo Veronesi. Ways to do this can include appointing a C-level executive who focuses on strategy and governance, and allocating appropriate budget for IT security and compliance to mitigate any potential risk is essential. Adopting OT-specific security initiatives is another advisable tactic. The case is clear: there is now a massive divide between digital and non-digital companies, and digital investments pay off. Doing nothing now will cost you today and in the long term. An integrated security approach has become a must.”

Read the exclusive IDC InfoBrief sponsored by Orange: The Road to Digital Transformation: Enabling OT-IT Convergence.

Steve Harris

I’ve been writing about technology for around 15 years and today focus mainly on all things telecoms - next generation networks, mobile, cloud computing and plenty more. For Futurity Media I am based in the Asia-Pacific region and keep a close eye on all things tech happening in that exciting part of the world.