Security Experts:

How to Find Success for IT in an OT World

The convergence of IT and operational technology (OT) is well underway, making IT’s influence on OT environments — both at the technological and personnel levels — critical to the future success of businesses. While these teams have not typically worked together and often find themselves at odds when it comes to networking, maintenance and ownership, the time for playing nice is now. Here are some critical factors for success in managing the meeting of these two worlds.

When IT and OT Come Together

Security is often the first place IT and OT teams meet. There are always kinks to iron out, and ensuring a strong security posture is paramount regardless of the teams involved. It’s just a matter of helping these teams get on the same level for the greater goal. 

What are the red flags to keep an eye out for? Figuring out process and technology ownership is one of the first areas where issues arise. Not properly distinguishing ownership will lead to disjointed operations. Then there’s the problem of OT professionals thinking their IT counterparts don’t understand their systems. IT operators, on their part, don’t think OT teams have the expertise to manage the latest wave of connected devices. They’re both wrong — and right. The reality is they need to come together to overcome the barriers that could lead to increased risk. Both teams are needed for the most effective and secure IT/OT infrastructure. 

This is best accomplished when we stop isolating teams and have a CISO or other liaison managing overall operations from above. This leader will need to make it clear why OT can’t ride the Industry 4.0 wave without the help of IT, while also highlighting the importance of each team and the roles within them.  

Are There Downsides to the Shift?

There are always complaints about the effects of bringing IT and OT together. The primary one is that OT environments become exposed as they become more connected. But the risk is worth the benefit. New smart OT technology, and Internet of Things (IoT) as a whole has not had the rigorous regulation and oversight that IT assets have had up to this point. With new IoT assets, automation is tricky, lack of visibility makes it harder to investigate and remediate issues, and the usage of “shadow IT/OT” creates issues if left unchecked. The results are often disastrous, from halted operations in manufacturing to patient issues in medical environments. 

In short, it’s more dangerous to resist the shift in favor of maintaining the status quo. Amid rapid technological and organizational changes, not having insight into what’s happening at all levels of the tech stack is asking for trouble.

Another worry is the people problem. Smart technology means you need fewer people, right? Not necessarily. The same people can now handle more complex and creative tasks. No one wants to download reports from oil tanks on location day in and day out when smart technology could do this across numerous tanks across the country in a fraction of the time. The transition won’t happen naturally, but it’s a gamechanger with the right guidance from the business. Additionally, assuming technology will completely displace humans at the onset is naive. Humans will still be needed to usher in new technology as it makes its way into the enterprise. 

All organizations and their employees want the same thing — to deliver the best service while incurring the least risk. We cannot sacrifice the proper deployment of technology for the sake of speed or fear of change. A new era of industrialization is upon us, and it requires a new approach. 

Learn More About Convergence of IT and OT at SecurityWeek's ICS Cyber Security Conference

view counter
Seema leads product marketing for Splunk’s emerging markets group and is responsible for Splunk’s Internet of Things (IoT) and Business Analytics solutions. In this role, she works closely with Splunk customers to help them understand how valuable insights from machine data can be applied to solve real-world business problems. Prior to Splunk, Seema served in product marketing roles at DataStax, Birst, and Actuate (OpenText). She has a Bachelors in Engineering from the University of Pune, India and a Masters in Computer Science from USC. Please don’t ask her to do basic math.