- The top mobile AI features that Apple and Samsung owners actually use
- Accelerate Your Docker Builds Using AWS CodeBuild and Docker Build Cloud | Docker
- Cisco's FY24 Purpose Report: Looking back while looking ahead
- Attacker Distributes DarkGate Using MS Teams Vishing Technique
- Ride the AI wave: Learn to flow
IT/OT convergence propels zero-trust security efforts
Strategic principles of zero trust for OT
EMA’s new zero-trust research, based on a survey of 270 IT professionals, found that IT/OT convergence correlates with a different approach to this security model. For instance, the top two guiding principles of zero-trust initiatives in general are (1) preventing unauthorized access and (2) preventing zero trust from negatively impacting network performance and user experience.
With OT-focused zero trust, enterprises are less concerned about network performance impacts. Instead, they place a greater premium on management simplicity. OT convergence adds network complexity by expanding the number of devices that need to connect and increasing the amount of segmentation needed to isolate those devices. Zero-trust architectures that are built for management simplicity can mitigate these issues.
OT requirements for zero trust
IT/OT convergence leads enterprises to set different priorities for zero-trust solution requirements. When modernizing secure remote access solutions for zero trust, OT-focused companies have a stronger need for granular policy management capabilities. These companies are more likely to have a secure remote access solution that can cut off network access in response to anomalous behavior or changes in the state of a device.
When implementing zero-trust network segmentation, OT-focused companies are more likely to seek a solution with dynamic and adaptive segmentation controls. These companies also perceive a greater need for a network observability tool that can support zero trust. Typically, they want an observability tool that can facilitate access policy design.
OT challenges to zero trust
EMA’s research asked respondents to identify various challenges to their zero-trust projects. Our analysis found that OT-driven projects had a few unique issues. First, we found that these companies are more likely to struggle with adapting legacy secure remote access technologies like VPNs to zero-trust requirements.
Moreover, OT-focused companies were more likely to perceive an overall lack of effective zero-trust products on the market. Apparently, most zero-trust solution providers are focused on traditional IT use cases, rather than OT. These companies were also more likely to tell EMA that their network observability tools are failing to support zero trust, suggesting that they need new monitoring tools that can extend their visibility into OT systems.
