News reports of major security breaches have become common and incur a massive toll on companies’ reputations and revenues. Security breaches in industrial applications can have major impacts on human safety and cause unplanned disruptions to critical operations spanning manufacturing production to utility services. The costs of recovery are significant in themselves, but losing customer trust is an even bigger impact, and much harder to win back.
The proliferation of edge devices and the internet of things (IoT) are creating new challenges for enterprise security stakeholders. Designing and deploying distributed edge solutions now entails a careful balancing act spanning Operations Technology (OT) and Information Technology (IT). OT constitutes a wide gamut of devices, control systems, and networks critical for running industrial processes and the organization’s priorities include safety, efficiency, throughput, quality, and uptime of production environments (examples: factory floors, oil refineries, and warehouses). Meanwhile, IT largely encompasses the enterprise computing infrastructure (examples: e-mail, laptops, servers, enterprise resource management, customer relationship management).
Security measures for OT and IT are interconnected but have different implications. IT security considerations are usually centered on data protection, compliance, governance, and privacy. On the other hand, OT security is focused on human safety, protecting capital assets, and maintaining production uptime. Not surprisingly, OT networks have been traditionally separated from the IT side. IoT is challenging this traditional paradigm as stakeholders seek to unlock new business value by connecting traditionally isolated OT infrastructure and processes to broader networks for visibility and advanced analytics.
OT security typically involves practices and technologies used to (a) protect people, assets, and information, (b) monitor and/or control physical devices, processes, and events, and (c) initiate state changes to enterprise OT systems. Traditionally, OT has practiced “security by obscurity” by leveraging air-gapped networks and only one-way data flow to their on-premise SCADA and DCS systems. As digital innovation expanded and OT and IT networks began to converge, organizations deployed bolt-on point solutions as band-aids to address issues. Over time, these stop-gap measures have resulted in a complex patchwork of non-integrated, sub-optimal solutions that are difficult to maintain. In addition, the fragmented approaches to OT and IT security duplicate security efforts and eschew transparency. Since OT networks traditionally report to the COO and IT networks report to the CIO, identifying the boundaries of responsibility and efficiently arriving at a holistic security approach has been challenging.
It is no longer viable for organizations investing in digital transformation to have two separate modes of security operations. Having insecure IT/OT networks is effectively holding back digital transformation, building up more legacy and technical debt as a result. If companies secure IT/OT in a simple and robust manner then they unleash innovation and velocity in the business to drive more growth, revenue and cost reduction.
Edge computing solutions require considerable forethought and planning to prevent security breaches related to IoT use cases in recent times. Connected edge solutions must be built with a security-first focus that protects legacy assets and provides a consistent foundation for security and manageability regardless of use case. Given the diverse mix of technologies and skillsets at the edge, implementing security also requires a focus on usability.
As enterprises plan security deployments, it is useful to consider the top reasons for security breaches in enterprises. Social engineering, web application attacks, system intrusion, human errors, and misuse of access privileges are the top reasons for miscreants gaining unauthorized access to systems. In the next editions of this blog series, we’ll examine strategies that enterprises can use to combat such failures.
Did you know that Arrow offers a wide range of Edge Cybersecurity Services that can help protect your business from cybersecurity attacks? See our services or get a quote today.
