Skip to Content

Demystifying converged OT/IoT security

Capgemini
April 6, 2020

The business advantages of connectedness are well known, and I see that there are enormous benefits for end users. Today, “connectedness” is the culprit for a whole range of new security issues. In particular, the explosive growth of IoT has dramatically increased security vulnerabilities – particularly in industries such as manufacturing, medical networks, and critical infrastructures, with critical OT (operational technology) processes and networks.

According to a 2019 Gartner report, 90% of industrial companies said they had experienced a cybersecurity breach, and as per a recent IDC report, 80% of security professionals agreed that IoT breaches were more expensive to find and fix than traditional security incidents.

What I have seen is, in most companies, OT and IT have merged, leading to shared responsibilities in managing critical infrastructure. This convergence has fundamentally changed the threat landscape because OT networks are very different from IT networks.

But the key issue is that despite the convergence, OT and IT systems and devices are still secured separately through siloed security processes and solutions. All too often, there are disparate security mechanisms for control systems, OT devices, IT systems, and IoT devices leading to significant challenges, including:

  • Higher risks: Cyber-attacks can cause physical damage or have fatal consequences; they can also target the heart of your value chain.
  • Critical outages: Because of their vital process importance, equipment is often operated full time, increasing security vulnerabilities.
  • Shortages of skilled security professionals: The teams operating OT equipment aren’t always up to speed on cybersecurity, and traditional cybersecurity teams don’t know the operation use cases and related risks.
  • Difficulties with data protection and compliance: With more published attacks on critical Infrastructure, government, and industrial bodies keep increasing the requirements.

Convergence can be a cure!

At Capgemini, we are uniquely capable of using convergence to address the above challenges, and secure our clients’ critical enterprise IoT deployments. We combine deep expertise in OT, IT, and IIoT to deliver our Enterprise IoT (E-IoT) portfolio of services, which fit within three broad categories:

  • Define – We assess the client’s current IoT security and compliance status so they can clearly understand risks and prioritize remedial action .
  • Protect – Based on findings from the “Define” phase, our experts craft tailored-fit security solutions that will address the client’s highest-priority security questions and issues.
  • Defend – We defend the client’s IoT environment so they can continuously identify and respond to threats.

Do you want to explore how converged E-IoT solutions can advance your strategic priorities? Capgemini combines the deep expertise in OT, IT, and IIoT (industrial IoT) to deliver secured Enterprise IoT(E-IoT) portfolio of services. Check it out here.