How Organisations Can Use Their Data to Survive, and Why Security Is Now a True Enabler
In today’s changing times it will be the organisations that best adapt that will continue to survive and potentially prosper. Whether it’s adapting to new ways of working, routes to market or the ability to reduce costs in challenging circumstances.
At the heart of every organisations success is the ability to understand and use the information available to it, in the best possible way.
Traditionally many organisations have silos of information that are not directly connected to or accessible by corporate networks. This may be down to either difficulties or costs of connecting into the corporate IT network, or issues around potential security breaches or increased cyber-attack risk by connecting into a previously stand alone network. And it’s not just about the heightened risk of corporate security breaches, it’s also about ensuring compliance with stringent regulations concerning the safekeeping of data.
As organisations have evolved and expanded many recognise that there is a need to integrate and act on all the information they generate. For many it has often been more difficult to pursue convergence. As an example if we look at IT and OT convergence, the fact that the OT environments have traditionally used different hardware has limited such integration. The Operations Technology is typically the Machines, Equipment, Industrial Controls and Production Monitoring, and it is still relatively rare to find it fully entwined with the IT side – the Storage, Computing, Infrastructure, Data Processing and Analytics.
However industry leaders are now recognising the need for IT and OT integration and the benefits that can result. These benefits are increasingly being recognised in production industries such as automotive, transport, pharmaceutical, consumer goods etc. through the ‘Smart Factory’ concept.
However it should also be remembered that any organisation that needs to gather, make sense of and secure large amounts of information would also gain notable efficiencies and benefits from adopting similar convergent technologies.
The development of Smart factories, the convergence of I.T / O.T and the proliferation of connected devices can deliver real gains in efficiencies and cost reductions, but it also brings the cyber war into your OT environment, potentially at every possible level, from bad actors to highly organised groups seeking to extort, steal IP, disrupt operations and destroy critical information and infrastructure. It is not a matter of IF you will get attacked, it is WHEN.
The key challenges of OT and IT Convergence
When looking at IT and OT the challenge is typically around the various proprietary and open protocols that exist for machine to machine communication, and cloud protocols. Then of course there are the challenges posed by the multiplicity of interfaces, such as serial to serial and various ‘to fibre’ options.
Critical to this are of course the security risks, in the past ICS networks were physically isolated and almost immune to attacks. However OT and IT convergence is opening up OT silos to the world when systems are expanded and networks are integrated, making them vulnerable to both internal interferences and external threats.
Therefore it is paramount to have security protocols in place that are specifically designed for such initiatives – ones that will work across the range of networks that would be involved; LAN, WAN WLAN, 5G etc. As more device to cloud and sensor to cloud integration happens, adopting new communications technologies will complete network integration. In a recent survey carried out by Deloitte-MAPI a third of factory leaders identified that the lack of the necessary IT Infrastructure was a significant impediment to ‘smart’ factory initiatives, and security was often at the heart of this.
The simple fact is that tools and techniques for securing both digital and physical assets across OT and IT must evolve quickly in order to continue to safeguard manufacturing’s assets as they move to more efficient and profitable ways of working, but which increase the attack surface and vulnerability of an organisation’s IT infrastructure if not managed properly.
To realise the key benefits of increased efficiency and lower costs, businesses need to develop a secure information integration strategy, one that recognises the importance of OT, the need to integrate it into an IT environment – and to do so with the level of security that is required.
The 4 elements of OT and IT convergence
The critical first step is to be able to link networks whilst maintaining a security perimeter, allowing only ‘least privileged’ access. This then enables the collection of data from any source. Once this is done then organisations can then move onto areas like automated monitoring activities and develop custom dashboards to show key information and data.
A New Approach to Security
Once OT networks are linked to a wider corporate IT infrastructure vulnerabilities to cyber-attack notably increase. Quite simply an organisation needs to move to a Zero trust model.
The principles are simple – trust no user or device, inside or outside the private network. Essentially, the approach dictates that we cannot trust anything inside or outside your perimeters. This approach aligns with OT and IT aims - it effectively assumes that the fixed perimeter is dead, that you need to operate outside it, and can no longer rely on everything inside being ‘trusted’. That way information can be secured wherever it is and access is controlled at a granular level.
Improving response time
By using the latest technologies vast amounts of data can now be gathered and correlated in seconds. Key data can be visualized in easily built reports and dashboards, enabling issues to be uncovered and addresses for more quickly than previously, not just within the plant but at any location with network access.
Gaining better efficiencies, increased output and reduced costs
Once the tools are in place to gather correlate and output data into reports and dashboards. Then the stage is set for organisations to now make quantitative decisions based on real time data, making labour more efficient, improving resource utilization and increasing output. In fact a major report into the Smart factory showed double digit growth in all these areas occurred from such initiatives.
Facing up to the Challenges Ahead
Many organisations are facing tough challenges, and not all will survive. Those that stand the best chance are those that embrace and use technologies enabling them to increase output, maximise use of resources and reduce costs; change is never easy, but never has it been more critical.
At Unisys and Sightline we have had a long history of working with major customers around the globe helping them to utilise IT based technologies to constantly adapt to the challenges and opportunities they face.
We believe that we have the understanding of the industries, the appreciation of the challenges, and the expertise in the IT development to truly help organisations move to a more converged, efficient and productive way of working.
That is why we have developed a solution that we believe enables organisations to fully achieve integration – enabling them to analyse and make use of their data on an company wide basis, generating more output, potentially with less resource, and achieving notable cost reductions. We proposed this solution at a major Industry security event earlier this year at ManuSec in Munich. Since then we have now developed the proposal into a fully deliverable solution, taking on board the discussions we have had with major manufacturers at and after the event.