Accelerating your Zero Trust journey in manufacturing

Issue 7 2022 IT infrastructure, Cyber Security, Industrial (Industry)

Francois van Hirtum.

Many manufacturing operations are still struggling with ageing IT/OT infrastructure that can be difficult to secure, as well as a poorly integrated set of security point products that does not align with the strategic approach expected by their executive management.

Digital transformation is accelerating within the manufacturing space with the continued modernisation and interconnectedness of the environment, the development of the hybrid workforce, and increased pressure to maintain availability in light of more sophisticated cyber threats. Industry in general can be said to have reached a tipping point, with many users and apps now residing outside of the traditional perimeter.

Given this combination of tremendous change coupled with the need for availability and operational resilience, information security teams working within manufacturing require a modern approach to security that fits these significant shifts.

The new reality

A hybrid workforce is the new reality; businesses must provide access from anywhere and deliver an optimal user experience. The days of managing implied trust by relying on a static, on-premise workforce are gone. At the same time, application delivery has tilted firmly in favour of the cloud, public or private, and has enabled development teams to deliver at an unprecedented pace.

However, new architectures, delivery and consumption models create more instances of implied trust, and an expanding catalogue of apps creates a broader attack surface, while implied trust granted to microservices yields new opportunities for attackers to move laterally. Moreover, infrastructure can be anywhere, and everything is increasingly interconnected, making the elimination of implicit trust even more critical. You can no longer simply trust IT equipment such as printers or vendor-supplied hardware and software, because IT and workplace infrastructure are increasingly connected to Internet-facing apps that command and orchestrate them centrally.

How do you define risk?

The important thing to understand is that anything Internet-facing is a risk to your organisation. Physical locations are increasingly run by connected things, including IoT devices, which typically have more access than they need. Traditional IT patching and maintenance strategies do not apply here – cyber adversaries know this is ripe for exploitation.

The biggest challenge to adopting a Zero Trust architecture has not been a lack of specific security tools, but a simple lack of resources (talent, budget, interoperability, time, etc.). Running the most current security controls against a moving target – a dynamic threat landscape – has historically been challenging for the manufacturing industry.

A comprehensive Zero Trust approach can be implemented for businesses operating in the sector, but it must be augmented by the right set of security capabilities that enable consistent controls across IT and OT environments.

Instead of testing, running and fixing multiple non-integrated security controls across all of your security domains, such as malware or DLP (for protecting your intellectual property or trade secrets), you can rely on one single control which you can deploy across your organisation.

Security by design becomes a reality as deployment, operations and time-to-market costs are decreased. Moreover, leveraging the network effect of telemetry from the entire organisation, and not just from one specific area, means the time to respond to and prevent cyber threats is lowered, leading to more resilient cybersecurity.

To summarise, Zero Trust is a strategic approach to cybersecurity that secures an organisation by eliminating implicit trust and continuously validating every stage of digital interaction. It is a modern, holistic approach to security that enables manufacturing operations to meet current challenges in a proactive manner for higher levels of security, reduced complexity, and increased functional resilience that minimises downtime and disruption to operations.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Five IT trends to watch in 2023
IT infrastructure
The efforts made by South African companies in 2021 and 2022 have positioned them well for the next wave of growth and innovation — or for continued economic disruption.

Boost enterprise data resilience
Arcserve Southern Africa IT infrastructure
Arcserve Unified Data Protection 9.0 offers unified, multi-tenant cloud-based management, enhanced data availability, durability, and scalability with Cloud Object Storage, and expanded support for Oracle DB and Microsoft SQL Server.

SAN market set for growth
Technews Publishing News IT infrastructure
Storage-area network (SAN) market to hit US$ 26,86 billion in revenue by the end of 2029 due to factors like widespread adoption of Hybrid SAN-NAS solutions.

Enterprise threats in 2023
News Cyber Security
Large businesses and government structures should prepare for cybercriminals using media to blackmail organisations, reporting alleged data leaks, and purchasing initial access to previously compromised companies on the darknet.

Advanced server performance and energy efficient design
Editor's Choice IT infrastructure Products
Dell PowerEdge server portfolio expansion offers more performance, including up to 2.9x greater AI inferencing while Dell Smart Flow design and Dell Power Manager software advancements deliver greater energy efficiency.

CA Southern Africa unmasks container security
Technews Publishing IT infrastructure Cyber Security
Adoption of software containers has risen dramatically as more organisations realise the benefits of this virtualised technology.

Best practices for cybersecurity and network health in 2023
Axis Communications SA IT infrastructure
Securing a network from outside threats while making it easily accessible to employees can be challenging. What are the tell-tale signs of poor network security, and what should organisations do to secure their networks?

Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.

Industrial control systems under attack
News Cyber Security
According to Kaspersky ICS CERT statistics, from January to September 2022, 38% of computers in the industrial control systems (ICS) environment in the META region were attacked using multiple means.

ALM a key element of data security
IT infrastructure
ALM is core to any data security framework in the digital age and it is an element that no business can afford to be careless with.