Corporations and CISOs are improving security by implementing zero trust in their IT networks. But, less consideration has been given to zero trust in operational technology (OT) environments because of concerns related to legacy equipment, lack of security controls, operational or production concerns, and safety constraints. Although most of these concerns are valid, collaboration and discussion between IT and OT security teams about actual barriers and boundaries can unlock apprehensions so that organizations can include OT networks in their comprehensive zero-trust security strategies.

Security for OT networks and devices can no longer be ignored. In the past, industrial facilities, critical infrastructure, and the associated OT networks were not designed for the modern connected world. Most OT networks were “air-gapped” from IT networks, and network and OT device security were not requirements or even considerations. Fast forward to today, and the rapid adoption of the Internet of Things, Industrial Internet of Things, and the digitization of manufacturing require connectivity to optimize production and operations and to access technology such as the cloud and artificial intelligence.