Summary
Connected workers are creating many benefits for industrial companies. But the associated risks demand more advanced, zero trust cybersecurity programs.
Leading industrial companies are using anywhere, anytime access to systems, apps, data, and people to drive higher productivity, better quality, and lower costs. While these benefits are large, they come with increased cyber risks. Every interaction opens a new attack pathway. Devices used outside facilities also increase opportunities for malware infection and data loss. Current industrial cybersecurity programs were not designed to manage these threats. Companies need to implement zero trust security to securely reap the full benefits of connectivity.
Recently, ARC Advisory Group discussed industrial connected worker security challenges with executives of BeyondTrust, a company with extensive experience in enabling secure, connected workers. A brief overview of their security offerings is included in this report.
The Industrial Connected Worker
Connected workers are driving higher performance in every industrial activity. Workers with remote access to systems and assets are reducing facility downtimes and travel costs. Site personnel with instant access to project information are reducing construction delays and costly errors. Instant access to cloud resources and subject matter experts (SMEs) is improving the productivity of factory workers. Remote operation of equipment in distant and hazardous areas is reducing safety risks and travel costs. Connectivity is also enabling broader use of productivity-enhancing technologies, like cloud analytics, smart glasses, and augmented reality.
All these benefits rely upon anywhere, anytime access to a wide range of devices, apps and data in corporate IT and OT systems, the cloud, and embedded physical systems.
Connected Worker Cybersecurity Challenges
Connectivity increases opportunities for attackers to compromise critical systems and steal confidential data. Left unaddressed, these threats can impact safety, environmental compliance, and business continuity, with costs that far outweigh connected worker benefits. Concern about cyber risks also constrains adoption of performance-enhancing processes and technologies that are sorely needed in many industrial sectors. Upgrading industrial cybersecurity programs to address these issues is essential.
Conventional industrial cybersecurity programs, especially those for OT systems, place strict limitations on communications across system boundaries. Isolation is considered essential to protect legacy assets and networks that can’t support modern security defenses. External connections are severely limited and require well-defined use cases and time for implementation of strong defenses.
Rigid, restrictive connectivity constrains connected worker benefits. Remote workers can only help operations if they have convenient access to internal systems. Internal workers can only leverage SMEs and external information when they are readily available. Each of these situations presents a unique, time-sensitive opportunity to improve productivity, but only if security strategies support on-demand, end-to-end protection of individual interactions. To maximize benefits, companies need to provide this kind of security for three common use cases:
- Secure remote access to assets within IT and OT system perimeters.
- Secure access to corporate data, apps, and IoT devices by workers at remote sites.
- Secure access to cloud apps, data, and SMEs by internal workers.
Connected Workers Require Zero Trust Cybersecurity
Trust is the foundation for secure interactions. Trust is traditionally implicit within system perimeters because companies have control over the internal people, devices, apps, and networks. But activities, like connected workers, that involve external resources …….
Source: https://www.arcweb.com/industry-best-practices/industrial-connected-workers-require-zero-trust