The Benefits of OT, IT Collaboration

• By Ryan Zatolokin
• Aug 24, 2023

It is no secret: OT and IT are converging.

Physical security devices that were previously air gapped or standalone are now connected to a network, and with physical security devices more affordable than ever, the number of connected devices continues to grow. However, just because the technology itself is converging, that does not mean the human side of OT and IT are following suit.

Security cannot wait for anything, and in the meantime, organizations need a vendor provided device management platform to bridge the gap between OT and IT. Without proper management of devices, cybercriminals can take advantage of gaps in the network.

No matter the size of the organization or the attitude towards their network and the devices on it, a device management platform from the vendor will keep all the necessary ducks in their proverbial row.

With a device management system in place, both OT and IT employees can collaborate to keep firmware up to date, stay on top of necessary decommissioning and replacement, and most importantly, have visibility into all global locations. Without a device management system, you might not notice a device has gone offline until you need the data the device should have been recording.

Device management systems are also particularly critical as replacement strategies and can be configured to meet the various needs across organizations. For instance, some organizations replace a device as soon as the warranty is expired, which can account for up to 20% of their devices a year. On the other hand, some organizations simply never replace devices until they cease to function.

There is also the middle ground of replacing a device when it is no longer supported by firmware updates. In all these scenarios, the vendor-provided device management platform will serve as the reminder for replacement, regardless of what that replacement benchmark may be.

All About Attitude
While those of us in the security industry think about what it means to be utterly secure, not all organizations are security oriented, and even less have a balanced approach to both physical and virtual security.

Fewer organizations than you may think genuinely care about cybersecurity, and the “security” for an organization usually refers to the people hired to protect the physical space: picture the guy sitting in the room with all the camera feeds on display as opposed to the person responsible for the cameras producing those feeds.

Typically, security hires are not the actual IT staff responsible for configuring and maintaining the devices – they simply manage the systems with the dashboard that they are given. However, as IT has had to get more involved with every step of the device lifecycle, organizations are starting to slowly pay more attention to the potential cybersecurity issues, which means that OT and IT are on the same team.

OT and IT convergence on the human side has increased exponentially from even five years ago; a change driven in part by large organizations who have more to lose. This convergence has complicated things on multiple levels. For instance, when thinking about budget areas and responsibilities, clear divisions have become muddied. If an organization needs a new physical security system, but that system will require IT installation and maintenance, does the money for that system come out of an OT budget or an IT budget?

If one party “owns” the entire thing, does that mean the other party has no say in configuration? This results in a confusion not only about how the devices are initially configured, but also how they are maintained throughout their lifecycle. In essence, though an organization may be one big happy “family,” each family member may have different perceptions or attitudes about how things should be done.

A vendor-provided device management system can bring this “family” together by providing a simple, informative dash for OT while simultaneously helping IT with APIs, connected systems, and reports. Especially for large organizations, this system needs to be user friendly while still being able to manage complex IT infrastructure needs, which is a task daunting enough that many organizations have been postponing it.

This is no longer a task that can be sidestepped, though. At this point, organizations will be doing their employees a dangerous disservice by not giving them an effective way to collaborate. If all parts of an organization get in on the ground floor together, you will never have a situation where an employee is confused or playing catchup.

Organizations are more successful when IT is involved with physical security early, so that if there is ever a problem, they do not have to first understand the entire network before finding a solution. On the other side, if OT works alongside IT to get a network set up, then they can more easily define an issue as soon as it pops up rather than waiting for something disastrous to occur.

The Third Teammate: Device Management
A device management system not only facilitates the collaboration between OT and IT professionals and ensures the coherence and security of an organization's network regardless of whether the employee monitoring it is on their first day or later in their career. A device management system also acts as an impartial reminder for replacements, regardless of individual benchmarks between different departments.

The attitude of organizations toward security is a crucial factor that shapes the effectiveness of the partnership between OT and IT. Organizations should always be prioritizing security and making choices that lead to a system that secures physical sites, as well as virtual ones. This shared goal brings OT and IT onto the same team, blurring traditional boundaries and prompting collaboration.

While human factors may inevitably present challenges, a device management system serves as the critical link between these two worlds, allowing for effective collaboration and streamlined operations. In an era where the boundaries between physical and digital security are rapidly eroding, if they are not gone completely, organizations that embrace this convergence and empower their employees with the right tools will be better poised to navigate the challenges and opportunities that lie ahead.