The Future of Industrial Remote Access: Software-Based OT Solutions
For over a decade, the adaptation of remote access and data acquisition technologies in industrial applications has been increasing rapidly, while the number of competitors, as well as their complexity, has grown day by day.
For many years, we saw hardware-based devices getting adopted by machine builders with enthusiasm and becoming an essential part of the digital services portfolio of these companies. Despite the many advantages provided by their vendor’s digital service offering, end users are taking their time to fully engage. But why?
There may be more than one reason for this lack of excitement, but the number one concern lies in cybersecurity.
Let’s understand what the problem with the solutions proposed by vendors really is and how this can be addressed to free up end customers to accelerate their digital transformation journey.
Contents
Lack of the Zero Trust security model
Not designed for end users and plant-wide implementations
Cost of ownership – hardware vs. software
Lack of the Zero Trust security model
Remote access routers often come with security limitations. One of the gaps is the absence of the Zero Trust security model, thus leaving potential vulnerabilities.
The key concepts of Zero Trust, Just-In-Time (JIT) provisioning, Just-Enough-Access (JEA) control, and Role-Based Access Control (RBAC), are challenging to implement effectively when using hardware-based solutions, making it difficult to restrict permissions to the bare minimum necessary.
Plus, these routers typically lack the granularity required to fine-tune the access, which can lead to a less strict security approach. It's crucial to pair robust security solutions with remote access infrastructure due to these limitations.
“The companies that fabricate the remote access routers are successfully selling them to industrial machine manufacturers. However, this is when the cybersecurity concerns step in.
The reason is that some of these devices were not built by cybersecurity experts, meaning that the cybersecurity aspect was added to the product later to improve acceptance by the end user. Therefore, the newer hardware versions and the cybersecurity aspect were not included in the original conception of the product. Communication was the original conception of this type of equipment," explains Eduardo Giancristofaro, Channel Development Director at SSH Communications Security.
Not designed for end users and plant-wide implementations
Remote access routers, initially designed for machine-level applications, present a series of challenges when applied to broader end-user scenarios or plant-wide implementations. They weren't originally designed to accommodate the extensive cybersecurity demands of modern industrial landscapes.
This often leads to limited integration with vital cybersecurity tools, such as Security Operation Centres (SOC), Security Information and Event Management (SIEM) systems, and Identity Management (IDM) solutions, reducing visibility and control over security incidents and access management.
These routers often require client software installation, adding complexity and overhead to network management. Furthermore, their use can impact network architecture and create potential security vulnerabilities, making them less suitable for modern industrial cybersecurity.
Lastly, remote access routers were initially designed for machine builders, which doesn't align well with today's cybersecurity needs in industrial settings. Thus, businesses must explore more robust and adaptable solutions to secure their industrial operations effectively.
Cost of ownership – hardware vs. software
The expenses associated with owning remote access routers present several challenges starting with substantial initial investment that falls under Capex. Besides the cost, these routers require constant labor and specific device management.
Device management and physical interventions become necessary components, adding to the overall operational complexity. Also, upgrades can be a bit tricky, interconnected with the constraints of hardware lifecycle, inventory management, and potential disruptions due to supply chain issues.
This highlights the complex factors in improving remote access router performance.
“When the companies who operate in the OT industry are migrating to more digitalized systems, they need to rethink this strategy completely if they want to stay competitive and secure,” says Eduardo.
PrivX OT Edition, a modern access security solution for OT businesses
At SSH Communications Security, we recognize that critical infrastructure and other OT enterprises require more than just physical safety and basic access security. That’s why we’ve introduced PrivX OT Edition, an integrated secure access management solution designed for IT/OT systems.
PrivX OT Edition ensures secure access to both modern and legacy OT assets in hybrid environments.
Discover more about PrivX OT Edition in our short video:
With PrivX OT Edition, you can efficiently oversee secure remote access for your on-site and off-site OT operations, including a wide range of ICS/OT targets. Our solution goes beyond traditional VPNs and firewalls by offering just-in-time (JIT), just enough access (JEA) models.
These advanced features are not available in VPNs or firewalls, ensuring that access to industrial targets is finely controlled and safeguarded.
We've recently partnered with EU collaborators to enhance the development of Internet of Things (IoT) and Artificial Intelligence (AI) solutions in the industrial sector. This collaboration was made possible through our significant involvement in the CHARM ECSEL JU project, sponsored by the European Union. Learn more about the CHARM project here >>>
NOTE: The CHARM project has received funding from the ECSEL Joint Undertaking (JU) under grant agreement No 876362. The JU receives support from the European Union’s Horizon 2020 research and innovation program and Finland, Austria, Belgium, Czechia, Germany, Italy, Latvia, Netherlands, Poland, and Switzerland.
Eduardo Giancristofaro
Eduardo is the Channel Partner Director for OT at SSH. He has been involved in the Industrial Automation arena since 1994 when he started his career as a PLC/Scada programmer at different systems integration companies. Later, he made a career shift to industrial communication network sales, specializing in providing...