-
Featured services
-
Services
View all services and productsLeverage our capabilities to accelerate your business transformation.
-
Services
Network as a Service
Popular Products
-
Private 5G
Our turnkey private 5G network enables custom-built solutions that are designed around unique use cases and strategies, and deployed, run and optimized through a full network-as-a-service model.
-
Managed Campus Networks
Our Managed Campus Networks services transform campus networks, corporate area networks and interconnected local area networks, and connect smart places and industries.
-
-
Services
Cloud Services
Popular Products
-
Cloud Migration and Transformation Services
Access the people, processes and technologies you need to deliver cloud migration projects that improve your return on investments.
-
Site Reliability Engineering Services
Get the most from your cloud investments when you harness our Site Reliability Engineering Services to support app development and lifecycle management.
-
-
Services
Edge as a Service
Client stories
-
Penske Entertainment and the NTT INDYCAR SERIES
Together with Penske Entertainment, we’re delivering digital innovations for their businesses – including INDYCAR, the sanctioning body of the NTT INDYCAR SERIES – and venues such as the iconic Indianapolis Motor Speedway, home to the Indianapolis 500.
-
Using private wireless networks to power IoT environments with Schneider Electric
Our combined capabilities enable a secure, end-to-end digital on-premises platform that supports different industries with the benefits of private 5G.
-
-
Services
Technology Solutions
Client stories
-
Services
Global Data Centers
-
Services
Digital Collaboration and CX
-
-
-
Insights
Recent Insights
-
The Future of Networking in 2025 and Beyond
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
Make zero trust security work for your organization
Make zero trust security work for your organization across hybrid work environments.
-
-
-
-
-
Discover how we accelerate your business transformation
-
About us
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
- Careers
Topics in this article
Typically, these systems are designed and built with proprietary and specialized technologies and communications and segmented from IT networks. Thus, oversight typically falls outside of traditional IT (and IT security’s) management purview.
But widespread digital innovation and the desire to connect and automate everything brings a plethora of changes in how these OT systems are designed, built and managed. In the not-so-distant past, a separation and independence of IT and OT systems was understandable and indeed relied upon to distinguish and provide security for the OT network.
As more OT systems connect to the Internet – and the traditional IT networks – IT and OT teams find themselves more digitally connected than ever. So, how they manage and secure these systems must also transform.
How connected OT systems increase risk
Gartner reports that OT environments that were traditionally separated are no longer completely isolated. They now have direct connections for business, OEMs and other third parties i and 15% of survey respondents have experienced a security incident last year that crippled operational or mission-critical systems.ii When you compare that 15% of survey respondents to the select few prominent OT cyber incidents in the news, one can conclude that OT incidents are significantly underreported.
A SANS study further underscores how connectivity is driving risk: connectivity to external systems continues as the overwhelming root cause of incidents, an indication that organizations still fail to follow network segmentation best practices.iii
This reality points to yet another fact: an increasing number of IT and OT systems have been connected to the Internet in a manner not previously expected. Similarly, the means by which employees connect to and manage them has also changed. At the same time, cybercrime and nation-state attacks are on the rise and OT devices are increasingly affected, either as collateral damage or as direct targets designed to disrupt business.
According to Gartner, security incidents in OT and other cyber-physical systems have three main motivations: actual harm, commercial vandalism (reduced output) and reputational vandalism (making a manufacturer untrusted or unreliable.)iv
As more OT networks connect to IT networks, it becomes easier for business transactions and related data to flow between the two environments. But it also makes it easier for malicious actors to discover ways to gain access via a broadened attack surface as more and more devices connect to the network. And as OT networks connect to the Internet, they’re exposed to the outside world, making it easier for trusted actors (employees) and bad actors (cybercriminals) to access them.
Reduce risk by implementing a security control framework
Current OT security tools and resources are insufficient given increasing threats from cybercriminals and the expanding attack surface, as noted earlier. Meanwhile, regulators and supply chain business partners expect organizations to demonstrate regulatory and industry compliance in most sectors. This need is crossing over from IT into OT.
A holistic approach to IT-OT network convergence is necessary for organizations that rely on both environments.
Existing IT security controls, tools, practices and skills sets don’t automatically translate to safe management of industrial equipment, even if it’s physically located ‘near’ the IT components running on the same shop floor or at a worksite in an oilfield.
Creating a framework of collaboration is critical to successfully securing OT. This framework will improve the cybersecurity posture by bringing together line of business experts, OT equipment suppliers and IT and OT security teams. Working together, aligning priorities and defining recovery processes can go a long way to enhancing the organization’s security posture while improving IT-OT network resiliency in a manner that can be demonstrated not only to internal stakeholders but also to external parties seeking this reassurance.
New priorities are reflected in reallocated responsibilities and investments
The stakes are high and require new leadership approaches coupled with technical savviness. Over 90% of OT companies experience some form of cybercrime each year,v and Gartner predicts that the financial impact of cyber-physical attacks will reach over USD50 billion by 2023. In addition, most CEOs will be personally liable for such incidents. Consequently, many businesses are moving to put OT security under the CISO and holding line of business leaders responsible for embedding security within their operations.
Innovative technology consolidation holds many potential benefits. Advocacy from the leadership team is important to ensure that accountability and responsibility are clear and that such consolidation aligns with the organization’s strategic direction.
Organizations leading the convergence of IT and OT can concurrently improve efficiency and lower operational costs over time. For example, companies that embraced IT-OT convergence efforts before the pandemic could better facilitate working from home, adapt network technology and policies to support third-party access to OT devices and recover from incidents more effectively.6
If your organization is establishing or bolstering an IT-OT security framework, reach out to NTT, a leading security services provider that leverages Fortinet’s Security Fabric. Together we can accelerate your security transformation and help you build a robust IT-OT converged network.
------------------------------
i Gartner, Reduce Risk to Human Life by Implementing This OT Security Control Framework, June 17 2021
ii Gartner, Emerging Technologies: Critical Insights for Operational Technology Security, November 10, 2021
iii SANS 2021 Survey: OT/ICS Cybersecurity, August 2021
iv Gartner, Gartner Predicts By 2025 Cyber Attackers Will Have Weaponized Operational Technology Environments to Successfully Harm or Kill Humans, July 2021
v Fortinet 2021 State of Operational Technology and Cybersecurity Report
