Blog

IT-OT Convergence – Challenges, Strategies & Technologies


Let's start by defining what IT-OT convergence means for the different industries. To help with this, we can refer to Gartner's definition of this integration:

IT/OT integration is the end state sought by organizations (most commonly, asset-intensive organizations) where instead of a separation of IT and OT as technology areas with different areas of authority and responsibility, there is integrated process and information flow.

But what is the objective?

Convergence Objective.

IT-OT convergence is a broad concept that applies to the 4th industrial revolution (usually called Industry 4.0, where factories, machines, and equipment get connected, and data is generated, analyzed, and used to make better processes). The main idea is to integrate both the set of systems that are used to manage the industrial process and operations (OT) with the set of systems that handle the business processes and data to be able to develop end-to-end use cases from this integration. With the integration, we can apply AI models to the data and different end-to-end use cases, such as production autoregulation with business needs, digital twins testing, proactive maintenance, forecasting sales and infrastructure, etc.

This concept is not only about hosting OT systems and applications in the IT infrastructure. It is more about sharing information between both domains and developing the interfaces to build end-to-end business processes. Organizations will only reach the industry 4.0 vision if they can achieve a level of OT-IT integration. This concept also couples strongly with the trends of providing everything as a service (XaaS) and provisioning services as closer to users as possible.

Let's discuss next what are the OT and IT characteristics to understand better the challenges faced with the convergence strategies and what characteristics of each domain should be preserved.

OT Characteristics, IT Characteristics

• Focus on availability and security.

• Mostly control applications based on proprietary platforms from some vendors (Such as General Electric, Rockwell, Schneider, Siemens, etc.)

• Traditionally developed and deployed over Windows, and with slow evolution cycles, with stability as focus and lack of interoperability options.

• Localized and closed hardware-intensive repositories and systems. Strict Least Path communications.

• Oriented to Production and Operations.

• They are commonly based in the Purdue Enterprise Reference Architecture as a guideline to build industrial control systems.

• ISA/IEC 62443 Security Framework

Main requirements for OT Architectures:

• High-Availability.

• Dependability

• Strong Cybersecurity in all planes/levels

• Segmentation (Security levels)

IT (Information Technology) is the critical infrastructure required for data processing in businesses. It encompasses the systems serving as repositories for corporate information, making data available to business applications and users of such applications. It deals with systems for data-centric computing, supporting business (CRM, billing, computing, etc.), and refers to anything related to computer technology supporting business processes, including hardware and software.

Characteristics of IT architectures:

• Data-centric computing. Focus on supporting business (Sales, CRM, billing, computing, etc.)

• Manage data.

• Traditionally led by big databases and corporate applications providers (Oracle, HP, VMWare, IBM, etc.). Open Source and Linux.

• Data Storing processing and sharing.

• Distributed and tendency to offload to the cloud.

• Data analysis and business intelligence

• Sales/Finance/HR focus

• Access to IT programs and connected devices is typically less restricted than to OT devices.

• Zero-Trust Security Architecture

Main requirements for IT Architectures:

• High Availability

• Scalability

• Security

• Integration

• Flexibility

• High Availability

• User Experience

With this in mind, let's discuss next what integration strategies can be proposed and what enablement technologies support such initiatives.

Enabling Technologies

Big Data

Big data technologies provide the means to handle large volumes of data, queries, insertions, and data exploration by integrating any analytics tool. This is a current requirement for OT systems that are handling more volumes of data than ever. Better Storage, processing, governance & enabling of use cases through AI/ML are key for building better business use cases.

Cloud & Edge Computing

By adding edge computing capabilities to industrial devices, data can be processed in real-time closer to the source. This is crucial because IoT and OT devices tend to be part of a distributed network architecture, making it challenging to transmit data to a central processing location.

Cloud architectures provide lots of benefits for modern services deployments both for IT and OT services. Among others, they allow to share data easily and securely between systems and reduce TCO for businesses.

Software Defined WAN (SD-WAN)

SD-WAN technologies offer an overlay model to route WAN traffic with a centralized control system. Mainly focused on interconnection of branches and remote locations with main sites by simplifying the networking and allowing multiple connections/providers to be leveraged. Some features are encryption, high-availability, application routing control, and simple centralized control of the WAN. SD-WAN offers the possibility to use and monitor a combination of private and public connections in the WAN.

Secure Access Service Edge (SASE)

SASE is an architecture defined in 2019 as a security framework. Mostly seen as an evolution/complement of SD-WAN, more oriented to cloud services. Combines networking features and security services in a cloud delivery strategy (Closer to the endpoints requiring such services). Adapted to modern cloud infrastructures, it provides connectivity and security on a single platform. Networking and security services are configured and delivered in the cloud provider directly as a service layer, and endpoints/sites/branches connect to the closest point of presence of the SASE provider by using a thin SD-WAN or tunneling client (Thin CPE)

Zero-trust security models

Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of digital interaction. It considers the concept that there is no network edge dividing what we can trust and what we can't, and due to this, security should be enforced everywhere.

The Zero Trust security framework has evolved as the best practice for securing networking and computing in today's hybrid environments. Usually, the OT systems follow the ISA/IEC 62443 series of standards for security architectures protecting the industry supporting systems, but the two frameworks align in many technical aspects, with mostly context and terminology differing.

Using the Zero Trust methodology can simplify the implementation of the IEC 62443 series of standards for OT/IT environments. Similar to the concept of the principle of least route within OT, the Zero Trust model is a widely accepted cybersecurity approach that can help mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs).

Industrial Internet of Things (IIOT) Systems

IIoT allows for an increase in data collection points from systems at a relatively low cost. Today these systems are mainly hosted and used in the IT domain, and their data can be used to analyze processes, monitor trends or make processes smart through AI. IIoT technologies can be introduced to increase IT data and complement OT data, to gather information from the sensors in the field and use it to build use cases, such as digital twins testing or predictive maintenance. However, OT systems should not rely solely on IT data, as can be not always as reliable. For instance, latency cannot always be guaranteed, which can be critical in the OT domain. IIoT architectures can provide more information used to enrich OT data at a lower cost.

Artificial Intelligence (AI)

AI is a key enabling technology that must be used to develop new and meaningful use cases from the data gathered and combined from IT and OT systems. By doing different multi-perspective analyses over all the data collected and delivering meaningful insights, forecasts, correlations, and so on, AI can enable meaningful use cases for the business, giving meaning to the converge efforts. While deploying AI models, it is important to have a well-defined context for the data and analysis results, and IT/OT subject matter experts interpreting the outcomes.

Convergence Strategies

Given that we have introduced the objective, characteristics of the environments, and some enablement technologies, we can discuss the convergence strategies and challenges. There are 3 approaches to the infrastructure convergence of the systems from the architectural standpoint that can be thought of which are:

• Building different networks, for IT and OT;

• Fully integrating OT information flows in the IT network (Treat the OT applications the same as IT applications)

• Partitioning IT and OT networks (Same architecture, with separated virtual networks, to isolate OT systems, prioritize OT traffic, and tightly manage integration points)

Note: Cloud tech can apply to the three approaches.

As we have been discussing, it is worth noting that the most strategic approach is usually the third one, mainly for security and management reasons, and the investment required.

IT-OT Convergence phases

As phases of a convergence process, we can find that there is an organizational phase, where the different teams (IT and OT) get together to define objectives, share information and align the strategy. This should be followed by a technical phase where the architecture, APIs, and integrations are developed, tested, and deployed. Lastly, there is an operational phase, where the architecture deployed needs to be adjusted and managed, and continuous improvement and development of the converged environment occur.

Integration Challenges

As the main challenges for the integration efforts, we can find:

• Process Convergence: How to operate a converged technology/infrastructure

• Secure OT and IIOT apps, security gaps

• Training and Know-How

• Integration of existing legacy systems

It is very important to consider several success factors to overcome these challenges and achieve success. Having a sponsor for the project with a vision and understanding of both IT and OT departments' operations, who understands their needs and can coordinate both areas, is a must. Also, keeping OT and IT teams always in the loop of the process is key to aligning efforts. Other important factors are understanding how to design & Integrate IoT, IT & OT, training staff and developing the expertise of the people who will operate the convergent environment, and planning for scale.

Benefits

• Less siloed IT and OT departments, as everyone shares their respective areas of expertise to manage converged architecture.

• Predictive maintenance made possible by IoT devices leads to lower development, operational, and support costs and less unplanned downtime.

• Adding IT to OT improves compliance with regulatory standards by enhancing visibility, management, and auditing.

• With the ability to transmit real-time maintenance data, OT achieves improved automation and visibility in distributed systems.

• Asset management can be more efficient when all IT and OT systems are viewed and handled using a unified methodology.

• The advancements in IT have allowed OT teams to remotely access operational data, which has greatly benefited industries like oil, gas, and electricity. This technology optimizes industrial equipment inspections, assists in making damage assessments, and streamlines inventory monitoring and distribution.