Zscaler and Siemens joins for bringing zero trust security to operational technology systems. OT systems are most commonly found in industrial networks but are seeing increased adoption in other industries. OT systems ran on their own proprietary networks that were often isolated from the company’s data networks.
OT systems have been integrated with IT networks, such as building facilities like alarm systems, LED lighting and heating and air conditioning systems as part of smart building initiatives, but that has been more the exception than the norm in industrial settings.
The pandemic forced many workers required access to the OT systems from home and the most cost-effective way to do that was to enable VPN access through the data network and remote management.
Though VPNs were successful in connecting workers to industrial systems quickly, they are not ideal because they creates chances of attacks.
Few organizations had firewall-based network segmentation, its complicated to set up and is even more difficult to keep updated in dynamic environments. Fine granular level changes has to be done on frequent times which is teadious.
Zero trust is a better approach, it assumes nothing can talk to anything without explicitly allowed. And because zero trust is provisioned as an overlay and completely independent to the physical network using identity and an exchange, zero-trust policies follow the device, user or application and do not need to be constantly reconfigured. With Zscaler, those policies are stored in its cloud-based Zero Trust Exchange, which effectively acts as a switchboard for zero trust.
Zscaler and Siemens are collaborating to bring zero trust to OT in industrial environments. The joint solution is more of a distributed cloud rather than a pure centralized cloud that Zscaler customers typically use. In this case, the Zscaler cloud is extended to the Siemens SCALANCE local processing engine on its ruggedized switch using Zscaler’s Private App Connector.
Zscaler zero-trust “switchboard” run as a Docker container on the Siemens device. The benefit of running it on the Siemens device is that localized processing capabilities provide better performance and ease of implementation.
Organizations that deploy the tandem solution will realize significantly simpler remote access. Zero-trust implementation greatly reduces the attack surface, so if a breach does occur, the “blast radius” is minimal, making remediation fast and simple.
Hybrid work is here for foreseeable future, organizations need to take a step back and rethink their remote-access procedures. VPNs were innovative a couple of decades ago when environments were static. Industrial organizations, are increasingly dynamic and distributed, and zero trust meets the needs much better.