Secure OT Access with Identity-Based ZTNA from AppGate
▼ Summary
– AppGate has launched a new Operational Technology (OT) ZTNA solution to secure critical infrastructure like industrial control systems and energy facilities.
– The solution addresses the security challenges of interconnected IT/OT systems by moving access control from the network to the identity layer.
– It provides specific capabilities for industrial operations, including alignment with major security frameworks like IEC 62443 and NERC CIP.
– A key feature is direct-routed, on-premises connectivity that preserves air gaps and avoids performance-impacting cloud backhaul.
– The system enables granular, secure access control for third parties like contractors, granting access only to specific, authorized resources.
The convergence of information technology and operational technology has made secure remote access essential for modern industrial operations. This integration exposes a critical vulnerability, as traditional security models like VPNs are ill-suited for these sensitive environments. They often grant excessive network-level access, inadvertently expanding the attack surface of critical infrastructure. A new solution from AppGate directly addresses this gap by extending its identity-based Zero Trust Network Access architecture into the OT domain, enabling secure connectivity without sacrificing the performance or stability that industrial control systems demand.
This approach fundamentally shifts security from the network perimeter to the individual user and device. Access control is enforced at the identity layer, with rigorous verification occurring before any connection is established. Systems remain hidden from unauthorized users, and individuals are granted direct, encrypted access only to the specific resources required for their tasks. This principle of least privilege minimizes exposure and helps preserve the integrity of manufacturing plants, energy facilities, and other critical industrial environments.
AppGate’s OT ZTNA solution is engineered with several core capabilities for industrial settings. It aligns with major industrial security frameworks including IEC 62443, NIST SP 800-82, and NERC CIP-015-1, aiding compliance while maintaining operational continuity. The architecture employs a cloaked infrastructure, where assets are invisible by default, preventing the exposure of internal IP addresses. It utilizes direct-routed connectivity, establishing encrypted sessions on-premises between the user and the authorized resource. This method avoids centralized cloud backhaul, preserving air gaps and eliminating latency that could impact availability. The platform also provides granular third-party access control, allowing for just-in-time permissions for contractors and vendors.
“In highly regulated industries, remote access must be immediate and tightly controlled, without breaking the air gap or relying on shared cloud infrastructure,” said Nitin Pillai, CTO at AppGate. “Building on our experience with enterprise-scale deployments in defense and critical infrastructure, AppGate is the first to deliver native, on-prem, direct-routed secure access to production environments, bridging IT and OT security while prioritizing performance and reliability.”
As remote operations become standard, unmanaged access poses a significant business risk. This identity-centric model reduces the overall attack surface, strengthens security oversight, and protects the mission-critical systems that drive industrial performance and business continuity. It represents a necessary evolution in cybersecurity for the infrastructure that powers the physical world.
(Source: Help Net Security)