Approach
Servicehub Login
Approach
/ Industrial Mobility Solutions Rugged devices, printers, robotics, RFID and shared endpoint / Enterprise Mobility Solutions Computers, smartphones, tablets & personal endpoints / Retail Payment Solutions Payment systems, kiosks, mPOS, Contactless, Self-service, BOPIS
Explore by Partner
/ Forward Logistics We excel at finding the right endpoints and lightning-fast deployments for your business. / Reverse Logistics We make managing endpoint repairs, replacements and disposals a breeze. / Maintenance & Support We're your one-stop shop, dedicated to keeping your endpoints at full throttle. / Networking Services Our networking services for your wired, wireless and surveillance environments are second to none. / Unified Endpoint Management Greater numbers of BYOD, COPE and IoT devices are pushing enterprise mobility programs to the limit. / Media & Consumables Our expertise is unmatched when it comes to label materials and adhesives. / Automation & Robotics Helping your business run smarter and faster with custom automation, RFID, and IoT. / Cybersecurity Full-service cybersecurity capabilities from our dedicated division.
/ White Labeling Services TRG will serve as an extension of your internal team, ensuring customer satisfaction and loyalty. / Financing & Leasing River Capital Finance, a TruWest sister company, offers straightforward solutions to financing. / ServiceHub® Our online asset management portal, ServiceHub®, provides endpoint analytics across devices.
Explore all services
/ About Our mission is to lead the future of enterprise technology. / Team Learn more about the TRG team and contact individual team members. / Locations Get more information on each TRG location across the globe. / Careers & Culture From a golf simulator and basketball court to a fully-equipped gym to keep you energized, we have it all.

/ Select Your Language

English (US)English (UK)French CanadianPolishSpanishDutch
/ Industries Retail Transportation & Logistics Manufacturing Hospitality Service Providers Government Education Healthcare
/ Insights & Events Blog News Case Studies eBooks Events Newsletter
/ Partners How to Partner With Us Google Zebra Honeywell SOTI Samsung Elo Panasonic PAX
ServiceHub
Feb 09, 2022
Share

Increase in IoT and IT-OT Convergence Demands New Approaches

Non-traditional IT systems security needs to account for all the ways, points of entry and reasons for devices and machinery associated with work today to access your network and the Internet in general. For more than 30 years, IT departments and Security Operations Centers (SOCs) have developed consistent, evolving plans and protocols to serve and protect traditional systems — such as personal computers, workstations and servers housed internally.

But today, virtually every vertical relies on devices other than PCs and servers. These other devices and systems also need network access and potentially offer up more targets for hackers and other bad actors. In manufacturing, operational technology (OT) and production systems are being optimized digitally as part of Industry 4.0 initiatives. In retail operations, point-of-sale systems need connectivity. For healthcare organizations, medical devices are increasingly becoming IoT compliant to offer real-time data and analysis. Embedded scanners and tablets are essential in wholesale, logistics and warehouse facilities.

Each of these technologies comes with their own IP addresses. It means each also offers a potential doorway for security breaches. Each of these technologies is also critical to the success of the business they operate with, but they often cannot be secured in the same way as the traditional IT infrastructure.

When working to improve non-traditional IT systems security, it’s important to consider three areas:

  • Understanding the challenges involved

  • Identifying key considerations

  • Developing a comprehensive strategy

Today we’ll explore those topics and how they relate to securing the ever-changing IT environment that organizations find themselves operating in.

Understanding the Challenges of Non-Traditional IT Systems Security

The first step in creating a strategy for improving cybersecurity — regardless of system or type of industry — is to conduct a risk assessment audit. Before you can figure out how to protect your network, you need to know how many points of entry are using it. With a complete overview of your technology profile, you’ll learn exactly what it is tied to and relying on your network, what devices make up this profile, and what they’re all doing. From scanners used in the warehouse, point-of-sale stations and the PLCs, ICS and SCADA systems used in manufacturing you need to know what, and how much, you need to protect.

It’s also important to note that, especially in the case of OT or SCADA systems, that you’ll be dealing with older technology. The mechanical elements and processes used to control the functions in an oil and gas production facility or power plant for example, are designed for decades of use. These come with older hardware and software components that — because of their essential nature — are not often taken offline for upgrades. Or in some cases these components are incapable of being upgraded due to the age of the operation system, processor power or memory limitations.

Non-traditional IT systems security is also challenged by a lack of consistent patches or updates. In regular IT circles, it’s a simple matter of life that regularly scheduled patches are expected and typically conducted on a routine basis — ’Patch Tuesday’ is well-known for a reason. Most individuals know how, and the importance of, conducting regular patch updates to their personal electronic devices like smartphones, laptops, and tablets. However, this is not the regular course of action for OT or other manufacturing-centric systems like ICS. Older technology is not the only area lacking proper patch support. Televisions, phone systems used in your lobby, even items like coffee makers and fish tanks, now come with Internet connectivity and thus open a door to potential malicious acts. Each of these devices offers a place for hackers to gain entry to the rest of your network.

But even as the exposure to potential cyber attacks continues to grow with the reliance on digital connectivity, the usual solutions can’t be relied upon. While IT and OT are converging in their reliance on network security, the same security solutions cannot and should not be simply copied over. With IT, security is part and parcel to its every-day function; the focus is after all on the information and protecting it. With OT and other non-traditional IT systems, security is not top of mind; maintaining productivity and operation are the primary concern.

Key Considerations for Non-Traditional IT Systems Security

As stated earlier, the goals for IT — where security is at the forefront of implementation — and OT and other non-traditional forms of information technology are drastically different. IT and OT are typically housed in entirely separate departments with different leadership and different scopes of responsibilities.

This divide leads to the first and most important consideration when devising non-traditional IT systems security: Collaboration. It should become a point of focus that cybersecurity is everyone’s responsibility and shouldn’t remain solely in the realm of the IT department, especially with the rise of IoT and OT systems needing network access — and thus opening the door to more threat points.

Getting alignment on security goals and reducing potential friction between the two sides is one step in the process. Producing meaningful discussions about how to tailor specific security solutions for both sides is another. By communicating, common ground can be found, and solutions can be fostered. For example, because availability is the ultimate driver for OT, perhaps needed cybersecurity upgrades can be implemented during a period of scheduled downtime for other preventive maintenance. Open collaboration enables these kinds of fixes more easily.

A second key consideration lies in embracing creative, or non-traditional security solutions as well. Examining network-based technologies could help wall-off older OT elements. The use of internal firewalls can segment more vulnerable components, such as those that would no longer be vendor supported if installed with anti-virus technology.

The use of Network Detection & Response (NDR) and Network Access Control (NAC) technology can add a layer of defense — and detective presence — to elements like OT and ICS that might be impacted with more protective cybersecurity measures. With CIOs now more responsible for OT and non-traditional IT systems security as everyone embraces a more digital footprint, the need for further creative solutions will grow.

Developing a Comprehensive Strategy

With the unique elements of non-traditional IT systems security understood, the threats presented and key considerations pinned down, it’s time to pull it all together strategically. It is here where the efforts of a Chief Information Security Officer (CISO) and Security Operations Center (SOC) will be essential.

One important role for any CISO is facilitating the collaboration needed between IT, OT and other stakeholders. They’ll need to be able to navigate some of the internal battles and technical problems that could arise when trying to devise solutions that cover multiple departments with different goals and leaderships. Your CISO should be a leader in alleviating these competing priorities and finding common ground for previously completely separate divisions within the organization.

It’s also essential to have a fully capable SOC, or third-party managed security service provider (MSSP), to execute a strategy that encompasses all the IT systems you’re dealing with. Hackers and cyber threats don’t take the weekends off, or recognize normal business hours. It’s a 24/7/365 proposition that now also includes an incredible array of locations — from individual homes to the local coffeehouse and even the smartphone in your pocket.

An informed and engaged CISO, and a properly allocated SOC or MSSP will give your organization the best chance to lead the discussions and find the creative solutions needed to safeguard the many non-traditional IT system security needs of today. Defending and monitoring your network properly, and responding quickly when threats arise, are critical to success in this area.

TRG Delivers Security Solutions

At TRG, we’re committed to “Making Technology Simple” — specifically within enterprise mobility, point of sale and payment processing solutions. With the industry’s most comprehensive suite of lifecycle management services, our Unified Endpoint Management (UEM) Support will help you fully optimize your enterprise mobility program across a broad range of devices and operating systems. Our Onsite Services are tailored to each customer’s requirements and are backed by our expert technicians.

TRG also works as an extension of your team to provide a suite of solutions to monitor, advise, alert and respond to information security threats 24/7/365. With TRG, you don’t just get recommendations and security product suggestions — you get direct access to the collective expertise and experience of our seasoned information security professionals.

TRG’s IT security is powered by MRK Technologies, a sister company of TRG under the TruWest Companies umbrella. MRK Technologies brings decades of experience, and the people, process and procedure to deliver unparalleled results.

Connect with TRG to learn more about improving non-traditional IT systems security and how we can implement solutions to protect your organization’s data and operational integrity.

Smart Retail: How Technology is Transforming the In-Store Experience
/ BLOG Smart Retail: How Technology is Transforming the In-Store Experience
Order Up: 4 QSR Technology Tips
/ BLOG Order Up: 4 QSR Technology Tips
From Table to Tech: The Best Restaurant Technology Solutions
/ BLOG From Table to Tech: The Best Restaurant Technology Solutions

Subscribe To Our Monthly Insights

Subscribe
[Error loading the WebPart 'TRG_RelatedContent' of type 'TRG-RelatedContent']
[Error loading the WebPart 'TRG_FooterCTA' of type 'TRG-FooterCTA']
ServiceHub Login Contact TRG
Solutions
Enterprise Mobility Solutions Industrial Mobility Solutions Retail Technology Solutions
Services Forward Logistics Reverse Logistics Maintenance & Support Unified Endpoint Management Cybersecurity Financing & Leasing Channel & White Label ServiceHub Media & Consumables Networking Services
Industries
Retail Transportation & Logistics Manufacturing Hospitality Service Providers Government Education Healthcare
About Our Approach Our Team Our Locations Careers at TRG TruWest Holdings
Insights & Events News Blog Case Studies eBooks Events Newsletter
Terms & Conditions Privacy Notice Return Policy
©2024 TRG All Rights Reserved
Enterprise Mobility SolutionsIndustrial Mobility SolutionsRetail Technology Solutions
Forward LogisticsReverse LogisticsMaintenance & SupportUnified Endpoint ManagementCybersecurityFinancing & LeasingChannel & White LabelServiceHubMedia & ConsumablesNetworking Services
RetailTransportation & LogisticsManufacturingHospitalityService ProvidersGovernmentEducationHealthcare
Our ApproachOur TeamOur LocationsCareers at TRGTruWest Holdings
NewsBlogCase StudieseBooksEventsNewsletter
Terms & Conditions Privacy Notice Return Policy
©2024 TRG All Rights Reserved