IT and OT: Working in Lockstep for IoT

Just a few short years ago, there wasn’t much of an overlap between the information technology (IT) and operational technology (OT) groups within enterprises. IT departments worried about IT things and OT groups worried about OT things, and ne’er the two shall meet.

For the record, industry research and advisory company Gartner defines IT as “the entire spectrum of technologies for information processing, including software, hardware, communications technologies and related services. In general, IT does not include embedded technologies that do not generate data for enterprise use.” OT systems, meanwhile, are defined as “hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise.”

From the definitions, it’s easy to see how they could work together, but traditionally, they haven’t. Until the Internet of Things (IoT), that is. The silos that have historically divided these two groups are coming down, much like Gartner predicted way back in 2011, and that’s significant, especially in industrial IoT environments such as construction, oil & gas, manufacturing and other industries. In these industries, companies use the data collected by IoT systems for everything from asset tracking to predictive maintenance to inventory management—all systems in which both IT and OT play some sort of role.

Overcoming the security hurdle

IT groups historically have been skittish about the introduction of new tools into the workplace—and with good reason, as oftentimes they are responsible for the company’s overall security posture. Malware, phishing, and denial-of-service attacks continuing to rise globally. According to the Breach Level Index, for example, more than 14 billion data records—and counting—have been lost or stolen since 2013. The more tools and enterprise has to manage, the more potential breaches are likely. Web application breaches are the most common breach type, according to the Data Breach Investigations Report from Verizon.

OT groups share the same concerns. Accustomed to their closed-loop systems, the idea of bringing IoT solutions with hundreds or even thousands of data-gathering sensors into their environment seems risky, especially with a perceived lack of specific security solutions designed for their particular environments.

However, for operations technology managers, the reward from IoT is great: the ability to transform their way of doing business by streamlining processes, reducing costs and speeding up time to market. As such, operations teams have become the champions of introducing IoT systems into the company internally, conducting proof on concepts with IoT solutions, gaining strong ROI results, and successfully making a business case to management for a full-scale deployment. And that may or may not sit well with IT teams.

But here’s where IT and OT can be marching to the same drum beat: Both are deeply vested in maintaining the secure control of their systems, and also in the safety and security of the company’s employees. And the Longview IoT Solution features triple-layer IoT security at the network, device and application levels:

• At Layer 1, the LoRa protocol includes 128-bit encryption from the end device to the application.
• At Layer 2, Longview adds a unique key to each sensor and gateway called a physically unclonable fingerprint (PUF), based on technology from our partner IntrinsicID. This unique ID is created using physical anomalies that result from the chip manufacturing process, so no two are identical. This makes each piece of Longview hardware impossible to spoof.
• At Layer 3, Longview uses a full software certificate from GlobalSign SSL for the secure HTTPS access of all software. Each device has a private key infrastructure (PKI) and authenticates as soon as it comes online. A public key is stored on the server.

In addition to the industry’s most robust IoT security, the Longview IoT Solution has an additional benefit that both IT and OT can embrace: the ability to implement secure over-the-air (OTA) updates as needed through Longview IoT’s patented Super-B protocol.

IT and OT have long operated as separate groups with independent, oftentimes conflicting, priorities—the OT team taking the lead in buying decisions for IoT and IT teams evaluating security and other concerns. Solutions like Longview’s comprehensive IoT solution can help ensure both groups are working in lockstep toward an efficient, secure enterprise.