Like the rails of a train track, information systems technology and operational technology seemed to run a parallel course that would never meet. But what might be true for railroading, doesn’t hold up in the world of business technology. Although some companies still treat these two disciplines as separate but equal proficiencies, most have found that there’s much to gain by converging IT and OT — enough to offset what is often an arduous integration task.
OT’s focus is on the physical devices that control industrial operations and processes, while IT is all about data. They can run independently of each other, as they have for many years, but there are real benefits to IT/OT convergence, including cost and security controls, when each side shares it’s strengths.
The single factor that’s compelling the convergence of IT and OT is the growing adoption of IoT infrastructures. IoT’s allure is the potential for greater efficiencies, insights and monetization opportunities that merging devices, data and people into a single environment can engender.
What is information technology?
IT is the more recognizable of these two technologies and represents the critical infrastructure required for data processing. It is also — arguably perhaps — the more mature and advanced of the twin techs.
IT systems are generally data-oriented, serving as repositories for corporate information and making that data available to business-related applications and the people who used those apps. IT’s role is broad and extremely diverse, spanning systems that control and track accounting activities, sales and marketing, customer support, payroll processing and human resources management.
Physically, IT comprises the familiar components of computing systems, including servers, storage systems, network equipment and end-user devices.
Over the past couple of decades, IT’s definition has expanded to include cloud-based services and mobile computing devices, giving IT both a local and remote presence. Connectivity to the internet is the primary enabler for IT’s remote and cloud operations and is also a primary security concern.
What is operational technology?
OT has been around for a long time, too, but it only achieved its own identity as automation was introduced to manufacturing and industrial systems along with the need to network automated devices to gain appropriate control over factory floor devices and processes.
Today, OT refers to the network of devices and software that’s used in industrial, manufacturing and process control systems. The types of devices that hang off IoT networks run the gamut from sensors, relays and other single-purpose circuitry on shop floors to end-users’ laptops and smartphones. For the most part, however, OT supports specialized gear that captures and relays data to enable industrial equipment to perform specific tasks. Typically, these IoT installations are referred to as industrial control systems (ICS).
Management for an ICS is often provided by supervisory control and data acquisition software, which handles some of the data gathering and processing, as well as monitoring equipment.
Unlike IT, which tends to turn over gear and update firmware on a frequent basis, OT devices can be put in place and left to function for many years. So as long as they appear to be doing their jobs properly, they might not be updated on a regular basis.
OT vs. IT: Key differences
OT and IT are both network-based technical structures that link hundreds or thousands of equipment together, but beyond that basic topology, there are more dissimilarities than common features.
Even the networks bear distinguishing differences. IT networks typically run atop a handful of standardized OSes, including Windows and Linux. Industrial IoT (IIoT) environments supporting OT might run on the IT network OSes, but there are also a number of proprietary OSes that tend to be more role based and are often tailored to a specific industry or industrial processes. In some cases, companies will modify an off-the-shelf OS to develop one that fits their unique needs..
The communication protocols that IT and OT infrastructures might use can vary as well. The majority of IT networks are Ethernet-based, whether cable connected or wireless. All or part of an OT network can also use Ethernet as its protocol, but because a single IoT implementation can potentially cover a much wider geographic area than an IT network, other protocols are used, such as LTE — mostly 4G, with 5G adoption growing — and low-power wide-area communications in a number of implementations, including NB-IoT and Lora.
Although both OT and IT networks are effectively conduits for data transfer, the size of the pieces of data and the speed with which they’re transmitted, analyzed and used are different.
OT is more device focused than IT and uses data in real time to monitor and control physical devices — in some cases, exercising that control almost instantaneously to ensure that processes are running correctly without interruption and that worker safety systems aren’t compromised.
IT is user- and data-centric and often uses historical data for analyses related to customer support, back office reporting, marketing and so forth. Generally, IT admins are more attentive to a security risk that could jeopardize the data than to the physical well-being of its users.
What is IT/OT convergence?
In its simplest terms, IT/OT convergence involves merging the two distinct networks and sharing the data that each collects and distributes. In the real world, however, convergence is often a difficult and time-consuming process that involves getting two teams that have worked independently to pool their resources and expertise.
Convergence is also about sharing data and strengthening security. A lot of the machine and process-related data that OT systems collect can be useful to the external-facing side of the business for forecasting, planning and supply chain control. Conversely, the OT environment can use IT-hosted business data to adjust production systems for greater efficiency.
Many companies embark on convergence mainly to enhance their security processes. That effort often involves finding ways to adopt traditional IT security measures to the broader and device oriented IoT environment that OT supports. IoT security can be particularly tricky given the number and types of devices that are connected to the network — greatly increasing the potential attack surface.
Benefits of converging IT and OT
The chief benefit of convergence is often cost. Maintaining two separate — and possibly extensive — networks is an expensive proposition. By merging networks, it might be possible to reduce the amount of required networking gear as some parts of the converged network will end up doing double duty, serving both the industrial and front-office sides of a business.
A converged physical network also makes data sharing much easier which, as noted, can benefit the processes running on both sides of the business. But it can also mean that data can be acted on more immediately, and data storage resources can be combined for an additional economic benefit. IT and the business units it supports will be smarter when OT’s real-time data is incorporated into their data sets for enhanced analysis, enabling practices such as just-in-time manufacturing and generally smarter supply chain management.
The OT staff can combine sales and marketing data from IT with the voluminous data it collects to control manufacturing processes more efficiently so the product of products that sell best can be ramped up while the manufacture of poor selling products can be cut back.
With AI and machine learning becoming more prominent in applications for both OT and IT environments, it makes sense to sync their abilities to interpret and act on data more effectively. For example, TinyML is bringing machine learning capabilities to more and more IoT endpoint devices; integrating their machine learning capabilities with other AI-powered applications promises benefits for both OT and IT environments.
Connections to outside organizations have become important to both environments as well, so combining their networks and network connections can benefit them equally. For some IoT environments, such as energy distribution from power plants, outside connectivity is a must. And traditional IT networks have long relied on remote connectivity — often via cloud-based services — to stay in touch with suppliers and customers.
Overcoming the obstacles to IT/OT convergence
IT/OT convergence is a significant challenge that involves altering procedures for both technical disciplines. Some of the obstacles that organizations must address include:
- Scale of connectivity. OT typically connects far more devices than an IT network. The sheer number of devices involved in a convergence effort must be considered before networks are converged.
- Device inventory. Everything that is connected to both OT and IT networks must be accounted for to ensure that devices aren’t left unsecure or orphaned. Communications between diverse devices must be tested and confirmed.
- Firmware and other updates. As part of its security efforts, IT tends to emphasize firmware and system software updates to help ensure that no vulnerabilities are exposed. OT, on the other hand, might host devices that are used for many years and might have out-of-date software — or even may no longer be supported. Those issues must be resolved to ensure that endpoint devices don’t present additional vulnerabilities.
- Encryption. The converged systems should encrypt all communications between devices and other processing resources.
- Adjust for different types of data. Systems are often tuned to the types of data they collect and transmit. For example, OT data is typically very small and voluminous, while IT data can range from small files to huge media files. Some tuning of networking and storage resources might be required as data gets mixed more frequently across a converged OT/IT environment.
- Ask for a software bill of materials. This is a list of all software components and their sources that go into a device that’s typically deployed in an IoT environment. This is a relatively new practice by product vendors, but it’s an important step in addressing issues related to the variety and age of IoT devices.