T-Systems-Claim-Logo
Search
Big factory by night from above

Zero Trust Security for the Energy Sector

How newer trends like distributed workforce and remote working have changed the ways of operations in the Energy industry

October 07 2022Dheeraj Rawal

The new ways of working in the energy sector

As technologies like the cloud continue to influence the energy sector, there are other emerging trends like mobile workforce, global offices, and remote working that change the traditional ways of working in the energy sector. During the pre-pandemic times, the user was in the office premises or physically close to the plant and operational technology environment, but that has changed currently as the user location can no more be pinned to a single office.

Should OT environment be accessible remotely?

Factory employee working at a laptop

Today’s workforce is distributed, and it accesses business applications, systems, and OT-IT environments from almost anywhere. With such remote work models in place, the threat landscape from a cybersecurity standpoint has grown considerably. Zero Trust is a strategic approach to ensure the security of an organization's cybersecurity by eliminating implicit trust and completely validating each stage of a digital interaction.

During the pandemic times, it became critical for manufacturing and power plants to keep their operations up and running. Therefore, accessing the systems securely from remote locations became essential, especially during downtime, troubleshooting became easy through remote access. The response time of troubleshooting was reduced. Even maintenance activities could be easily scheduled remotely.

Platforms based on remote access can also be used by security teams for productive collaboration and communication too. For instance, different feeds from multiple locations on a single dashboard in real-time offer better contextual information to security teams due to Zero Trust architecture.

Does traditional perimeter-based security hold any longer?

But when the systems are accessed outside the office premise, does the traditional perimeter-based security hold? What should companies be looking out for when making such a decision?

  • When users access the systems from different locations and networks –will the security be compromised?
  • Will the security or IT teams be able to monitor and inspect the traffic?
  •  In the event of a security breach, is the organization capable of detecting and responding to it?

Organizations are relying on Secure Access Service Edge (SASE) architecture to facilitate remote access working scenarios and secure business data, applications, and network security. With SASE-based platforms, companies can ensure fast connectivity and security together. But why are they moving away from VPNs?

White paper: Industrial security

Industrial security is taking on a new significance: OT and IT security are becoming more and more intertwined. 

The challenges with VPNs

VPN comes along with its own set of challenges. For instance, if an organization is using a third-party vendor – the complexities to manage and scale VPN are higher. This increases the costs of business because you need more resources for VPN troubleshooting and servicing. Furthermore, as the traffic is backhauled to the data center – the user experiences a lag in connecting to the systems and applications. Sometimes, weak security policies from the vendor increase the attack surface. 

The answer is SASE

Products centered around SASE tackle this problem of speed, scalability, and security. With SASE, security is closer to the user and cloud-delivered. With SASE, access to all OT-IT systems is granted as per the policies created. Access can be granted and denied on the basis of the user role with ZTNA (Zero Trust Network Access) policies, unlike in VPN – where the users access control to the entire LAN. Unauthorized users cannot get access to systems because data inspection and authorization take place before access is given.

Additionally, users cannot find or see apps that they don’t have access to. Energy companies can create different layers of security policies for protected, secure access to remote plants. For instance, while granting access to the application, the user ID, application ID, and device ID will be taken into consideration. Critical ICS/SCADA assets can have multi-factor authentication enabled – ensuring that only intended users get access.

Security is a different game with SASE

Digital blue locker infront of a dark background

This level of security through SASE-based platforms ensures that PCN apps and cyber-physical assets stay protected.

Even after access is granted to the app, user behavior is continuously monitored – any changes in security posture can be responded to. SASE-based platforms offer consistent security across all OT applications and access systems to the distributed workforce.

If third-party vendors and external stakeholders have access to your OT-IT infrastructure, then Zero Trust policies can help you prevent security incidents as the threats coming out of such endpoints are also prevented.

As these organizations have clear visibility of the data traffic, they can scale up to meet the high traffic demand and vice versa. Industries like automotive too are embracing remote solutions to support the mobile and dynamic workforce. With ZTNA, security policies can be applied to different applications without having to create new policies for each application. This makes it easier to maintain and manage the policies. 

Final remarks

With digitalization and the rise of a distributed workforce, SASE-based solution offers the right security layer along with performance to companies with OT and critical infrastructure. Other operational advantages like easy-to-manage policies, and competitive operational costs come as a bonus.

Abbreviations:

  • OT: Operational Technology
  • SASE: Secure Access Service Edge
  • ZTNA: Zero Trust Network Access
  • VPN: Virtual Private Network
  • SCADA: Supervisory Control and Data Acquisition
  • ICS: Industrial Control System
  • PCN: Process Control Network
  • LAN: Local Access Network
About the author
IM-Rawal-Dheeraj

Dheeraj Rawal

Content Marketer, T-Systems International GmbH

Show profile and articles

Get our insights straight to your mailbox

Get the best expert tips on events, best practices, white papers and more.

You might also be interested in

Do you visit t-systems.com outside of Germany? Visit the local website for more information and offers for your country.