One way COVID-19 impacted businesses is by emphasizing the need for business continuity no matter where workers are located. This created challenges across industries, but especially in the operational technology (OT) space. Assets managed by industrial control centers were never architected with remote access in mind so for years, administrators have had to implement and maintain cumbersome, costly, and complex infrastructures. These "solutions" usually consist of multiple tools that demand different ports and protocols.
Remote access administrators, both on the information technology (IT) and OT side, are constantly trying to balance convenience for employees and vendors, and security for their organization.
Historically, managing remote access meant making compromises. Either organizations choose a simple option but are left with little to no security metrics. Or, organizations choose a more security-conscious approach, but implementation and usability becomes very complex. Plus, these solutions were created with an IT network in mind-- not industrial environments.
For example, best practices recommend network segmentation between IT and OT networks with a DMZ. This means an OT engineer or contractor will need to traverse a long maze of firewalls, VPN, authentication, more firewalls, jump servers, and more authentication to finally reach an asset and start repair work.
Administrative complexity affects far more than just the OT or IT department. For instance, consider the following impacts:
There are unique considerations for remote access for OT environments, including the following requirements:
OT assets regularly need to be accessed by internal users and third-party vendors.
Access needs to be quick and reliable. (In an emergency, there is no time for multiple levels of authentication, VPNs, jump servers, etc.)
Administrators need to know (and control) who is logging in from where, for what purpose, and know whether that purpose is legitimate.
Claroty xDome Secure Access, part of The Claroty Platform, was purpose-built to meet specific operational, administrative, and security needs of industrial networks. xDome Secure Access minimizes the cost and complexity of administering safe, secure, and reliable OT remote access for internal and third party users.
Claroty has made many enhancements to xDome Secure Access over the course of this year, which build on our vision to provide organizations frictionless secure access to their critical industrial assets with less administrative complexity—no matter where users, facilities, or assets are located. A few highlights of 2021 releases include the following:
Easier User Provisioning & AuthenticationUser provisioning can be automated using a SAML- or OIDC-based identity provider. Instead of enabling users one by one, administrators can turn on Single Sign On and Just-in-Time provisioning within xDome Secure Access and leverage pre-existing user roles and group associations from your existing IdP. As a result, xDome Secure Access users gain immediate, secure, and highly controlled access when they need it, and administrators can spend less time securing, configuring, and managing OT remote access.
Stronger Security with Antivirus IntegrationsOne complex challenge remote access administrators face is protecting the OT environment from corrupt files. xDome Secure Access integrates easily with any ICAP-based antivirus solution, allowing administrators and users to track upload status and prevent spread of unsafe files. Every file is scanned for safety and in the event a file is malicious, the user is immediately notified and prevented from uploading it to the asset.
Extending Secure Access to Legacy AssetsSome industrial environments still include legacy assets that don't support modern protocols. These assets need remote support and maintenance, but administrators may struggle to find a secure way to allow access. xDome Secure Access supports Telnet protocol to allow remote sessions to legacy assets, while maintaining tight security for the overall environment.
Current xDome Secure Access administrators can take advantage of these benefits today. Choosing a solution designed to decrease complexity of managing remote access also reduce the total cost of ownership, so administrators can focus on more pressing priorities.
How Secure Access Enables Compliance With ISA/IEC 62443
Five Levels of Secure Access Maturity
The ROI of Secure Access
Interested in learning about Claroty's Cybersecurity Solutions?