H Remote Access

Three critical components of a secure remote-access strategy for OT

June 29, 2023
The demand for secure remote access has skyrocketed.

OT is again taking front stage when it comes to security. The recent “State of Industrial Secure Remote Access (I-SRA)” report highlighted that 75% of organizations operating within critical infrastructure sectors considered operational safety threats their primary concern when dealing with any form of remote access to internal resources.

As remote access continues to emerge as a vital component of industrial environments, offering resilience in the face of ongoing industry challenges, the demand for secure remote access has skyrocketed. However, meeting this need presents numerous obstacles from both technical and operational perspectives.

To bolster the safety and security of remote-access operations, it’s important for organizations to adopt a security strategy that incorporates three critical components: people, processes and technology.

  • The “people” element includes ensuring multi-factor authentication (MFA) for all accounts, including shared ones. MFA combines something the user knows (password) with something they possess (token, OTP, biometric data). Implementing appropriate factors that cater to isolated access requirements is crucial.
  • From a process perspective, control features such as session supervision and recording, just-in-time access, and granular access restrictions provide additional security layers. Training employees on processes, policies and procedures related to secure remote access is equally important.
  • When it comes to technology, organizations need to think about end-to-end encryption protocols and tunneling to protect the information exchanged between remote users and assets. Integration capabilities with security information and event management (SIEM) or IT service-management (ITSM) platforms enhance productivity and handle access and resource-management during audits.

While it’s important to realize these features are not completely bulletproof, they do contribute to a stronger defense-in-depth strategy, providing organizations with better safeguards against cyber-threats and addressing the concerns expressed by 55% of organizations.

In fact, half (50%) of all US software buyers already consider security as the most influential factor in the buying process (Capterra report). But this is only one part of the equation; by embracing a comprehensive cybersecurity approach, organizations can fortify their industrial- cybersecurity practices and mitigate risks associated with remote access.

About the Author

Kevin Kumpf

Chief OT/ICS security strategist at Cyolo