IT/OT convergence exposes identity governance gaps in industrial firms

At a glance

What this is: This is an analysis of how IT/OT convergence complicates identity governance, especially where siloed identity data and fragmented access oversight create toxic role combinations.

Why it matters: It matters because industrial IAM programmes increasingly have to govern both human access and non-human access across operational and digital environments without losing visibility, accountability, or least privilege.

By the numbers:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• Only 5.7% of organisations have full visibility into their service accounts.
• 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.

👉 Read Gathid's analysis of IT/OT convergence and identity governance

Context

IT/OT convergence means industrial firms are no longer managing access in two separate worlds. Operational technology and information technology now share more data, more integrations, and more identity dependencies, which makes fragmented governance harder to sustain.

The core identity problem is not the technology shift alone, but the mismatch between operational engineering priorities and enterprise IAM processes. When access data lives in silos across air-gapped or semi-connected environments, organisations lose the ability to see where excessive access, toxic role combinations, and unreviewed privileges are accumulating.

That gap is especially relevant for industrial programmes that now have to govern both human users and non-human identities such as service accounts, integrations, and system-level access paths. The article’s starting point is typical for converging industrial environments, not an edge case.

Key questions

Q: How should industrial firms govern access across IT and OT systems?

A: They should govern effective access across both environments as one model, even if the systems stay separate operationally. That means correlating identities, roles, inherited permissions, and third-party paths so plant safety, operational reliability, and enterprise IAM decisions are not made in isolation. A single governance view is the starting point for control.

Q: Why do toxic role combinations matter in converged environments?

A: They matter because access that is safe in one domain can become dangerous when combined with another domain’s privileges. In industrial settings, a user may have acceptable OT access and still create a material risk when that access is paired with IT administration, cloud control, or vendor-connected entitlements.

Q: How can teams tell whether identity visibility is actually working?

A: They can tell by checking whether they can explain effective access end to end, including inherited rights, service accounts, and cross-system dependencies. If an auditor or security lead still has to ask two teams and merge spreadsheets manually, visibility is still fragmented rather than operational.

Q: What is the difference between role review and effective access review in industrial IAM?

A: Role review checks what roles a user or system has been assigned. Effective access review checks what that identity can actually do once inheritance, nesting, integrations, and cross-domain permissions are taken into account. In converged OT and IT environments, effective access is the control that exposes real risk.

Technical breakdown

Why IT/OT identity data becomes hard to govern

IT and OT environments usually evolve with different data models, ownership boundaries, and operational priorities. In OT, identity data may be tied to plant systems, engineering tools, or safety-linked access paths, while IT identity data is usually managed through enterprise directories, cloud platforms, and access governance tools. When those sources remain separate, the organisation cannot reliably correlate who has access to which system, under what role, and with what inherited privilege. The result is incomplete access intelligence, not just incomplete reporting.

Practical implication: connect OT and IT identity sources into one governance view before trying to recertify or re-role critical access.

What toxic role combinations mean in industrial access models

A toxic role combination is a set of permissions that may look harmless in isolation but becomes risky when combined. In industrial settings, that can mean a user has operational access in OT, administrative access in IT, or overlapping rights that cross safety and business systems. Because the same person may hold multiple roles across separated teams, conventional role reviews can miss the cumulative effect of those entitlements. The risk is not just over-permissioning, but cross-domain privilege accumulation that no single team sees end to end.

Practical implication: evaluate effective access across domains, not just role titles within one directory or one plant system.

How digital twins and knowledge graphs support identity visibility

Digital twins create a living model of the identity and access environment, while knowledge graphs map the relationships between users, roles, systems, and permissions. Used together, they help transform fragmented access records into a navigable model of industrial identity relationships. That matters when the same access path may span an engineering workstation, a cloud service, and a third-party application. The value is not visualisation for its own sake, but the ability to expose hidden dependency chains and privilege overlaps that traditional IAM reports often flatten.

Practical implication: use relationship modelling to surface cross-system access dependencies before they turn into audit or safety issues.

Breaches seen in the wild

• Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

IT/OT convergence creates a governance problem before it creates a tooling problem. Industrial firms often assume that separate teams and separate systems can be reconciled later through reporting. That assumption fails because access relationships are already being formed across both environments, while governance remains split by operating model. The implication is that identity governance for converged industry must be designed around shared visibility, not after-the-fact reconciliation.

Toxic role combinations are a cross-domain privilege issue, not just an OT access issue. A role may be acceptable in a plant context and still become dangerous when combined with IT administrative or third-party access. That is why isolated role reviews understate the real blast radius. Practitioners should treat effective access as the unit of analysis, not team ownership or system boundary.

Visibility into non-human access is part of the same problem space as industrial IAM. As plants integrate sensors, platforms, and external services, service accounts and system credentials increasingly sit inside the same operational trust chain as human operators. If those identities are not included in governance, the organisation will miss the pathways by which access becomes persistent, inherited, or impossible to explain during audit.

Digital twins and knowledge graphs are most useful when they expose accountability gaps. Their real value is not abstract data integration, but the ability to show who is responsible for each access relationship as systems converge. That is where many industrial programmes fail today: the access path exists, but ownership does not. Practitioners should use relationship models to make ownership visible before exceptions become normalised.

From our research:

• 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
• That same research shows only 5.7% of organisations have full visibility into their service accounts, which explains why cross-domain access problems persist.
• For a deeper view of the governance layer, see Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs for the lifecycle controls that industrial teams often need next.

What this signals

Identity twin gap: industrial firms will increasingly need a relationship model that connects OT access, IT entitlements, and machine identities in one operational view. Without that, recertification and audit work will keep lagging behind how access is actually used across converged environments.

The programme signal is clear: IAM teams should not wait for full platform convergence before governing access convergence. Where engineering systems, cloud services, and external integrations are already linked, the control gap is real today, especially when service accounts and third-party access are outside the main review process.

Converged identity governance will reward teams that can explain effective access, not just list assigned roles. That aligns naturally with the NIST Cybersecurity Framework 2.0 and the OWASP Non-Human Identity Top 10, both of which emphasise visibility, control, and continuous governance in complex environments.

For practitioners

• Map effective access across OT and IT Build a single view of effective access that correlates roles, permissions, and inherited privileges across operational and enterprise systems. Focus on who can reach critical assets through multiple paths, not just who holds a named role in one environment.
• Identify toxic role combinations before recertification Run entitlement analysis for cross-domain combinations that become dangerous only when OT and IT access are combined. Prioritise accounts that span engineering tools, business systems, and third-party integrations.
• Include non-human identities in industrial governance Inventory service accounts, API credentials, and system integrations alongside human users so governance does not stop at the employee directory. Treat machine access as part of the same operational trust model.
• Use relationship models for audit evidence Adopt digital twins or knowledge graphs where they can document ownership, lineage, and access dependency chains. This helps show why a user or system has access and where that access should be revoked or revalidated.

Key takeaways

• IT/OT convergence turns identity governance into a cross-domain problem, not a siloed directory exercise.
• Toxic role combinations and fragmented visibility are the main failure modes, especially where human and non-human access overlap.
• Industrial IAM teams need a single model for effective access, ownership, and lifecycle control before converged environments outpace governance.

Key terms

• It/ot convergence: The merging of operational technology and information technology into a shared operating and security environment. In practice, it creates cross-domain access dependencies that traditional siloed governance models struggle to see, especially when safety, uptime, and enterprise control objectives collide.
• Toxic role combination: A set of permissions that appears acceptable in isolation but becomes risky when combined with other roles or system access. In converged environments, the danger comes from effective access across OT and IT, where no single team may see the full privilege picture.
• Effective access: What an identity can actually do after role nesting, inherited permissions, integrations, and cross-system trust are taken into account. It is the practical access state that matters for governance, because assigned roles alone often understate real exposure.
• Digital twin: A living virtual model of an environment or system that mirrors relationships and changes over time. For identity governance, it can represent users, roles, permissions, and access paths across OT and IT so teams can analyse dependencies and ownership in one place.

Deepen your knowledge

IT/OT identity governance and non-human access are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your industrial environment is converging faster than your access model, it is worth exploring.

This post draws on content published by Gathid: A Gathid Labs Series, Episode 1 on IT/OT convergence and identity governance. Read the original.