IT/OT convergence exposes old access assumptions in manufacturing

At a glance

What this is: This is an independent analysis of the security and governance gaps created when manufacturers converge IT and OT systems, with legacy access, shared logins, and visibility shortfalls as the central findings.

Why it matters: It matters because IT/OT integration changes how identity, access, and auditability must work across operational and enterprise environments, affecting NHI, human, and lifecycle governance together.

By the numbers:

• 46% of manufacturers cite security concerns as the top barrier to IT/OT convergence.
• 50% still rely on OT assets that are 15+ years old.
• Only 30% can deliver real-time data to frontline workers.
• Just 15% have mature cybersecurity practices.

👉 Read Imprivata's analysis of security risks in IT/OT convergence

Context

IT/OT convergence brings operational technology and enterprise IT into the same governance plane, which means identity controls, audit trails, and access policy can no longer stay siloed. In manufacturing, that creates a direct identity governance problem because legacy OT systems often rely on shared logins, inconsistent workflows, and access patterns that were never designed for modern accountability.

The article’s central warning is that efficiency gains from connected systems do not offset the security debt created by old assets and fragmented access. For IAM, PAM, and lifecycle teams, the real issue is not just whether systems can connect, but whether every access path can be attributed, reviewed, and constrained across plant and enterprise operations.

Key questions

Q: How should manufacturers eliminate shared logins in OT without disrupting operations?

A: Start with the highest-risk assets and replace shared access with individual authentication that still works on the shop floor. Use phased rollout, exception handling, and operational fallback procedures so uptime is protected while accountability improves. The goal is not perfect coverage on day one, but a credible path away from untraceable access.

Q: Why do legacy OT assets make IT/OT convergence harder to secure?

A: Older OT systems were not designed for modern identity governance, so they often lack individual attribution, central logging, or flexible access controls. That means security teams must govern risk around systems that cannot easily prove who accessed them, which increases audit gaps and incident response uncertainty.

Q: What breaks when organisations cannot see access activity across IT and OT?

A: Without access visibility, organisations lose the ability to detect misuse, reconstruct incidents, and verify that third-party and internal users stayed within their approved scope. In practice, blind spots create delayed response, weak evidence, and a false sense of control because the environment cannot validate its own access history.

Q: Who is accountable when third-party vendors access OT systems?

A: The organisation remains accountable for the access it grants, even when a vendor performs the task. That means third-party access must be tied to named identities, time-bounded approvals, and explicit offboarding so the relationship does not outlive the need for access.

Technical breakdown

Shared logins in OT create untraceable access paths

Many OT environments still depend on shared credentials because the systems were built before individual accountability became a security requirement. That breaks attribution at the point of use, so a supervisor, contractor, or operator can all appear under the same identity. In practice, this makes audit trails weak, incident response slower, and privilege reviews almost meaningless. When access cannot be tied to a person or role, the organisation loses the ability to prove who changed what on the floor. The problem is not only poor hygiene. It is a structural identity gap between legacy operational access and modern governance expectations.

Practical implication: replace shared credentials with individual authentication and make access events attributable at the system level.

Visibility is the control that makes IT/OT convergence governable

IT/OT integration increases the need to know who accessed which device, at what time, and from where. That is because legacy assets often lack native monitoring, while third-party vendors and internal operators may interact with the same operational workflows. Without consistent access logging, organisations cannot detect misuse, reconstruct incidents, or enforce lifecycle controls. Visibility is therefore not a reporting feature. It is the minimum control that turns convergence from a blind connection into a governable environment. In OT, the absence of visibility usually means the absence of enforceable accountability.

Practical implication: extend access logging and activity monitoring to both legacy OT assets and third-party interactions.

Least privilege has to survive real-world manufacturing workflows

Manufacturing environments often optimise for uptime, shift changes, and rapid floor access, which makes least privilege harder to maintain than in office IT. If access is too broad, one compromised account can cross operational boundaries. If access is too rigid, teams create workarounds that reintroduce shared access and manual resets. The technical challenge is to align access scope with actual task duration and operational context, not with static job titles alone. That requires governance that can handle both modern systems and older platforms without creating a new shadow-access layer.

Practical implication: scope access by task and role, then remove standing privileges that are only needed for specific operational windows.

Threat narrative

Attacker objective: The objective is to gain durable, low-friction access to operational systems without reliable attribution, enabling misuse or disruption while staying hard to investigate.

1. Entry occurs through legacy OT systems that still depend on shared logins or weakly governed access pathways, giving an attacker or insider a credential path that cannot be cleanly attributed.
2. Escalation follows when broad operational access lets the actor move between systems, vendors, or workflows without reliable monitoring or per-user accountability.
3. Impact lands in the form of undetected misuse, slower incident response, audit failure, or operational disruption because the organisation cannot prove who accessed what or when.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• DeepSeek breach — DeepSeek breach exposed 1M+ log lines and sensitive secret keys.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Shared OT logins are not a convenience problem, they are a governance failure. When multiple people use the same identity, organisations lose attribution, revocation accuracy, and credible audit evidence. That means incident response cannot reliably reconstruct actions and access reviews cannot certify accountability. For manufacturing programmes, the first governance question is whether the environment can tell one operator from another at the point of access.

IT/OT convergence only becomes governable when visibility reaches the edge. Legacy assets that cannot show who accessed them, when, and from where create blind spots that modern IAM reporting cannot paper over. Third-party vendor access makes the problem sharper because operational risk now includes external lifecycle management as well as internal control. The practical implication is that convergence without logging simply shifts risk into a less observable layer.

Identity attribution gap: The assumption that access can be tied to an individual or accountable role was designed for systems with per-user governance. That assumption fails when OT depends on shared logins and multi-operator credentials, because the environment itself destroys attribution before review can happen. The implication is that lifecycle and access governance must be rethought around systems that were never built for individual identity proofs.

Manufacturing privilege has to be treated as operationally elastic, not permanently granted. The article shows why standing access is hard to justify when shifts, contractors, and maintenance events all change the access need. This is where PAM, IAM, and floor operations intersect: the governance model must preserve uptime without defaulting to broad persistent access. Practitioners should treat privilege breadth as a plant risk indicator, not just an IT policy issue.

Security concerns are already acting as the brake on convergence, which means identity governance is now an adoption issue. When 46% of manufacturers name security as the top barrier, the message is that access management is no longer a downstream control. It is part of the business case for digital transformation itself. Leaders should assume that weak identity controls will slow IT/OT programmes as much as technical debt will.

From our research:

• 28.65 million new hardcoded secrets were detected in public GitHub commits in 2025 alone, a 34% year-over-year increase and the largest single-year jump ever recorded, according to The State of Secrets Sprawl 2026.
• 64% of valid secrets leaked in 2022 are still valid and exploitable today, according to The State of Secrets Sprawl 2026.
• For broader identity governance context, see The 52 NHI breaches Report for real-world cases showing how weak attribution and lifecycle control turn access into breach impact.

What this signals

Identity attribution is becoming a manufacturing control plane issue. As IT and OT converge, the practical question is no longer whether access exists, but whether it can be proven, reviewed, and revoked without operational disruption. Programmes that still tolerate shared access in critical environments will find that auditability fails before technology integration does.

With 28.65 million new hardcoded secrets detected in public GitHub commits in 2025, access governance is clearly under pressure across modern environments, and the same pattern appears in OT when teams rely on shared credentials or unmanaged exceptions. The lesson for practitioners is that identity controls must be visible at the workflow edge, not only in central IAM reports.

Operational identity debt: when access was designed for uptime instead of accountability, convergence simply exposes the gap. Manufacturers should expect third-party access, maintenance windows, and legacy device constraints to become the places where governance either holds or breaks, which is why lifecycle ownership for OT access needs the same seriousness as employee offboarding.

For practitioners

• Eliminate shared operational logins Map every OT workflow that still relies on shared credentials and replace it with individual authentication or an equivalent attributable access pattern. Preserve accountability at the system boundary so audit trails can answer who did what, when, and through which device.
• Extend access visibility into OT assets Instrument legacy systems, vendor touchpoints, and maintenance workflows with access logging that records who accessed what, when, and where. Use those logs to support incident reconstruction, compliance evidence, and exception reviews.
• Align IAM with plant operations Set access policy with both IT security and OT uptime requirements in the same review process, then define where shared workarounds are not acceptable. This reduces the incentive to bypass controls when shifts, outages, or vendor support events occur.
• Use least privilege for maintenance and third-party access Grant broad access only for the shortest operational window that matches the task, and remove it when maintenance, support, or commissioning ends. Review third-party access separately from employee access because lifecycle ownership is different.

Key takeaways

• IT/OT convergence is constrained less by connectivity than by access governance, especially where shared logins remove attribution.
• The evidence points to a mature control gap: legacy assets, weak visibility, and low cybersecurity maturity make modern governance difficult to enforce.
• Manufacturers need attributable identity, access logging, and task-scoped privilege before convergence can be treated as an operationally safe design choice.

Key terms

• It/ot convergence: The integration of information technology and operational technology so data, devices, and workflows can be managed together. In practice, it creates a shared governance problem because systems built for uptime and systems built for enterprise control must now share identity, access, and audit expectations.
• Shared login: A single set of credentials used by more than one person or role. Shared logins reduce accountability because actions cannot be cleanly attributed to an individual, which weakens audit trails, incident response, and lifecycle governance in environments that need precise access ownership.
• Access visibility: The ability to see who accessed what, when, and where across systems and workflows. In identity governance, visibility is the foundation for audits, anomaly detection, and revocation decisions, especially when legacy assets and third-party users interact with critical operational systems.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Imprivata: security risks in IT/OT convergence. Read the original.