IT/OT convergence is exposing identity gaps in manufacturing

At a glance

What this is: This is an analysis of IT/OT convergence in manufacturing and the key finding is that identity gaps, legacy systems and vendor access are the main blockers to secure integration.

Why it matters: It matters because manufacturing teams cannot secure converged environments with separate IT and OT identity models, and the same governance gaps will affect machine, human and third-party access controls.

By the numbers:

• 46% cite security concerns as the #1 issue
• 15+ years old in ~50% of manufacturers
• Only 30% of manufacturers can deliver real-time data to frontline workers, highlighting integration gaps
• Cybersecurity maturity is low: only 15% of manufacturers have robust practices

👉 Read Imprivata’s analysis of IT/OT convergence challenges in manufacturing

Context

IT/OT convergence in manufacturing means enterprise systems and industrial operations now share data, users and access paths. The primary keyword here is IT/OT convergence, and the central problem is that identity governance designed for separate environments breaks down once production, analytics and remote support become connected.

Manufacturers are no longer dealing with a theoretical convergence roadmap. They are managing real access to PLCs, robotics, sensors, cloud dashboards and vendor sessions across plant and enterprise networks, which means access control, visibility and accountability must work across both domains at once.

Key questions

Q: How should security teams govern identity in IT/OT convergence projects?

A: Security teams should govern IT/OT convergence as a single identity problem across enterprise systems, plant systems and third-party support. That means mapping all access paths, eliminating unnecessary shared credentials, constraining vendor sessions to task scope and reviewing exceptions for legacy OT systems that cannot support modern controls.

Q: Why does IT/OT convergence increase identity risk in manufacturing?

A: IT/OT convergence increases identity risk because it connects environments that were never built around the same authentication, authorization or audit model. Legacy OT systems, shared accounts and remote vendor access create inconsistent control points, so the weakest identity practice can extend from office IT into production operations.

Q: What breaks when manufacturers keep shared OT accounts after convergence?

A: Shared OT accounts break accountability first and detection second. Once multiple operators, vendors or support staff use the same identity, incident review cannot reliably answer who changed a controller, when access occurred or whether the action came from an authorised session.

Q: Who is accountable when vendor access reaches OT systems through convergence?

A: The manufacturer remains accountable for the access path, even when a vendor performs the work. Governance must define ownership for approval, monitoring, session closure and exception handling, because third-party support does not remove the need for internal control over plant access.

Technical breakdown

IT/OT convergence and shared identity controls

IT/OT convergence creates a single access problem across two operating cultures. IT environments usually assume centralized authentication, policy enforcement and auditability. OT environments often still rely on shared workstations, generic credentials and narrow maintenance windows. When those worlds connect, identity becomes the control plane that determines whether access is attributable, least privilege is enforceable and remote support can be monitored without disrupting production.

Practical implication: standardise identity policy across enterprise and plant systems before expanding connectivity.

Legacy OT systems and modern authentication

Many OT assets were designed before current identity standards existed, so they may not support MFA, federation or modern role design. That creates a split environment where some systems are governed through centralized identity while others are effectively exceptions. The technical risk is not just outdated hardware. It is inconsistent authentication and authorization logic that makes privilege review and session accountability unreliable across the plant.

Practical implication: inventory which OT systems cannot support modern identity controls and treat them as constrained exceptions.

Vendor access and remote session exposure

Third-party support is a core part of manufacturing operations, but convergence often broadens vendor reach beyond what a maintenance task requires. Remote access tools can turn a narrowly scoped support session into broad privileged connectivity if session boundaries are weak. Without segmentation, recording and credential vaulting, vendor access becomes a durable pathway into both OT and adjacent enterprise systems.

Practical implication: isolate vendor sessions and bind them to task-scoped access with full monitoring.

Threat narrative

Attacker objective: The attacker’s objective is to move from a foothold in IT or remote support into industrial operations where production impact and data access are both possible.

1. Entry begins when enterprise credentials, shared accounts or vendor remote access are reused across connected IT and OT environments, creating a path from corporate systems into plant operations.
2. Escalation occurs when legacy OT assets, broad VPN connectivity or weak segmentation let that access expand from a single support function into privileged control of industrial systems.
3. Impact is production disruption, data exposure or operational interference across manufacturing processes, with visibility gaps making it harder to identify which identity was used and what changed.

Breaches seen in the wild

• Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

IT/OT convergence turns identity into the shared control plane for manufacturing. The article shows that the old separation between enterprise IT and plant OT no longer matches how work is done. Once production data, remote support and analytics share the same environment, access policy has to be consistent or the weakest identity domain becomes the entry point. The implication is that manufacturing security programmes should treat identity as the connective tissue between uptime and resilience.

Legacy OT systems create identity exceptions that never fully go away. Systems that cannot support modern authentication or centralized policy do not just complicate integration. They create permanent governance drift, because security teams end up documenting exceptions instead of closing them. That aligns with OWASP-NHI and NIST-CSF thinking: unmanaged exceptions are where accountability weakens and audit trails fragment. Practitioners should assume these exceptions will persist unless explicitly isolated.

Shared accounts are a visibility failure, not just an operational convenience. When multiple people use the same workstation or credential, the organisation loses the ability to prove who accessed a controller, when they accessed it and what they changed. That is a governance failure across both human and non-human access pathways, because attribution becomes unreliable at the point of incident review. Practitioners should treat shared identity as a control gap, not a workflow preference.

Vendor access without session boundaries is the named concept this article exposes. Remote maintenance is necessary in manufacturing, but convergence widens the scope of third-party access unless permissions are tightly bounded. Time-bound access, session recording and credential vaulting are not separate features here. They are the mechanisms that prevent support access from becoming standing operational reach. Practitioners should re-evaluate every third-party path as if it can become a production path.

Identity-first convergence is becoming the default security model for industrial environments. The article’s message is that manufacturing does not need less connectivity, it needs more disciplined connectivity. That points toward converged governance across IT, OT and vendor identities, with clear ownership and consistent review cycles. Practitioners should expect convergence projects to fail if access management is treated as a downstream cleanup task.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, 46% confirmed and 26% suspected, according to the 2024 ESG Report: Managing Non-Human Identities.
• Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows how quickly one identity failure can repeat across systems.
• Manufacturing teams can use the NHI Lifecycle Management Guide to connect identity review, rotation and offboarding across hybrid environments.

What this signals

Vendor access without session boundaries: manufacturing convergence is exposing a control pattern that security teams should now name explicitly. When remote support extends beyond a single task, the organisation has not just a connectivity problem but a governance problem that links plant availability to identity scope. With 46% of organisations already citing security concerns as the top issue in NHI governance research, converged manufacturing environments should expect the same pattern to surface in industrial access.

The practical shift is toward identity-led segmentation, not just network segmentation. Teams should expect convergence programmes to fail when legacy OT systems, shared accounts and external support paths are left as exceptions without compensating controls. For a broader access-control baseline, the NIST Cybersecurity Framework 2.0 remains the clearest way to map govern, protect, detect and respond functions across IT and OT.

For practitioners

• Map identity boundaries across IT and OT Document where enterprise credentials, local OT accounts and third-party support identities are used, then flag any system that allows cross-domain reuse without explicit policy. Build the inventory around actual access paths, not asset labels, so you can see where identity control breaks down.
• Eliminate shared credential dependencies Replace generic OT logins with named, attributable sessions on shared endpoints wherever production workflows allow. Where shared access cannot be removed immediately, add strong logging, supervised approval and post-session review so accountability is preserved.
• Constrain vendor access to task scope Require time-bound permissions, session recording and vault-based credential release for maintenance partners. Separate vendor support paths from broader network reach so a troubleshooting session cannot become persistent access to plant systems.
• Prioritise legacy OT exception handling Classify OT assets that cannot support modern identity standards and place them behind compensating controls such as segmentation, monitored jump access and stricter approval workflows. Do not let exception handling become an informal policy.
• Align review cycles to convergence risk Re-run access reviews after convergence projects, not just on the normal calendar. Focus on identities that now cross enterprise and plant boundaries, because those are the ones most likely to hide excessive privilege.

Key takeaways

• IT/OT convergence is an identity governance problem as much as it is an architecture problem, because shared access paths collapse accountability across enterprise and plant systems.
• The evidence shows the scale of the issue: legacy OT assets, shared accounts, remote vendor access and low cybersecurity maturity are still common in manufacturing environments.
• The control that changes the outcome is disciplined identity scope, including session boundaries, attributable access and exception handling for systems that cannot meet modern standards.

Key terms

• IT/OT Convergence: The integration of enterprise information systems with industrial operations so data, users and workflows move across both environments. In manufacturing, convergence improves visibility and efficiency, but it also forces identity controls to work across systems that were historically governed very differently.
• Shared Account: An account used by more than one person or process, often for convenience in operational environments. In identity governance, shared accounts weaken attribution, complicate auditing and make it difficult to prove who performed an action during production or maintenance activity.
• Vendor Access: External access granted to third parties for support, maintenance or diagnostics. In converged manufacturing environments, vendor access must be tightly scoped because remote support can expand quickly from a task-specific session into broader privileged reach if it is not segmented and monitored.
• Identity-Driven Access Control: A governance approach that makes identity the basis for who can reach systems, data and industrial assets. It matters in converged environments because consistent identity policy is one of the few controls that can span enterprise applications, OT systems and third-party support paths.

Deepen your knowledge

IT/OT convergence and identity-driven access controls are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building a governance programme for manufacturing environments, it is worth exploring.

This post draws on content published by Imprivata: IT/OT convergence challenges in manufacturing. Read the original.