Manufacturing digital transformation needs tighter access control

At a glance

What this is: This is Imprivata’s analysis of how manufacturing digital transformation expands cyber risk and why strategic access management is the control layer that keeps operations both productive and secure.

Why it matters: It matters because manufacturing environments combine IT, OT, shared devices, contractors, and legacy assets, which forces IAM, PAM, and identity governance teams to design access that works at production speed.

By the numbers:

• 57% of manufacturers have experienced a ransomware attack, in the past 12 months.
• 50% of manufacturers are saying that the average age of their OT assets is over 15 years old.

👉 Read Imprivata's analysis of secure access in manufacturing digital transformation

Context

Manufacturing digital transformation is the shift from manual, fragmented operations toward connected, software-driven production across IT and OT. In practice, that means more devices, more integrations, more shared access, and more opportunities for identity controls to become a bottleneck if they are not designed for the shop floor.

The governance gap is not whether manufacturers should modernize. It is whether access management, identity threat detection, and lifecycle controls can keep pace with production demands without creating workarounds. When contractors, shared devices, and legacy systems all rely on loosely governed access, the security model starts to fail at the point of use.

Key questions

Q: How should manufacturing teams manage shared access on the shop floor?

A: Manufacturing teams should remove shared credentials wherever possible and replace them with individual identities tied to each worker or contractor. If shared devices are unavoidable, access should be session-based, attributable, and logged centrally so incident response and audit can still identify who performed each action.

Q: Why do legacy OT systems increase access risk in factories?

A: Legacy OT systems often lack modern logging, central authentication, and fine-grained access controls. That forces security teams to compensate with external governance layers, because the equipment itself cannot reliably enforce least privilege or produce clean identity evidence for reviews and investigations.

Q: What do security teams get wrong about Zero Trust in manufacturing?

A: They often treat Zero Trust as a blocking layer instead of an operational model. In manufacturing, the goal is to verify continuously without slowing production, which means contextual authentication, session control, and identity monitoring must fit the work process rather than fight it.

Q: Who is accountable when contractors use shared production systems?

A: The organisation remains accountable for contractor access even when the work is outsourced. That means third-party identities need explicit ownership, limited scope, and timely offboarding, because a contractor’s access should never outlive the job or remain invisible inside plant operations.

Technical breakdown

Why manufacturing identity controls break under shared access

Manufacturing environments often depend on shared workstations, shift-based logins, and long-lived local credentials. That model weakens accountability because access is no longer tied cleanly to one person, one session, or one task. In OT settings, the operational priority is uptime, so teams frequently tolerate password sharing or broad workstation access to keep production moving. The problem is that identity evidence becomes unreliable when multiple workers and contractors use the same credentials. That makes audit, incident response, and containment much harder than in a standard office IAM model.

Practical implication: replace shared credentials with session-level identity controls and audited user attribution on production systems.

How zero trust and risk-based authentication fit factory operations

Zero Trust Architecture is useful in manufacturing only when it is implemented as a workflow control, not a gate that disrupts production. Risk-based authentication and intelligent session control let organisations verify access context without forcing repeated, high-friction prompts on every action. The key is to reduce standing trust while preserving operator speed. Identity Threat Detection and Response adds another layer by watching for abnormal access patterns across workstations, cloud apps, and hybrid systems. That combination is stronger than perimeter assumptions because it treats production access as continuously evaluated rather than permanently trusted.

Practical implication: use contextual authentication and ITDR together so production access stays usable while standing trust is reduced.

Why legacy OT assets make identity governance harder

When OT assets are old, the security team inherits systems that were not designed for modern identity patterns. Many of them use simple local accounts, inconsistent logging, and limited support for centralised access management. That creates a gap between modern IAM policy and what the equipment can actually enforce. Unified access frameworks matter because they bridge that mismatch across on-premises, cloud, and hybrid environments. Without that bridge, organisations end up with separate control planes that fragment visibility and weaken lifecycle management for both employees and third parties.

Practical implication: map legacy OT access into a unified governance layer before scaling more connected manufacturing workflows.

Threat narrative

Attacker objective: The attacker aims to interrupt production, force operational downtime, and create leverage through business disruption.

1. Entry begins when a manufacturing environment exposes shared credentials, contractor access, or externally reachable systems that can be abused during a ransomware campaign.
2. Escalation occurs when broad or poorly attributed access lets an intruder move from one workstation or system into higher-value operational systems with minimal resistance.
3. Impact follows when production is locked down, operations stop, and the organisation is forced to trade between containment and uptime.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• Schneider Electric credentials breach — exposed credentials gave attackers access to Schneider Electric Jira, exfiltrating 40GB.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Identity governance in manufacturing is really uptime governance. When access controls are designed too far from the production floor, they get bypassed in the name of speed and continuity. That is why shared accounts, broad contractor access, and inconsistent logging persist in plants even when policy says they should not. The discipline here is not simply to tighten policy, but to govern access in a way operators will actually use.

Shared credentials create an attribution failure, not just a hygiene problem. If one username and password is used by many people, the organisation loses the ability to prove who did what, when, and from where. That breaks forensic investigation, access review, and accountability at the same time. The control gap is structural because identity evidence no longer maps to human activity, which is why manufacturing needs stronger session attribution and per-user access.

Legacy OT turns identity into a translation problem. Older equipment often cannot enforce modern access patterns, so central IAM has to compensate for systems that were never built for granular identity control. That means the governance model must bridge old assets, shared devices, and modern cloud access without assuming uniform enforcement across the environment. Practitioners should treat OT age as a constraint on control design, not as an excuse to defer governance.

Access control at production speed: Manufacturing exposes a control pattern where security fails when it adds too much friction to operational work. The result is not just weaker access decisions, but informal workarounds that spread risk across people, devices, and sites. Security teams need to design controls that preserve both attribution and flow, or the plant will do it for them through shadow processes.

Contractor governance is now part of core manufacturing identity risk. Third-party access in plants is not peripheral because contractors routinely touch operational systems, shared devices, and time-sensitive workflows. If those identities are not scoped tightly and reviewed continuously, they become a durable entry point rather than a temporary exception. The implication is that lifecycle governance for third parties must be treated as production-critical access management.

From our research:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
• Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows how compromise tends to repeat when governance is weak.
• For a broader governance lens, see Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs for the controls that keep access from lingering past its legitimate use.

What this signals

Shared access is becoming a governance liability, not a convenience layer. Manufacturing teams that still depend on common credentials, ad hoc contractor access, and legacy OT exceptions will find that auditability erodes faster than productivity gains. The practical signal is to treat identity attribution as part of operational resilience, not as a back-office IAM concern.

Identity Threat Detection and Response is most useful where access cannot be made fully clean. In manufacturing, some systems will remain hard to modernize, so the control objective shifts to detecting abnormal behaviour early and keeping it attributable. Pairing that approach with the Top 10 NHI Issues gives security teams a clearer view of where access sprawl and shadow exceptions are accumulating.

Contractor and session governance will matter more as plants connect more systems. The more IT, OT, cloud, and remote support converge, the more important it becomes to connect every access event to a named identity and a limited purpose. For that reason, modern manufacturing programmes should align access policy with the NIST Cybersecurity Framework 2.0 and the Ultimate Guide to NHIs , Why NHI Security Matters Now.

For practitioners

• Eliminate shared shop-floor credentials Replace common usernames and passwords with individual identities, even on shared devices, so every action can be attributed to a specific person or contractor.
• Build friction-aware access flows Use multifactor authentication, passwordless options, and session controls that fit shift work and production pressure instead of creating workarounds.
• Unify IT and OT access governance Create one access policy model for on-premises, cloud, and hybrid systems so access reviews and offboarding do not stop at the plant boundary.
• Tighten contractor lifecycle controls Scope third-party access to the exact plant systems needed, review it on a defined cadence, and remove it immediately when the work ends.

Key takeaways

• Manufacturing digital transformation fails when access controls are treated as an IT add-on rather than an operational control.
• Shared credentials, legacy OT, and contractor sprawl weaken attribution and make ransomware recovery harder, which is why identity governance now sits on the production resilience path.
• The practical response is to make access attributable, contextual, and lifecycle-managed without adding friction that pushes plant teams back toward shadow processes.

Key terms

• Shared Access: Shared access is when multiple workers or contractors use the same login or device identity to perform operational tasks. It keeps production moving, but it weakens attribution, complicates audits, and makes incident response less precise because the system cannot cleanly prove who performed each action.
• Identity Threat Detection and Response: Identity Threat Detection and Response is the practice of monitoring identity activity for abnormal behaviour, risky access patterns, and misuse indicators. In manufacturing, it matters because some OT and shared-device environments cannot be fully modernised, so detection becomes a compensating control for incomplete enforcement.
• Operational Technology: Operational Technology is the hardware and software that runs physical processes such as production lines, machines, and plant systems. OT environments often prioritize uptime and safety over rapid control changes, which makes modern identity governance harder to deploy but more important to get right.
• Contractor Access Governance: Contractor access governance is the lifecycle management of third-party identities that need temporary or scoped access to an environment. It covers approval, limitation, monitoring, and removal so external access does not become a standing exception inside critical operations.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Imprivata: Walking the Tightrope: Balancing Digital Transformation and Cybersecurity in Manufacturing. Read the original.