TL;DR: OT security can no longer rely on air gaps as IT and OT converge, and the article argues that zero trust must be implemented through a phased assessment, strategy, roadmap, and execution model rather than a wholesale technology swap. The operational challenge is less the why than the how, especially when legacy identities, latency, and uptime requirements constrain standard IT ZTNA patterns.
NHIMG editorial — based on content published by Appgate: A Zero Trust Blueprint for OT System Security
Questions worth separating out
Q: How should organisations apply zero trust in operational technology without disrupting production?
A: Start with a protect surface assessment, then phase controls around the most critical assets and access paths.
Q: Why do standard IT access controls often fail in OT environments?
A: Standard IT access controls often assume modern identity systems, flexible routing, and maintenance windows that OT does not have.
Q: What breaks when legacy identity systems are ignored in OT zero trust programmes?
A: If legacy identity sources are bypassed, organisations often create shadow processes, manual exceptions, or brittle migrations that weaken governance.
Practitioner guidance
- Map the OT protect surface Identify the assets, operator pathways, and privileged access routes that actually need protection before you write policy.
- Build a cross-functional steering committee Include OT operations, engineering, security, and availability owners in the governance group so access changes are approved against safety and uptime constraints.
- Prefer direct-routed access architectures Reject cloud-routed access paths where latency or protocol translation could affect control systems.
What's in the full article
Appgate's full article covers the operational detail this post intentionally leaves for the source:
- A phased blueprint for moving from assessment to execution in OT zero trust programmes.
- A vendor evaluation framework for direct-routed ZTNA and legacy identity integration in critical environments.
- The operational criteria used to judge whether an OT access architecture can support 24/7 uptime.
- Practical planning guidance for translating zero trust principles into OT policy enforcement without disrupting production.
👉 Read Appgate's blueprint for zero trust in OT system security →
OT zero trust: are your controls keeping pace with convergence?
Explore further
Air-gap thinking has become a governance liability in converged OT environments. Physical separation once reduced exposure, but IT and OT convergence has turned isolation into an incomplete control rather than a sufficient one. Once remote monitoring and enterprise integration enter the picture, identity and access boundaries matter more than the old network myth. The practitioner conclusion is straightforward: treat OT access as governed trust, not assumed safety.
A question worth separating out:
Q: Who is accountable when zero trust changes affect OT uptime or safety?
A: Accountability should sit with the cross-functional governance group that includes OT operations, security, and engineering leadership. Zero trust in OT is not just a technical project, because access decisions can affect production stability and safety. Teams need clear owners for policy approval, exception handling, rollback, and operational risk acceptance.
👉 Read our full editorial: Zero trust for OT security needs a programmatic rollout