TL;DR: OT teams are facing a security transformation deficit as IT/OT convergence, hybrid environments, and legacy industrial systems expand the attack surface, with 58% of organisations hit by cyberattacks reporting operational stoppages, according to Illumio. Static perimeters and air-gapped assumptions no longer match modern OT reality, making continuous validation and segmentation the practical baseline.
NHIMG editorial — based on content published by Illumio: How Illumio + Armis Secure Modern OT Environments
By the numbers:
- 58% of organizations hit by a cyberattack in the last year still report having to halt operations.
- 40% of organizations losing a significant amount of revenue after cyberattacks and 35% experiencing brand damage highlight the business impact of OT disruption.
Questions worth separating out
Q: How should security teams segment OT networks without disrupting production?
A: Start with identity-based policy over existing infrastructure, not a forklift redesign.
Q: Why do air gaps and static perimeters fail in IT/OT convergence?
A: Air gaps and static perimeters fail because modern OT rarely stays isolated.
Q: What breaks when OT containment cannot act on live telemetry?
A: When containment cannot act on live telemetry, detection becomes documentation rather than defence.
Practitioner guidance
- Map OT communication paths to actual runtime behavior Inventory how SCADA, DCS, MES, ERP, cloud services, and gateways really talk to each other, then compare that picture with your documented zone model.
- Build containment rules that can act on suspicious OT telemetry Tie passive monitoring to enforcement actions such as traffic narrowing, device isolation, or protocol-specific restriction.
- Treat OT modernisation as a governance programme Track whether each new gateway, integration, or cloud link comes with an access policy, an owner, and a rollback path.
What's in the full article
Illumio's full article covers the operational detail this post intentionally leaves for the source:
- How the Illumio and Armis integration maps IT, OT, and IoT visibility into segmentation decisions.
- The specific behaviour signals Armis uses to flag suspicious devices and communications before enforcement kicks in.
- Examples of how policy simulation and pre-change checks support regulated industrial change management.
- The VEN/NEN architecture details behind agentless enforcement for fragile OT assets.
👉 Read Illumio's analysis of Zero Trust security for modern OT environments →
Zero trust for OT environments: are legacy controls still enough?
Explore further
Static perimeter security is the wrong control model for modern OT. Once OT environments include cloud connectivity, virtualised gateways, and shared services, separation by zone alone stops being sufficient. Security decisions have to follow runtime communication patterns, not just plant diagrams. Practitioners should treat segmentation as a live governance problem, not a one-time network design choice.
A question worth separating out:
Q: Which frameworks help teams evaluate Zero Trust metrics and access governance?
A: NIST SP 800-207 is the best anchor for Zero Trust architecture, while the OWASP Non-Human Identity Top 10 helps teams evaluate identity sprawl, privilege, and secret handling. For human authentication, NIST SP 800-63 is relevant. Together they help teams align dashboard metrics with the actual trust decisions the programme is meant to control.
👉 Read our full editorial: Zero trust for OT environments is now an operational need