Notifications
Clear all
Topic starter
25/06/2026 2:50 pm
TL;DR: Manufacturers integrating IT and OT still cite security as the main barrier, with 46% naming it the top concern, 50% relying on OT assets older than 15 years, and only 15% reporting mature cybersecurity practices, according to IDC InfoBrief sponsored by Imprivata. Legacy access, poor visibility, and misaligned priorities show that convergence fails when identity controls are bolted onto systems that were never designed for shared governance.
NHIMG editorial — based on content published by Imprivata: security risks in IT/OT convergence
By the numbers:
- 46% of manufacturers cite security concerns as the top barrier to IT/OT convergence.
- 50% still rely on OT assets that are 15+ years old.
- Only 30% can deliver real-time data to frontline workers.
Questions worth separating out
Q: How should manufacturers eliminate shared logins in OT without disrupting operations?
A: Start with the highest-risk assets and replace shared access with individual authentication that still works on the shop floor.
Q: Why do legacy OT assets make IT/OT convergence harder to secure?
A: Older OT systems were not designed for modern identity governance, so they often lack individual attribution, central logging, or flexible access controls.
Q: What breaks when organisations cannot see access activity across IT and OT?
A: Without access visibility, organisations lose the ability to detect misuse, reconstruct incidents, and verify that third-party and internal users stayed within their approved scope.
Practitioner guidance
- Eliminate shared operational logins Map every OT workflow that still relies on shared credentials and replace it with individual authentication or an equivalent attributable access pattern.
- Extend access visibility into OT assets Instrument legacy systems, vendor touchpoints, and maintenance workflows with access logging that records who accessed what, when, and where.
- Align IAM with plant operations Set access policy with both IT security and OT uptime requirements in the same review process, then define where shared workarounds are not acceptable.
What's in the full article
Imprivata's full analysis covers the operational detail this post intentionally leaves for the source:
- IDC survey context behind the manufacturer security concerns and maturity gaps.
- Checklist guidance for replacing shared logins with badge plus PIN and other individual authentication methods.
- Operational examples for extending access visibility into IT and OT workflows.
- Specific ways to balance plant uptime, compliance, and identity governance during convergence.
👉 Read Imprivata's analysis of security risks in IT/OT convergence →
IT/OT convergence: what IAM teams need to fix first?
Explore further
25/06/2026 4:00 pm
Shared OT logins are not a convenience problem, they are a governance failure. When multiple people use the same identity, organisations lose attribution, revocation accuracy, and credible audit evidence. That means incident response cannot reliably reconstruct actions and access reviews cannot certify accountability. For manufacturing programmes, the first governance question is whether the environment can tell one operator from another at the point of access.
A few things that frame the scale:
- 28.65 million new hardcoded secrets were detected in public GitHub commits in 2025 alone, a 34% year-over-year increase and the largest single-year jump ever recorded, according to The State of Secrets Sprawl 2026.
- 64% of valid secrets leaked in 2022 are still valid and exploitable today, according to The State of Secrets Sprawl 2026.
A question worth separating out:
Q: Who is accountable when third-party vendors access OT systems?
A: The organisation remains accountable for the access it grants, even when a vendor performs the task. That means third-party access must be tied to named identities, time-bounded approvals, and explicit offboarding so the relationship does not outlive the need for access.
👉 Read our full editorial: IT/OT convergence exposes old access assumptions in manufacturing
