Manufacturing access control gaps: can digital transformation stay secure?

TL;DR: Manufacturers are accelerating Industry 4.0 while facing expanded attack surfaces, with Imprivata citing that 57% experienced ransomware in the past 12 months and that legacy OT assets still average more than 15 years old. Secure modernization now depends on stronger identity governance, shared-device controls, and continuous access monitoring rather than adding friction late in the workflow.

NHIMG editorial — based on content published by Imprivata: Walking the Tightrope: Balancing Digital Transformation and Cybersecurity in Manufacturing

By the numbers:

• 57% of manufacturers have experienced a ransomware attack, in the past 12 months.
• 50% of manufacturers are saying that the average age of their OT assets is over 15 years old.

Questions worth separating out

Q: How should manufacturing teams manage shared access on the shop floor?

A: Manufacturing teams should remove shared credentials wherever possible and replace them with individual identities tied to each worker or contractor.

Q: Why do legacy OT systems increase access risk in factories?

A: Legacy OT systems often lack modern logging, central authentication, and fine-grained access controls.

Q: What do security teams get wrong about Zero Trust in manufacturing?

A: They often treat Zero Trust as a blocking layer instead of an operational model.

Practitioner guidance

• Eliminate shared shop-floor credentials Replace common usernames and passwords with individual identities, even on shared devices, so every action can be attributed to a specific person or contractor.
• Build friction-aware access flows Use multifactor authentication, passwordless options, and session controls that fit shift work and production pressure instead of creating workarounds.
• Unify IT and OT access governance Create one access policy model for on-premises, cloud, and hybrid systems so access reviews and offboarding do not stop at the plant boundary.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• IDC-backed manufacturing data on ransomware impact and OT asset age that can support internal business cases.
• The live discussion points from Chip Hughes and Chaitanya Yinti on balancing productivity with access security.
• Specific examples of how shared-device workflows and contractor access create friction on the factory floor.
• The source article’s commentary on how IT, OT, and identity teams can align around a unified access model.

👉 Read Imprivata's analysis of secure access in manufacturing digital transformation →

Manufacturing access control gaps: can digital transformation stay secure?

Explore further

View Full Forum →  |  NHI Foundation Course →