Manufacturing identity security: are your access controls keeping up?

TL;DR: Manufacturers adopting IIoT, automation, and AI are expanding their attack surface through shared workstations, mobile devices, and contractor access, while ransomware, third-party breaches, and supply chain disruption remain top risks, according to Imprivata. Identity and access controls now determine whether digital transformation improves resilience or amplifies operational exposure.

NHIMG editorial — based on content published by Imprivata: World Manufacturing Day underscores the critical need for secure access management

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).

Questions worth separating out

Q: How should manufacturing teams secure shared workstations without slowing production?

A: Use session-based controls rather than relying on one-time login alone.

Q: Why is contractor access such a high-risk issue in manufacturing environments?

A: Contractor access often spans critical systems, short time windows, and urgent maintenance needs, which makes it easy to over-grant.

Q: What do security teams get wrong about identity in Industry 4.0 programmes?

A: They often treat identity as an administrative layer instead of an operational control.

Practitioner guidance

• Harden shared-workstation session controls Require re-authentication at shift changes, disable cached credentials where possible, and ensure every session on a shared device can be attributed to one named identity.
• Scope contractor access to a single task window Provision vendor and contractor accounts for the specific maintenance or support activity only, then revoke access immediately when the work is complete.
• Use monitored authentication for production systems Combine passwordless authentication with session recording on high-risk plant systems so teams can preserve speed while creating an audit trail for investigations.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• How manufacturers are applying passwordless authentication in shared-device environments without disrupting floor operations
• The article's discussion of session recording and access monitoring as practical controls for production and contractor access
• The compliance context around CMMC, NIS2, and updated cybersecurity expectations for manufacturing organisations
• Why identity is being framed as the control point that connects workflow efficiency with security and auditability

👉 Read Imprivata's analysis of secure access management for manufacturing →

Manufacturing identity security: are your access controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →