Notifications
Clear all
Topic starter
25/06/2026 2:55 pm
TL;DR: Manufacturers are expanding into IIoT, automation, and AI while shared workstations, mobile devices, and third-party contractors widen the attack surface, according to Imprivata. Identity has become the control point where uptime, safety, compliance, and supply chain resilience now intersect.
NHIMG editorial — based on content published by Imprivata: World Manufacturing Day underscores the critical need for secure access management
Questions worth separating out
Q: How should manufacturers secure shared workstations without slowing production?
A: Manufacturers should bind each session to a known user, record activity where appropriate, and isolate access by role or task.
Q: Why does contractor access create outsized risk in manufacturing environments?
A: Contractor access often persists beyond the job that required it, which creates standing privilege across production and supplier-connected systems.
Q: How do security teams know whether access monitoring is actually working?
A: Access monitoring is working when teams can trace who accessed which production system, when the session occurred, and whether the access matched the approved task.
Practitioner guidance
- Map identity controls to production-critical workflows Identify which users, contractors, and devices can touch production systems, then document where authentication, session control, and monitoring are weakest.
- Replace standing contractor access with task-scoped entitlements Issue contractor access only for the systems and duration required for the job, then remove it when work ends.
- Enforce session recording on shared manufacturing endpoints Use session recording and monitoring on shared workstations where multiple users, shifts, or vendors operate from the same device.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- How Imprivata frames access management for manufacturing workflows that span shared devices, mobile endpoints, and third-party support.
- The article's discussion of identity controls in the context of CMMC, NIS2, and updated manufacturing security guidance.
- The specific operational link between passwordless authentication, session recording, and access monitoring in connected plants.
- Imprivata's perspective on balancing workflow efficiency with compliance and security in digital manufacturing environments.
👉 Read Imprivata's article on secure access management for manufacturing →
Manufacturing identity security: is your access model keeping up?
Explore further
25/06/2026 4:09 pm
Identity is the manufacturing control point because operational resilience now depends on access discipline. When plants are connected through IIoT, automation, and remote vendor support, the old boundary between IT identity and operational technology access breaks down. The practical conclusion is that manufacturers must treat identity as part of production safety and continuity, not as an IT-only concern.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when a compromised identity disrupts manufacturing operations?
A: Accountability should sit with the system owner, the identity governance team, and the operational leader responsible for the affected workflow. Manufacturing risk crosses IT and OT, so incident ownership must include both access governance and production continuity. Frameworks such as NIS2 and CMMC increase the need for clear responsibility.
👉 Read our full editorial: Secure access management is now a manufacturing control point
