TL;DR: As OT and IT boundaries dissolve, identity becomes the control plane and the weakest link because legacy OT systems, orphaned accounts, excessive privilege, and unreliable manual reviews leave access difficult to see and govern, according to Gathid. The problem is not integration itself but the assumption that IT IAM models can be retrofitted into disconnected operational environments without creating new risk.
NHIMG editorial — based on content published by Gathid: OT and IT identity governance in converged environments
Questions worth separating out
Q: How should security teams govern identity across OT and IT environments?
A: Start by mapping every identity, every access path, and every ownership relationship before trying to enforce policy centrally.
Q: Why do legacy OT systems create more identity risk than standard IT environments?
A: Legacy OT environments often rely on local admin accounts, vendor-owned software, and disconnected networks, which makes normal IAM visibility incomplete.
Q: What breaks when manual access reviews are used for OT identities?
A: Manual reviews are usually stale by the time they finish, and OT environments change in ways that spreadsheets and periodic sign-off cannot capture.
Practitioner guidance
- Inventory every identity across OT and IT Build a complete register of employees, contractors, third parties, service accounts, and machine users, then map where each identity is governed and where it is effectively unmanaged.
- Classify systems that cannot tolerate direct integration Separate OT assets that require passive discovery or model-based governance from systems that can safely support direct IAM connections.
- Use relationship mapping to find toxic access paths Identify role conflicts, ownerless accounts, and privilege chains that connect otherwise isolated systems, then prioritise the highest blast-radius combinations first.
What's in the full article
Gathid's full article covers the operational detail this post intentionally leaves for the source:
- A fuller breakdown of why OT IAM retrofits can require architecture changes, downtime, or protocol changes.
- More detail on how digital twins are used to model access without forcing bidirectional integration.
- A deeper explanation of how knowledge graphs surface toxic access paths, ownership gaps, and downstream impact.
- The source article's five-step programme for inventorying identities, consolidating access views, and enforcing least privilege.
👉 Read Gathid's analysis of OT and IT identity governance gaps →
OT and IT identity convergence: what IAM teams are missing?
Explore further
Identity governance in OT is really a visibility problem disguised as an integration problem. The article is right to frame fragmentation as the central issue, because governance cannot work when teams do not have a trustworthy inventory of identities, roles, and ownership across operational systems. In OT, the constraint is not only technical incompatibility but also the operational cost of forcing centralised controls into environments that were built for resilience, isolation, and vendor specificity. Practitioners should treat visibility as the first control boundary, not the last reporting step.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to the State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Who should own access accountability when vendor-managed OT software is involved?
A: The operating organisation must own the governance outcome even when the software is vendor-managed. That means every exception needs a named business owner, a documented purpose, and a lifecycle trigger for review or removal. Without that, vendor access becomes persistent by default and auditability collapses.
👉 Read our full editorial: OT and IT convergence exposes a new identity governance gap