The manufacturing sector has reached an inflection point in its digitization journey. The availability of high-powered mobile devices (smartphones, tablets and the like), the industrial internet of things (IIoT), massive data creation, artificial intelligence, cloud-based technologies and the drive for competitive advantage have sparked a transformation not seen since the advent of the assembly line. 

In many cases, what was once a discrete location with on-site workers has become a massively interconnected and scaled hybrid world of digital and remote systems and employees. Warehouses and factories have transformed into global networks of automated systems, enabling significant operational and workflow efficiencies. At the same time, the digitization of supply chains has accelerated already complex infrastructures and diversified workflows with more users, roles and third parties that need access to sensitive information and infrastructure.

Securing this type of environment without disrupting employee workflows and bringing productivity to a grinding halt is seemingly insurmountable. However, this level of complexity isn’t unlike that of another dynamic industry — one with hyper-strict regulations and complicated workflows. One where getting it wrong can have life-critical consequences: healthcare.

Much like manufacturing, the healthcare sector is rapidly advancing toward a digital future reliant on new technologies that provide fast access to systems, applications and data while also managing and mitigating security risks. While each industry has its own nuances and challenges, commonalities are evident in the high degree of IT complexity and rapidly changing access requirements that must remain compliant and secure. And of course, the impact of a cyberattack or data breach on either sector can be paralyzing, resulting in essential resource shortages and devastating human outcomes. 

Is There a New Security Perimeter?

The attack surface for most manufacturing organizations has grown exponentially, catalyzed by the rise of digital warehouses, mobile technology and IIoT, which make traditional perimeter security harder to enforce. This isn’t lost on cyber criminals, who continuously evolve their tactics to breach organizations from every angle. While traditional endpoint or “perimeter-based” security made sense when networks and users were located almost entirely on-premises, networks of today require IT and security teams to control access to applications and resources through the authenticated identity of an individual or device.

Commonly referred to as “identity security,” this approach is the foundation of zero trust, and focuses on the digital identity of the requestor to ensure that only the right users or devices are provided access to the data and resources they need. If identity validation fails, access is not permitted. Though the concept of zero trust isn’t new, the adoption of technologies necessary to facilitate a zero-trust architecture are evolving.

The Appeal of Healthcare and Manufacturing 

Both healthcare and manufacturing organizations hold extremely valuable and proprietary data, and operate within IT ecosystems that are among the most complex on earth.

For financially motivated attackers, hacking systems to sell personal health information on the black market can be highly lucrative. For others motivated by malice — like state-sponsored hacker groups — the potential human safety impact of compromising healthcare systems is highly appealing.

Similarly, attacks on manufacturing organizations are becoming more pervasive, given the power to impact global supply chains. Consider the U.S. infant formula shortage earlier this year , when safety concerns prompted an operational shutdown by one of three major formula producers and resulted in significant and persistent national disruption. Imagine the large-scale distress if a cyberattack were to simultaneously take out two or even three of these producers, affecting populations across countries, continents, or the world.

The pandemic also caused huge disruption throughout both sectors. In healthcare, the rapid transition to telehealth, coupled with an unimaginable influx of patients and new clinicians, resulted in the adoption of technologies that worked but created new access points for bad actors to breach. Likewise, manufacturing transitioned to remote working, embraced new risk-management tools and implemented advanced analytics. In both cases, accelerated digitization illuminated security gaps that continue to widen.

Using Digital Identity

In the spring of 2022, the Biden Administration addressed today’s evolving cyber threats by releasing a federal strategy to move U.S. government agencies to zero trust standards. The executive order was released during rising attacks from the Russia-Ukraine war, with the goal of improving security and reducing cyber threats across the public and private sectors at a critical time.

A zero trust architecture is designed to put logical barriers around applications, forcing users to be authenticated, authorized and continuously validated before being granted access to applications and data. This requires a comprehensive digital identity strategy that enables seamless and compliant user workflows — an approach that the highly regulated healthcare industry is widely adopting.

Manufacturers can take a page out of healthcare’s playbook by focusing on four processes and technologies that lay the groundwork for zero trust:

• Implement lifecycle provisioning and de-provisioning. It’s critical for all organizations to know who has access to what systems, and the degree to which an individual can access these systems under specific conditions. Similarly, ensuring you can automatically modify and revoke access as users change roles or leave the organization is crucial to letting the right people in and keeping the wrong people out. Identity-governance tools can deliver role-based access without manual intervention. 
• Create user checkpoints with multifactor authentication (MFA). Compromised user credentials are one of the most common initial attack vectors, so requiring two or more verification factors to gain access to network resources is of the utmost importance. MFA enables you to provide a secure, auditable chain of trust for remote network access, cloud applications, and other critical systems and workflows. Non-intrusive modalities such as biometrics and proximity-based authentication accomplish this without creating user barriers.
• Enable a passwordless experience. Enforcing complex passwords is a security best practice, but not entirely realistic when employees must enter them into multiple applications all day, every day. Single sign-on technology eliminates password fatigue and improves compliance by reducing the need to enter usernames and passwords to access on-premises and cloud applications, shared workstations and virtual desktops. 
• Practice the principle of least privilege. Make sure you’re not giving employees and third-party vendors more access than they need by providing just enough to complete their work, and nothing more. Privileged access management prevents overprivileged users through granular policy control at the system level. This is a corollary of step one above, and can be implemented effectively and with relatively low burden.

Today’s manufacturing organizations are increasingly complex. The key to success is ensuring that complexity doesn’t lead to elevated security risk. Implementing a digital identity architecture that enables a zero trust operational model, along with fast and efficient access for the right users, strikes the correct balance of access and security. Consider how healthcare has bolstered defenses and remained agile amid surging attacks. By drawing on insights and best practices from other sectors, manufacturers can make faster strides in advancing their cyber resiliency.

Gus Malezis is chief executive officer of Imprivata.