The manufacturing sector has reached an inflection point in its digitization journey. The availability of high-powered mobile devices (smartphones, tablets and the like), the industrial internet of things (IIoT), massive data creation, artificial intelligence, cloud-based technologies and the drive for competitive advantage have sparked a transformation not seen since the advent of the assembly line.
In many cases, what was once a discrete location with on-site workers has become a massively interconnected and scaled hybrid world of digital and remote systems and employees. Warehouses and factories have transformed into global networks of automated systems, enabling significant operational and workflow efficiencies. At the same time, the digitization of supply chains has accelerated already complex infrastructures and diversified workflows with more users, roles and third parties that need access to sensitive information and infrastructure.
Securing this type of environment without disrupting employee workflows and bringing productivity to a grinding halt is seemingly insurmountable. However, this level of complexity isn’t unlike that of another dynamic industry — one with hyper-strict regulations and complicated workflows. One where getting it wrong can have life-critical consequences: healthcare.
Much like manufacturing, the healthcare sector is rapidly advancing toward a digital future reliant on new technologies that provide fast access to systems, applications and data while also managing and mitigating security risks. While each industry has its own nuances and challenges, commonalities are evident in the high degree of IT complexity and rapidly changing access requirements that must remain compliant and secure. And of course, the impact of a cyberattack or data breach on either sector can be paralyzing, resulting in essential resource shortages and devastating human outcomes.
Is There a New Security Perimeter?
The attack surface for most manufacturing organizations has grown exponentially, catalyzed by the rise of digital warehouses, mobile technology and IIoT, which make traditional perimeter security harder to enforce. This isn’t lost on cyber criminals, who continuously evolve their tactics to breach organizations from every angle. While traditional endpoint or “perimeter-based” security made sense when networks and users were located almost entirely on-premises, networks of today require IT and security teams to control access to applications and resources through the authenticated identity of an individual or device.
Commonly referred to as “identity security,” this approach is the foundation of zero trust, and focuses on the digital identity of the requestor to ensure that only the right users or devices are provided access to the data and resources they need. If identity validation fails, access is not permitted. Though the concept of zero trust isn’t new, the adoption of technologies necessary to facilitate a zero-trust architecture are evolving.
The Appeal of Healthcare and Manufacturing
Both healthcare and manufacturing organizations hold extremely valuable and proprietary data, and operate within IT ecosystems that are among the most complex on earth.
For financially motivated attackers, hacking systems to sell personal health information on the black market can be highly lucrative. For others motivated by malice — like state-sponsored hacker groups — the potential human safety impact of compromising healthcare systems is highly appealing.
Similarly, attacks on manufacturing organizations are becoming more pervasive, given the power to impact global supply chains. Consider the U.S. infant formula shortage earlier this year , when safety concerns prompted an operational shutdown by one of three major formula producers and resulted in significant and persistent national disruption. Imagine the large-scale distress if a cyberattack were to simultaneously take out two or even three of these producers, affecting populations across countries, continents, or the world.
The pandemic also caused huge disruption throughout both sectors. In healthcare, the rapid transition to telehealth, coupled with an unimaginable influx of patients and new clinicians, resulted in the adoption of technologies that worked but created new access points for bad actors to breach. Likewise, manufacturing transitioned to remote working, embraced new risk-management tools and implemented advanced analytics. In both cases, accelerated digitization illuminated security gaps that continue to widen.
Using Digital Identity
In the spring of 2022, the Biden Administration addressed today’s evolving cyber threats by releasing a federal strategy to move U.S. government agencies to zero trust standards. The executive order was released during rising attacks from the Russia-Ukraine war, with the goal of improving security and reducing cyber threats across the public and private sectors at a critical time.
A zero trust architecture is designed to put logical barriers around applications, forcing users to be authenticated, authorized and continuously validated before being granted access to applications and data. This requires a comprehensive digital identity strategy that enables seamless and compliant user workflows — an approach that the highly regulated healthcare industry is widely adopting.
Manufacturers can take a page out of healthcare’s playbook by focusing on four processes and technologies that lay the groundwork for zero trust:
Today’s manufacturing organizations are increasingly complex. The key to success is ensuring that complexity doesn’t lead to elevated security risk. Implementing a digital identity architecture that enables a zero trust operational model, along with fast and efficient access for the right users, strikes the correct balance of access and security. Consider how healthcare has bolstered defenses and remained agile amid surging attacks. By drawing on insights and best practices from other sectors, manufacturers can make faster strides in advancing their cyber resiliency.
Gus Malezis is chief executive officer of Imprivata.
Timely, incisive articles delivered directly to your inbox.