Many businesses are trying to become more competitive and create added value for customers and other stakeholders by attempting to integrate old and new systems. But integration of different systems can be associated with a security risk, as it can contribute to new possible entrances for attackers if security is not taken seriously enough. So how do you make a secure system integration?
Identify the most valuable information
Integration should be based on what information needs to be shared to create competitiveness and efficiency, not which technical solution is available. The first step is therefore to identify your most valuable assets. Which information is most critical and thus worth protecting?
Classify and identify security needs
The next step is information classification, which means classifying the information and defining different security needs. To do the classification, you must evaluate aspects such as the value and sensitivity of the information, the legal requirements and the importance of the information for the business. A good way to determine how the classification should be done is to use a risk and safety analysis. It helps you to quickly and efficiently map your current information security as well as your future needs.
However willing you are to protect your information; it is not practical or financially justified to protect all information in the same way. To secure the most valuable information, strict network segmentation is the best solution to use. This means that you create zones with different security levels.
At Advenica, you can get help with both risk and security analyses and how to solve network segmentation.
The security information policy helps you maintain security
Based on the information classification, a security/information policy can also be established. By only allowing information exchange according to a well-defined information policy, it becomes easier to increase information security without compromising on functionality. The policy will act as your guide for information and security decisions and will help you to work continuously and systematically with your information security.
Secure IT/OT integration - an integration that can be a challenge
Operational Technology (OT) is a concept that includes all the subsystems that are needed to control and monitor a physical process, such as a power plant. Historically, OT systems have often been completely disconnected from the outside world. In pace with society's digitisation, the need to connect OT systems with IT systems has increased. This integration is a major challenge from a safety point of view as there is a risk that someone without permission will affect or change the system.
In recent years, the NIS directive and new security laws raise new, higher demands on companies in critical infrastructure regarding information security. In order to upgrade the security to meet the requirements of the regulatory authority and at the same time maintain the accessibility to digital information, solutions that can separate and control data flows are needed.
In short, the following solutions are needed:
- Separation of IT and OT physically in different Zones
- Use the data diode in the Zone boundary for the data flows out of OT
- Allowlisting of information in the Zone boundary
Interested in more information about IT/OT integration? Find it here!