In food manufacturing, every minute of downtime has real-world consequences. Even a brief disruption can spoil product, halt shipments, and cascade through a fragile supply chain. And, as the industry embraces digital transformation, including rising connectivity between enterprise IT systems and plant-floor operational technology (OT), cybersecurity risks that threaten uptime and productivity have multiplied.
Connected technologies, disconnected teams
Until recently, IT and OT existed in parallel worlds. IT teams managed data, enterprise systems, and compliance frameworks, while OT teams kept production lines running and safeguarded physical processes. Today, by contrast, IT and OT systems are deeply intertwined, often sharing data, networks, and even user credentials.
But although technologies have converged, the teams managing the technologies have not. IT and OT are typically still treated as separate domains, with their own priorities, policies, and even vocabularies. And increasingly, this cultural and operational divide serves as a barrier to effective cyber defense.
A 2024 study by Ponemon Institute and Cyolo found that in 71% of organizations, IT either fully manages OT security or shares that responsibility with OT teams. However, just 39% reported strong collaboration between the two teams, and nearly as many (37%) reported little to no collaboration at all.
When operational silos become a business risk
The lack of coordination between IT and OT teams is more than a communications issue. It’s an opportunity for attackers.
In May 2021, a large meat processor suffered a ransomware attack targeting its IT systems. The incident forced the company to halt operations at multiple beef, pork, and poultry plants across North America and Australia.
Though the attack didn’t directly compromise plant-floor control systems, its impact rippled into production, forcing the meat processor to shut down operations until systems could be verified and restored. The company ultimately paid a multi-million-dollar ransom, and customers experienced supply chain delays and price fluctuations.
This incident shows how quickly an IT breach can become an OT outage. It also demonstrates the need for stronger cooperation and coordination between IT and OT teams.
Why IT security tools struggle on the factory floor
While everyone agrees that OT environments need to be protected from cyberthreats, deciding which security tools to use can be a major source of IT/OT tension. For instance, traditional remote access tools like VPNs were built for office networks, not industrial control systems. They assume stable connectivity, regular patching, and flexible maintenance windows, all of which can be hard to come by in a food manufacturing plant operating around the clock.
Key OT realities that VPNs and IT remote access tools may not accommodate include:
- Uptime is non-negotiable. Interrupting production for security updates can waste thousands of dollars per hour, spoil valuable product, and disrupt supply chains.
- Legacy systems dominate. Many control systems were never designed for connectivity and cannot natively support modern security tools or best practices.
- Third-party access is essential. OEMs, contractors, and vendors frequently need remote access to troubleshoot equipment.
When IT centric solutions are forced into OT environments, the result can be friction – or worse, exposure. Most IT access tools lack visibility into third-party activity and cannot ensure secure access to legacy systems. Because manufacturers and other critical industries depend heavily on both third-party partners and legacy equipment, this creates a potentially devasting blind spot. In addition to the security consequences, latency from cloud-based access solutions can also slow real-time operations.
Ultimately, the mismatch between what OT environments need and what IT tools can provide erodes trust between teams, frustrates both sides, and most importantly, leaves critical systems at risk.
The path forward: Secure remote access built for OT
One way manufacturers can help bridge the IT/OT gap is by choosing solutions that respect both operational realities and cybersecurity principles. While IT access tools were once the only available option, today companies can turn to more advanced Secure Remote Access (SRA) solutions designed specifically for OT. These tools will enforce identity-based access and zero trust connectivity – keeping IT stakeholders happy – while also supporting OT priorities like continuous uptime.
What to look for in an OT-ready SRA solution:
- Zero-trust enforcement: Every connection, whether human or machine, must be verified, continuously monitored, and limited to the specific applications or assets required.
- Identity-based, application-level access: Eliminate broad network exposure and enable multi-factor authentication (MFA) for every connection, including to legacy systems.
- Offline and on-prem options: Operate securely even when cloud connectivity isn’t available or reliable, as is the case in many OT environments.
- Controlled third-party access: Enable vendors and OEMs to work safely without requiring agent downloads and without expanding your attack surface.
- Visibility and compliance support: Maintain detailed audit trails aligned with ISA/IEC 62443, NIS2, and other regulatory frameworks.
The goal isn’t to make OT conform to IT – it’s to secure operations in a way that feels seamless. When remote access works quietly in the background, uptime is protected, IT retains oversight, and production lines keep on humming.
The shared IT/OT goal: Security that works with the plant, not against it
Food manufacturers can no longer afford for IT and OT to operate as separate universes. The convergence of these systems demands shared responsibility, shared visibility, and shared trust.
Rather than adding more tools and more complexity, the best way forward is to select security solutions that fit the factory floor. Solutions that protect without slowing production, simplify rather than disrupt, and protect legacy infrastructure just as effectively as more modern applications.
The future of food manufacturing security isn’t about forcing change – it’s about enabling progress in a way that’s secure and non-disruptive. When remote access is designed for the cyber-physical world, it bridges the IT/OT divide, strengthens resilience, and ensures that operations stay safe, simple, and sustainable.
