Although both operational technology (OT) and information technology (IT) are hardware and software applications, their focus differs on closer inspection. IT, as the name suggests, is about processing, managing, storing and protecting information. In other words, it's all about data. In this context, people in particular play a key role, because in the context of information technology they are usually either the recipients or senders of the information to be processed. OT, on the other hand, only has a very indirect connection with people. Operational technology is used to control and monitor industrial devices and machines via embedded software. Above all, the control programs enforce established guidelines for operation. They are also able to evaluate sensor data on air pressure or temperature, for example, and react to changing circumstances.

Unlike IT, OT therefore focuses on processes and their correct execution rather than on interaction between man and machine. Another special feature of operational technology is its focus on a long service life. While IT systems receive regular updates and patches for reasons of security and the addition of new functions, OT systems are rarely updated as they have the potential to disrupt smooth processes - and therefore cause considerable costs. Due to the strict separation between IT and OT, it is no wonder that some production halls are still using operating systems that the IT department would have retired years ago.

IT and OT grow together

The historical separation between information technology and operational technology is also reflected in the respective system architecture. While IT works with APIs and other interfaces and thus enables many linking options for the various applications and devices, OT systems are traditionally self-contained and sealed off from the outside world. However, companies have recognized that linking operational and information technology advances their business in many ways, for example, this approach can increase production and cost efficiency or sustainability. The days when companies viewed information technology and operational technology as strictly separate are therefore coming to an end. This is also ensured by technological approaches such as the Internet of Things (IoT).

IoT gateways ensure networking between IT and OT. The devices usually make the sensor data from industrial plants available for analysis and processing in the cloud; in some cases, only an intermediate backup takes place there on the way to the data center. Apart from the horrendous costs, this approach is suboptimal due to the delay in data transmission. In an industrial context in particular, milliseconds are sometimes crucial for successful production - far too short a time to process data in the cloud or in central data centers. To solve this problem, many companies are now relying on edge computing, i.e. moving data processing to the edge of the network.

Challenges for the IT department

Edge servers are available in various form factors that companies can choose depending on where they are used.

© Dell Technologies

The physical proximity and close integration of IT and OT saves valuable time, but brings with it new challenges for IT departments: edge systems are basically conventional IT servers that companies have to operate outside the data center. Of course, this also includes all aspects of maintenance, management and security, which administrators - unlike with the centralized approach - can rarely carry out directly on site. In addition, dedicated edge systems usually require their own tools for management and security. It therefore makes more sense to rely on a single manufacturer when planning the infrastructure for the network edge.

Even in large companies, the IT department is likely to be permanently stretched to the limit. The increasing amount of data in conjunction with the worsening security situation in cyberspace makes the day-to-day management of the IT infrastructure more difficult. And large companies are also affected by the shortage of skilled workers, which is becoming increasingly noticeable in the tech sector in particular. An additional burden such as managing an unknown edge environment is difficult under these conditions. Good manufacturers offer a one-stop solution: they make their edge systems an integral part of the existing IT infrastructure. Administrators can then manage, monitor and secure them using the same software according to a proven concept - no matter where they are located. This significantly reduces the workload for the IT department.

Some manufacturers equip their conventional servers and edge systems with special standardized management processors out of the box. Dell Technologies, for example, uses the Integrated Dell Remote Access Controller (iDRAC) for this purpose. These remote maintenance chips usually have their own network port so that administrators can access them via their own LAN or WAN connection. The major advantage of this technology over management via remote desktop connections or virtual network computing is that the IT department has access to all important setting options even if the server has crashed or is without power.

Ensuring physical security

Extending the IT infrastructure to the edge of the network increases the potential risk of failure. As the servers are no longer located in protected data centers where they run under optimal conditions, they must be hardened accordingly, depending on where they are used. So-called "rugged servers" can withstand even very low or high temperatures, are shock-resistant and protected against vibrations and are equipped with high-performance dust and particle filters. They also contain sensors that constantly monitor the system and a corresponding warning system that sounds the alarm in the event of impending failure.

Thanks to their robust design, so-called "rugged servers" are able to function perfectly even under the most adverse conditions. Front panels with particle filters protect against fine dust and other contaminants.

© Dell Technologies

Protection against unauthorized access on site is also a new area of risk that does not exist in this form in data centers: As servers are easily accessible in some locations, companies should rely on edge devices that perform automated security checks and report if changes have been made to the device itself. This allows the IT department to immediately understand whether someone has connected a USB stick, removed a plug-in card or disconnected a cable and react accordingly. Administrators should also switch off all unused ports and connections to be on the safe side. With devices from some providers, for example, it is even possible to deactivate the power switch.

The iDRAC from Dell Technologies also offers special security features. For example, the controller recognizes the replacement of a plug-in card. It then checks whether the firmware of the new card has been compromised and automatically installs the original firmware if this is not the case. This is not only effective protection against criminals, but also facilitates configuration after a legitimate component change.

Extend perimeter protection to the edge

Information technology and operational technology are growing closer together through edge computing.

© Dell Technologies

The need for remote access to the edge servers by the IT department plays into the hands of hackers, as the additional devices increase the attack surface. In addition, the management LAN and public LAN at the network edge are rarely physically separated from each other. For this reason, companies should ensure that communication between the administrators and the server at the edge is always secure. This requires security technologies such as the Hypertext Transfer Protocol Secure (HTTPS) and Secure Sockets Layer (SSL) protocols and its successor, Transport Layer Security. Companies should use the Lightweight Directory Access Protocol (LDAP) for authentication and user validation. In addition to these protocols, a remote maintenance chip such as the iDRAC also supports other security functions such as two-factor authentication via user name and password as well as a key that is sent via email or created in a token generator (RSA SecurID).

The uniform administration of all devices via a management solution is also a decisive advantage for security and the extension of perimeter protection to the edge of the network. Just as with conventional servers, monitoring and software and firmware updates can be automated via this solution. In addition, the management software of many manufacturers logs all server activities, which makes threat hunting, i.e. the detection of vulnerabilities in the event of an attack, easier.

Edge computing links IT and OT

The author: Peter Dümig is Senior Server Product Manager at Dell Technologies.

© Dell Technologies

IT and OT have never been as close as they are today. It is therefore quite conceivable that the merging of the two technology areas will continue. The driving factors behind this are the Internet of Things and edge computing. Future technologies such as artificial intelligence and machine learning, which will shape the industry in the long term, require strong computing power and low latency in order to take full effect. Neither centralized data centers nor cloud computing are suitable for this in the medium term. Data processing at the edge of the network with dedicated edge servers will therefore remain the most lucrative approach in the long term.

However, as the target group of such technologies is part of the critical infrastructure in this country, high security requirements apply. It is all the more important for them to extend their perimeter protection seamlessly to the edge. A standardized management platform and corresponding devices that natively offer a high level of cybersecurity and resilience are a must.