IT OT Convergence: Benefits and Challenges

IT/OT convergence is the integration of information technology (IT) systems with operational technology (OT) systems.

Operational technology refers to the traditional physical world made up of machines, electromechanical devices, manufacturing systems, and other industrial equipment. IT encompasses the newer world of digital technologies, including servers, storage, networking, and other devices that run applications, process data, and even make critical decisions without human intervention. The two unique worlds traditionally existed as separate domains within an organization, sharing either very little data or control, and the people who oversaw them worked in distinctly different organizations.

But all that is changing as IT and OT realms are converging. By implementing advanced technologies like the internet of things (IoT) and big data analytics, organizations allow the digital and physical worlds to understand and impact each other. According to Gartner, “IT/OT is the end state sought by organizations (most commonly, asset-intensive organizations) where instead of a separation of IT and OT as technology areas with different areas of authority and responsibility, there is integrated process and information flow.” When this happens, organizations can gain efficiency, speed, and agility by merging business processes, insights, security, and controls into a single uniform environment.

 

Technologies and Systems in IT and OT

Operational Technology

This includes all the enhanced hardware and software systems that monitor and control physical processes and infrastructure in industries like manufacturing, energy, and transportation.

Common OT systems include the following:

• Supervisory Control and Data Acquisition systems: These systems monitor and control geographically dispersed assets.
• Distributed Control Systems (DCS): These provide localized control in process industries like oil and gas, chemicals, and pharmaceuticals, often providing more granular control than SCADA.
• Programmable Logic Controllers (PLCs): These industrial computers automate processes in manufacturing, transportation, and other industrial settings, providing control over specific equipment and machinery.
• Human-Machine Interfaces (HMIs): These provide visual interfaces so that operators can interact with and monitor the processes controlled by PLCs and other OT systems.
• Remote Terminal Units (RTUs): RTUs act as the interface between field devices and SCADA systems, often for remote or geographically dispersed locations.
• Industrial Control Systems (ICS): A subset of OT that is often confused with it, ICS is the umbrella for many system types, used to control industrial processes, including SCADA, DCS, PLCs, and HMIs.
• Manufacturing Execution Systems (MES): MES systems manage and track the production process on the factory floor, often interacting with other OT systems like PLCs and DCS.
• Building Management Systems (BMS): These systems control and monitor building systems like HVAC, lighting, and security, ensuring efficient and safe building operation.
• Transportation Systems: These include systems for traffic management, train control, and other transportation-related operations.
• Physical Access Control and Building Automation Systems: These systems manage physical access to facilities and automate building functions like lighting and temperature control.
• Historians: These are specialized databases that store real-time data from industrial processes for analysis of past performance and trends. It’s crucial for monitoring, troubleshooting, and optimizing operations within manufacturing and other industrial environments.
• Uninterruptible Power Supplies (UPS): These are devices that provide instantaneous backup power to critical systems and equipment in industrial and manufacturing environments.
• Universal Gateway: Sometimes called a universal protocol gateway, it allows communication between disparate systems or devices that utilize different protocols.
• IoT Devices: Despite not being traditionally considered as part of OT, IoT devices have proliferated in OT environments, integrating onto OT networks for greater connectivity and automation. IoT devices in OT areas include:

• • • IP cameras
    • Smart sensors
    • Digital control systems
    • Medical devices (IoMT – Internet of Medical Things)
    • OT and ICS devices, including sensors, actuators, and PLCs
    • Video surveillance systems
    • Heating/cooling/lighting controls
    • Fire prevention and building security systems

Information Technology

Common IT systems include the following. They are more commonly known and do not require explanatory definitions:

• Workstations
• Laptops
• Servers
• Printers
• IP phones
• Routers
• Switches
• Wireless controllers
• Network infrastructure
• Next Generation Firewalls
• Client Management Tools
• Endpoint Protection/Endpoint Detection and Response solutions
• Privileged Access Management systems
• Vulnerability Management systems
• Secure Remote Access solutions
• SIEM solutions (security information and event management)
• SOAR solutions (security orchestration, automation, and response)

 

Why Convergence Matters

Converging IT and OT can lead to the following optimized benefits: improved efficiency and better asset management. When an organization knows about all the IT and OT assets they have in a single place, they can troubleshoot problems faster, resulting in reduced downtime. Moreover, when IoT devices can communicate issues associated with OT systems (and connect to IT systems as well), predictive maintenance strategies are easier to leverage.

Additionally, connecting the two realms facilitates both digital transformation initiatives and data-driven decision-making. Companies gain significant competitive advantage when their decision-making and operational processes are powered by accurate, up-to-the-minute data.

 

What Are The Challenges to Convergence?

IT/OT convergence forces ownership of non-traditional, IP-enabled devices on your organization’s networks. The very same non-traditional devices often manage your critical services and infrastructure. This is problematic since IT and OT implementations have significantly different architectures and protocols—and they are managed by different departments.

The CIO typically manages enterprise IT, while OT management can fall to one or more of the following people: Plant leaders, business unit managers, and/or the COO. With such a limitation to joint management, organizations lack unified IT/OT governance while having numerous overlapping processes—and few leaders are willing to abandon their long-proven processes for the sake of unity. McKinsey recently pointed out that this situation hinders IIoT (Industrial Internet of Things) use cases, stating that IIoT use cases “rely on data from a wide range of production and supply chain processes, encompassing sources across all facilities, enterprise systems, and even suppliers for input into IT applications sitting on enterprise platforms.”[i]

This organizational divide leads to other challenges, such as inconsistencies in technical standards, security policies, deployment, and guidelines.

 

The Security Challenge of Convergence

By far, security represents the greatest challenge to IT/OT convergence. According to the National Institute of Standards and Technology (NIST), IT/OT convergence leads to many OT devices and systems connecting to the Internet—even though they were never designed to do so. This introduces challenges for organizations in applying controls to OT and some IoT products. NIST notes that security compromises can arise “due to factors such as the following:

• OT equipment may use networking technologies (e.g., ethernet, Wi-Fi), but are not intended to connect to the internet.
• OT or IoT equipment may balance aspects of trustworthiness (e.g., safety, resiliency, availability, security) differently than IT equipment.
• IoT may be able to replace OT equipment, but the new IoT equipment may offer different or significantly expanded functionality that organizations must consider before replacement.”[ii]

Modern IT and OT systems (and their networks) are already dealing with a flood of alerts, fragmented tools, and unmanaged, specialized devices. With visibility into devices and systems patchy and security teams stretched thin, the continuous addition to a company’s network of more and riskier systems exacerbates the security challenge.

Traditional security tools fall short—particularly in specialized device environments where agent-based solutions simply do not work. In fact, the typical OT environment has multiple technology systems with proprietary devices that are invisible to the agent-based tools that are meant to track them.

 

Convergence Is Expanding The Attack Surface

Research from Forescout’s Vedere Labs shows a widening range of risk to organizations’ attack surface of IT, IoT, and OT systems and assets. In the latest findings, our researchers discovered numerous brand-new asset types on their annual list in the Riskiest Devices report. All the devices/systems highlighted in blue (see table below) had never before appeared in our lists of riskiest devices, and their inclusion in 2025 demonstrates the growing challenge to security teams as innovation and the drive to digital transformation bring ever more connected devices to the enterprise network and/or enterprise IT to the OT network.  

 

Best Practices for Converged Environments

The NIST Cybersecurity Framework outlines how to identify, protect, detect, respond and recover from threats. The following recommendations align with this framework. They are based on more than a decade of industrial threat research and experience protecting many of the world’s critical infrastructures.

Identify

Complete security starts with an accurate inventory of all connected assets, where they are and what they’re communicating with. Unfortunately, the discovery approaches that work for IT and IoT might not work for sensitive OT devices given safety rules, vendor interoperability issues, industrial process requirements and other considerations. To avoid downtime or service disruption, they require agentless techniques or non-intrusive network monitoring such as deep packet inspection (DPI). OT networks also include many IT assets, so hybrid techniques are necessary.

Protect

Manufacturers must understand both the security and operational risks of each asset. This requires cooperation between traditionally siloed SOC teams and OT operators. SOC teams need visibility into security risks such as the use of default credentials and insecure authentications and protocols, vulnerabilities, poor segmentation policies, and, of course, actual cyberattacks. OT engineers, meanwhile, need to quickly spot issues such as unauthorized firmware or PLC logic changes, critical device failure, unstable process values, incorrect process measurements, and any signs of misconfiguration or malfunction. As with discovery, there are several ways to non-intrusively determine the vulnerabilities of OT assets, while most traditional IT assets can be actively scanned. Risk assessment should also be continuous, checking the asset against a database of OT/ICS-specific Indicators of Compromise (IOCs) and Common Vulnerabilities and Exposures (CVEs) as well as continuous network monitoring for behavior changes and anomalies.

Detect

To avoid costly downtime, threats to operational continuity must be detected and investigated as early as possible. Asset discovery and risk assessment produces a flood of information about potential threats and vulnerabilities, not all of it urgent. To cut through the noise, security teams need a monitoring and detection system that prioritizes critical alerts based on risk and potential impact, with drill-down into details that help them make informed decisions about how to respond.

Respond

Any risks and vulnerabilities identified above must be mitigated and, ideally, remediated, using the right technique based on all available information. While in IT the common approach is to patch, this may not be possible for OT. For example, in manufacturing environments, response actions range from initiation of remediation activities, such as creating a service ticket for an engineer to check a malfunctioning device or to tighten a firewall rule, to more drastic measures, such as access control and segmentation. Vulnerable and critical systems, including unsupported legacy systems, should be segmented from the rest of the operations, and logical segments should be implemented where possible. For example, a security camera doesn’t need to connect to the process control server or data historian, and a robot arm doesn’t need direct internet access.

Recover

Nowhere is IT/OT security cooperation more important than during recovery. Tensions may arise when OT asset owners primarily concerned with safety and productivity must now balance operational and security risk, especially if it means shutting down operations. To break down silos, security policies—from assessment and alerts to mitigation actions—must underscore communication between IT and OT teams. For example, how can the SOC security analyst inform the right OT engineer at the site?

Automation is also critical to ensure timely response, especially given the global shortage of skilled resources. Many actions, from modest to stringent, can be initiated without risk to OT systems, such as tightening firewall rules that don’t touch process control communication and assessing the security posture of contractor laptops before granting access to a production network.

 

How Forescout Helps Secure Converged Environments

Forescout offers a robust portfolio of solutions that support end-to-end network security management across IT, OT, IoT, and cloud environments:

• Forescout 4D Platform™: Provides unified asset visibility, compliance enforcement, and policy-based control across diverse environments.
• eyeSight: Automates device discovery, classification, and risk profiling. eyeSight employs more than 30 non-intrusive passive and active discovery techniques to identify assets, extract details and detect anomalies. They include DPI of 250+ IT, OT and IoT protocols to query infrastructure and selected endpoints for complete device visibility, well beyond SPAN.
• eyeControl: Enables dynamic segmentation and control of network access based on policy.
• eyeInspect: Offers deep OT and IoT network monitoring and anomaly detection. eyeInspect provides a unique Asset Risk Framework that continuously calculates an impact-based security risk score and operational risk score for each asset. The scores are continuously evaluated using detected events associated with the asset, proximity to other potentially infected assets, communication links and behavior, known vulnerabilities, and other details.
• eyeAlert: Aggregates telemetry from across the environment to deliver advanced detection and response.
• Forescout Risk and Exposure Management: Prioritizes vulnerabilities based on business risk and orchestrates remediation workflows.

By integrating visibility, analytics, and control, Forescout empowers industrial organizations to mitigate the security risks inherent to IT/OT convergence.

Learn how the Forescout 4D Platform™ is designed to help you manage security across the IT and OT divide.

---

[i] McKinsey. IT/OT convergence in scaling business operations | McKinsey. Last accessed June 26, 2025

[ii] NIST. Essay: Planning for Updating IoT Cybersecurity Guidance for the Federal Government (NIST SP 800-213 and NIST SP 800-213A). June 3, 2025