BLOG | OFFICE OF THE CTO

Most Exciting Tech Trend in 2022: IT/OT Convergence

Lori MacVittie Thumbnail
Lori MacVittie
Published February 24, 2022


In just two short years, the number of devices in the average home has more than doubled, growing from just ten in 2019 to a whopping 25 in 2021 according to a Deloitte survey.

I confess contributing to this explosive growth, given the broad definition of “connected devices” that include gaming consoles. Guilty as charged.

This includes a growing constituency that relies on a variety of “smart” devices designed to bolster home security such as: motion sensors, door locks, security cameras, and hazard prevention devices like water or smoke sensors. About 12.17% of homes worldwide were “smart” in 2021. That is predicted to rise to 21.09% by 2025 according to a Statista forecast on the topic.

This convergence of physical and digital security is indicative of the broader technology trend of IT/OT convergence. While we generally tend to think of OT (operational technology) as being industrial machines associated with manufacturing or critical power generators in the energy industry, the reality is that digital control systems for physical devices are something every company is likely to employ.

When we asked the market what technology trend excited them the most in 2021, the answer was somewhat surprisingly, IT/OT Convergence.

Top 4 trend

What might not be surprising are the industries that are most excited about this convergence of IT and OT. Energy and utilities, of course, along with manufacturing both indicated high levels of excitement for IT/OT convergence. But so did healthcare and, interestingly, technology firms.

IT/OT

Given that IT/OT convergence is a merging of systems that manage and control the physical with those that manage and control the digital, these results should not be as surprising as they were. After all, most organizations have a robust portfolio of both types of assets, whether we immediately recognize it or not.

HVAC systems, for example, are OT. So are digital door locks and the elevators at F5 corporate headquarters. When I head to the office, there are no buttons to push. The system is wholly controlled by digital mechanisms that are closely tied to the same policies that govern my access to digital resources. Convergence brings the two worlds together, for better and for worse.

Consider reports that, during the widely covered Facebook outage in 2021, employees were unable to access conference rooms and buildings. This is certainly not beyond belief. Most technology firms would confirm that, in a highly integrated IT/OT environment, systems that control access to everything from elevators to doors could be negatively impacted by network and system outages.

Those professionals that live within the OT world already recognize the sensitive nature of operational technology and the heightened need for security for many of the systems and devices under their purview. It is no surprise that those in the security industry are at the forefront of understanding the long-term implications of IT/OT convergence on the overall security of not just IT and the business, but on consumers and customers as well. Remember, it was through a connected HVAC system that attackers were able to breach Target’s systems back in 2014.

That’s why the excitement over Zero Trust, too, is a good sign. As IT and OT converge and their systems and data become inseparable, our ability to control access to both physical and digital resources will be increasingly important.

The consequences of increasing IT/OT convergence are noticeable in our annual research in the rise of identity-centric security and the increasing value placed on access control for everything, but especially APIs. Which makes the excitement over Web Application and API Protection (WAAP) a predictable result.  

As IT/OT convergence brings the two sides of IT together, there will be a need for a more comprehensive—and likely unified—means of securing access, whether by console or CLI, through app or API. And that ultimately means securing applications against attack, abuse, and misuse—no matter what side of the IT/OT fence they once sat on.