Your operation isn’tvery cautious or knowledgeable about the negative consequences of having OT equipment exposed to the internet.
The business is still using a lot of manual paper-based processes such as bankers’ boxes to track, store, and review the quality of your products.
You are risking being caught off guard by downstream suppliers if the regulatory bodies conduct a full review of all suppliers’ products/materials/ingredients being used to develop your finished goods.
The company isn’t tracking all materials, solvents etc. used within the manufacturing process and may encounter unexpected liabilities or penalties due to residue left on the finished goods being delivered to the customer.
You are risking being left behind as the rest of the industry progresses in this digital and ESG conscious era.
Your operation has difficulty tracking and tracing across the supply chain and this is slowing the process of adding new products into the portfolio.
Niche players have made your operation more vigilant and therefore you need to modernize your processes so that customer satisfaction ratings from audits will be a benefit over the competition vs. a hinderance.
The effects of the pandemic are still apparent within your operation, most notably a shortage of labor, acquiring skilled labor, and supply chain disruptions.
OT governance has gained prominence as businesses need to have 24/7 reliability of equipment, but they are transitioning to an internet-based business landscape. The need to have a collaborative approach for managing and protecting the business has never been greater. Many manufacturers keep equipment well beyond its warranty and support period and can therefore encounter problems as equipment ages and still needs to be supported. Outdated operating systems and weak security systems are a hacker’s easiest targets.
Impact and Result
Identify: Discover the methods, people, tools, and approaches that can be used to ensure you have a streamlined OT governance model in place.
Prioritize: Further determinea tiered approach to assembling teams and tools.
Align: After establishingyour teams and understanding your gaps you will have a systematic approach for pulling in the right people with the right tools at the right time. Operations and IT will be tightly aligned.
Improve OT Governance to Drive Business Results Research & Tools
1. OT Governance Phases 1-4 – A guide that includes a comprehensive plan for OT governance that considers the people, processes, technologies, and risks.
This deck highlights what should be developed for effective OT governance across any manufacturing business. It takes a holistic approach that considers both internal and external factors.
Avoid bureaucracy and achieve alignment with a minimalist approach.
Governance will always be part of the fabric of your organization. Make it adaptable so it doesn’t constrain your success.
IT/OT convergence, IT governance, and OT governance are misunderstood.
The purpose of governance isn’t to create a roadblock within the organization but rather it is a mindset of ensuring that the factory operation isn’t causing undo stress on the business.
Success in modern digital organizations depends on their ability to adjust for velocity and uncertainty, requiring a dynamic and responsive approach to governance – one that is embedded and automated in your organization to enable new ways of working, innovation, and change while ensuring security.
OT governance has become critical as organizations become nimbler and the OT areas of the organization leverage greater amounts of automation with often older equipment.
If your governance doesn’t adjust to enable your changing business environment and customer needs, it will quickly become misaligned with your goals and drive you to failure.
IT/OT must build an approach to governance that is effective and relevant today while building in adaptability to keep it relevant tomorrow.
Kevin Tucker Principal Research Director, Info-Tech Research Group
Valence Howden Principal Research Director, Info-Tech Research Group
Executive Summary: OT Governance for Manufacturing
Situation: OT Governance becomes a Hot Topic
COVID-19 raised the profile of OT governance as businesses began to grapple with the onslaught of cybersecurity attacks.
Remote and hybrid employees found it difficult to support and communicate with each other.
OT have operated in a silo with walls around the factory that IT wouldn’t enter, and that was fine until their suppliers could no longer come on site to service equipment that now needed to be exposed to the network.
The power of data analytics with AI/ML has become critical for optimal business process.
Complication: A new Playground for Hackers
OT becomes high risk as equipment must be exposed on the internet for external suppliers to perform maintenance and repairs.
Outdated mindsets hamper the organization’s ability to recognize the volatility they are exposed to.
Skills are lacking with regards to justifying, planning, implementing and maintaining the commissioning and decommissioning of OT services so it becomes management by chaos as businesses are compromised.
Most don’t measure the cost avoidance and value delivery generated from intentional OT governance.
Solution: Tools & Processes
Use this OT governance deck to assess your business and harden OT governance:
Gain insight into the risks associated with weak OT governance.
Understand OT governance and how it offers reliability as well as value delivery.
Determine which tools should be used to plan and execute OT governance within your business.
Learn to measure success associated with new and expanded OT governance services.
Info-Tech Overarching Insight
OT Governance Compliance must keep up with the changing state of business. In order to do so companies need to have clarity as to the regulations governing their industry and the tools at their disposal.
OT governance is…
An enabling framework for decision-making context and accountabilities for related processes.
A means of ensuring IT-OT collaboration, leading to increased consistency and transparency in decision making and prioritization of initiatives.
A critical component of ensuring delivery of business value from OT spend and driving high satisfaction with OT solutions that are aligned with the business and IT.
OT governance is not…
An annoying, finger-waving roadblock in the way of getting things done.
Limited to making decisions about technology.
A way for IT to take over the OT ownership and decision making.
It’s isn’t a one-time project as a set and forget.
Governance needed to regain confidence
Companies in Manufacturing are at an ever increasing risk of a data breach as was evidenced from the responses of 225 companies.
Lacking Protection Confidence
Experienced a Breach
AVERAGE LOSS PER BREACH $1,000,000 – $10,000,000
(Sources: Deloitte; Cyber Policy; Arctic Wolf)
What is governance?
Governance is a critical and embedded practice that ensures information and technology investments, risks, and resources are aligned in the best interests of the operation and the organization to produce insights and business value.
Effective governance ensures that the right technology investments and integrations are made at the right time to support and enable your organization’s mission, vision, and goals.
FIVE KEY OUTCOMES OF GOOD GOVERNANCE
Technology investments and portfolios are aligned with the organization's strategic objectives.
Operational and organizational risks are understood and addressed to minimize impact and optimize opportunities.
OT investments and initiatives deliver the expected benefits without new unplanned risks.
Resources (people, finances, time) are appropriately allocated across the organization to optimal organizational benefit.
The performance of technology investments are monitored and used to determine future courses of action and validate success.
Holistic Operational Technology (OT) Governance
Operational Technology (OT) Governance is the policies, processes, and practices that a company implements to oversee and control the use and functionality of its OT systems. Typically, these systems are employed to automate and manage vital infrastructure, including production facilities, electricity grids, and transportation networks.
Effective OT Governance is crucial because these technologies frequently have a direct impact on the security, dependability, and effectiveness of an organization's operations. Additionally, it is essential for protecting these systems' integrity and security because they might be exposed to online dangers.
Tasks Within OT Governance
Defining roles and responsibilities for managing OT systems.
Establishing policies and procedures for the use and maintenance of OT systems.
Making sure OT systems are updated with the latest software and security patches.
Monitoring performance and availability of OT systems.
Putting security measures in place to guard against cyber threats.
Making sure OT systems are compliant.
Management of OT Governance
Models of effective OT governance are those that have the organization's IT and OT departments oversee OT governance, under the direction of top management. To make sure that the organization's OT systems are managed successfully, it is crucial that these departments have excellent communication and coordination.
Avoid common misconceptions of OT governance
Governance and management each have unique roles to play. Confusing the two results in wasted time and uncertainty around ownership.
OT governance sets direction through prioritization and decision making and monitors overall OT performance.
Governance aligns with the mission and vision of the organization to guide OT and protect OT assets.
Management is responsible for executing on, operating, and monitoring activities as determined by OT governance.
Management makes decisions for implementing based on governance direction.
(Image Source: ISACA, 2012 * Adapted for OT Governance)
Mature your governance by transitioning from ad hoc to automated
Organizations should look to progress in their governance stages.
Ad hoc and controlled governance practices tend to be more rigid, making these a poor fit for organizations requiring higher velocity delivery or using more agile and adaptive practices.
The goal as you progress through these stages is to delegate governance and empower teams based on your fit and culture. This enables teams where needed to make optimal decisions in real time, ensuring that they are aligned with the best interests of OT and the broader organization.
Automate governance for optimal velocity while mitigating risks and driving value.
This puts your organization in the best position to be adaptive and able to react effectively to volatility and uncertainty.
Stages of OT Governance
4 - Automated Governance
Entrenched into organizational processes and product/service design
Empowered and fully delegated to maintain fit and drive organizational success and survival
3 - Agile Governance
Flexible enough to support different needs in the organization and respond quickly to change
Driven by principles and delegated throughout the company
2 - Controlled Governance
Focused on compliance and hierarchy-based authority
Levels of authority defined and often driven by regulatory requirements
1 - Ad Hoc Governance
Not well defined or understood within the organization
Occurs out of necessity but often not done by the right people or bodies
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.