Operational Technology
Home > Services > Prevent & protect > Secure Remote Access for OT

Secure Remote Access for OT

A lot of existing solutions do not offer the right protection to provide remote access to OT assets.  We provide the right remote access design for OT, based on zero-trust access controls, secure authentication, session monitoring & recording and clientless & agent-based ZTNA.

Information security officer ISO

What is Cisco Secure Equipment Access (SEA)?

Cisco Secure equipment access is a solution designed to provide secure, remote access to OT assets, such as industrial control systems (ICS) and other critical infrastructure.

It leverages Zero-Trust Network Access (ZTNA) principles to ensure that only authorized users can access specific devices, using specified protocols, and only at defined times.

What are the benefits?

Zero Trust Network Access (ZTNA)

SEA implements a zero-trust network access model, ensuring that access is granted based on identity and context, with a default deny posture.

Least-Privilege Access

It allows only specific users to access designated devices using predefined protocols and schedules, minimizing the risk of unauthorized access.

Simplified Deployment

SEA solution integrates ZTNA capabilities into Cisco industrial switches and routers, eliminating the need for a  complex firewall and iDMZ setup

Full control over OT remote access sessions

SEA enables remote configuration, maintenance, and troubleshooting of OT assets, reducing the need for costly site visit and gives you the ability to do session monitoring session termination and session recording.

What will you get?

  • Spotit OT will onboard the Cisco Secure Equipment access solution in your OT environment, setting up all necessary access methods for clientless or agent based ZTNA access.
  • Together with the customer, the access-groups will be defined and optionally the integration with customers Microsoft Entra or on-prem Active Directory will be facilitated together with MFA & RBAC needs.
  • Set-up of active session monitoring & recording and session termination parameters.
  • 24/7 monitoring of the platform hosting the Cisco SEA agent.
Information security officer ISO

How do we work?

  1. Organise a meeting with all OT stakeholders and catalogue all the OT assets that needs to be accessed and over which protocols.
  2. Establish clear access policies for internal and external remote users based on user roles, asset criticality and operational needs. Define the Who/What/Where/When & How.
  3. Set-up of the cloud broker and installation of the remote gateway and facilitating necessary access policies on local firewalls.
  4. Set-up remote access configuration and implement necessary security controls (SSO, MFA,etc.)
  5. Validate secure remote access set-up to ensure that the solution works as intended.

Why is this a priority?

Secure Remote Access is vital for OT environments because unauthorized access can lead to severe consequences like physical damage, operational disruptions, and risks to human safety. Robust security measures help to protect these critical systems from potential cyber-physical attacks.