As emerging technology brings operational hardware online, the distinction between IT and OT is blurring — but what’s the difference in the first place?
What is the difference between Information Technology (IT) and Operational Technology (OT)? In short, IT deals with information, while OT deals with machines. The former manages the flow of digital information (read: data), while the latter manages the operation of physical processes and the machinery used to carry them out.
A good (though increasingly inaccurate) shorthand to represent this distinction is the office (IT) vs. the factory floor (OT). Another good (and perhaps even less accurate) juxtaposition would be that of software (IT) vs. hardware (OT).
From power plants and oil rigs to manufacturing assembly lines and inventory management processes, OT is an essential part of some incredibly complex physical processes. It should come as no surprise, then, that some of the systems IT professionals invented to manage complexity are now being applied to operational technology. The same software and processes IT teams use to manage the flow of information are now being used to manage the flow of water, lubricating oil, heat, packing peanuts, and breakfast cereals.
Indeed, hardware (OT) and software (IT) now work hand-in-hand to monitor and regulate essential business processes outside of regular IT workflows. Although these processes will differ from one organization and one industry to the next, they have a central role to play in the success of many modern enterprises — and manufacturers in particular. Experts predict that the market for OT will expand to more than $40 billion by 2022.
For these kinds of enterprises, whether public or private, it’s of vital importance that key decision-makers understand how IT and OT differ — in addition to how each discipline can (and should) interact. Given the rise of the Internet of Things (IoT) and its successful application across nearly every industry, now is the time for organizations with a stake in IT and OT systems and networks to invest in next-generation solutions that can bring these two distinct disciplines into ever-tighter partnership.
Most organizations understand the roles and functions of IT; but in the context of its relationship to OT, it is probably worth expanding. Put simply, IT refers to the application of network, storage, and compute resources toward the generation, management, storage, and delivery of data throughout and between organizations.
In a broader sense, IT is defined by its programmable capacity. That is, while certain technologies are designed to perform a static set of functions (think: a piston), IT can be adjusted, augmented, and re-programmed in countless ways to fit the evolving networks, applications, and user needs. Moreover, IT encompasses hardware — computers, physical servers, and network equipment, to name a few types — and software — applications, operating systems, and virtualization capabilities among others.
For enterprises invested in cybersecurity, IT presents a range of challenges. Aside from the basic questions of interoperability at the outset and maintenance as time goes on, the ever-expanding number of IT platforms makes it difficult to protect against around-the-clock cybersecurity threats. Especially as IoT-enabled devices bring the physical world online, the possible points of entry for bad actors continue to multiply, putting pressure on CIOs, CISOs, and their IT departments to design systems and networks capable of protecting proprietary information across multiple layers of the organization.
Whether you’re new to OT or you’re just new to thinking about it in relation to IT, the next generation of connected operational technology demands that decision-makers understand OT in its traditional sense and as an area of exciting innovation. At the most basic level, OT refers to technology that monitors and controls specific devices and processes within industrial workflows.
Compared with IT, OT is unique in that related hardware and software is usually (historically) designed to do specific things: control heat, monitor mechanical performance, trigger emergency shutoffs, etc. Typically, this is done through industrial control systems (ICS) and supervisory control and data acquisition (SCADA).
Importantly, OT has typically required human oversight at key junctures — at least until recent years. If employees have seen fit to change the temperature on a factory floor, raise or lower humidity levels, or shut off machinery for a given reason, OT has provided a quick, clear way of making that happen — a physical switch, a steel lever, or a big red button. Conversely, IT systems have been able to perform key operations without constant human intervention — provided those workflows are within programmed functions.
In the past, cybersecurity in relation to OT has been more straightforward than it has been for IT. While the risks for protecting OT systems and networks are just as high — for example, the integrity of the power grid is essential to national security — the closed nature of most OT systems has made them less susceptible to bad actors. However, that’s quickly changing as the boundaries between IT and OT begin to crumble.
Where We Go From Here
While IT and OT have historically made up separate aspects of modern organizations, a phenomenon known as IT-OT convergence is changing that. Because IoT technology is taking assets not typically connected to the internet — such as assembly line machinery — and bringing them online, enterprises now have the opportunity to create new efficiencies by applying the intelligence of IT to the physical assets of OT systems.
For example, traditional temperature controls linked to OT systems would typically report readings by way of a closed-loop readout, enabling employees “on the floor” to see whether adjustments were necessary on their end. With IoT technology, however, those temperature sensors can be connected to IT networks, allowing them to communicate in real-time with other assets across facilities in order to optimize temperature levels automatically for maximum performance. AI and machine learning, of course, have a role to play here as well.
The age-old divisions between IT and OT are blurring — in exciting ways. While enterprise decision-makers must consider the cybersecurity, compliance, and data integration implications of IT-OT convergence, it’s abundantly clear that this seismic shift will bring an almost exponential opportunity for businesses with the foresight and know-how to make it work.