Critical Infrastructure Security , Governance & Risk Management , Operational Technology (OT)

Remote Access Tool Sprawl Increases OT Risks

Over-Deployment of Tools Raises Security and Operational Concerns
Remote Access Tool Sprawl Increases OT Risks
Piling on remote access tools, especially tools without functionality such as auditing, isn't great for operational technology security. (Image: Shutterstock)

Excessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warned security researchers from Claroty.

See Also: OnDemand Panel | Strengthening OT Security with HCLTech and Microsoft

>

Claroty's Team82 reported that after examining more than 50,000 remote access-enabled devices reported by customers, it determined that more than half of organizations use four or more remote access tools. One-third deploy six or more.

Remote access tools are essential in OT environments where administrators cannot always physically manage critical infrastructure. But remote access introduces numerous potential vulnerabilities that threat actors exploit. Despite security protocols available to protect these access points, Team82's report suggests many organizations are not fully utilizing them.

A clear majority of organizations use more than two nonenterprise-grade remote access tools. Those tools lack privileged access management features such as session recording, auditing, role-based access controls and multifactor authentication. The absence of these basic security features increases risk exposure and creates an operational burden in managing multiple solutions.

Researchers said that beyond the lack of security features, organizations face increased attack surfaces due to the overabundance of external connections into OT networks. These connections, particularly those involving nonenterprise-grade tools, often lack visibility, leaving OT administrators unaware of external activity. In many cases, third-party vendors also connect to these networks with their remote access solutions, further complicating monitoring efforts.

Multiple remote access solutions require complex identity management processes. Managing permissions and access controls becomes more challenging, often resulting in blind spots in access rights management. Such inefficiencies raise the risk of misconfigurations and exploitation by cybercriminals.

The operational burden of managing multiple remote access tools is another concern, adding both complexity and cost to OT environments.

Researchers recommend organizations need to establish full visibility into their OT networks to understand how many remote access solutions are in use.

Eliminating or minimizing the use of low-security tools, particularly those without critical features such as MFA, is a necessary step to reduce risk, researchers said. Standardizing security requirements for both internal operations and third-party vendors is crucial, they also said. A consolidated access control policy will not only improve security but also enhance operational efficiency by reducing the number of tools needed.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.