The Blurring Lines Between IT & OT
August 5, 2025
Written by Tom Glodowski, Managing Director
Information Technology (IT) and Operational Technology (OT) have typically been separate disciplines, environments, and organizations since their recognized beginnings in the late 1950s for IT and the mid 2000’s for OT. While they focus on different capabilities and priorities inside a business, over the last ten years or so the distinction between them has blurred and the importance, inter-relation and convergence of these separate domains has become more important and necessary in the modern technology and business world. It is now appropriate to consider the two together in combination with an integrated design and operations approach to achieve successful business outcomes.
Background
IT and OT have distinctly rich and varied histories but have evolved and continue to evolve toward more collaboration and inter-dependence to meet the demands of the modern, technology-driven world of large enterprises.
The term and concept of IT was formally coined by the Harvard Business Review in the late 1950’s, though computing technology runs far deeper into history. Information technology is a broad term that describes the use of technology to communicate, transfer, process, and manage information. In the modern context, IT encompasses (but is not limited to) applications, cloud computing, content, data, devices, enterprise data centers, the Internet, and private networks. IT professionals focus on providing technology solutions to solve generalized and specialized business needs. IT priorities typically focus on the general computing environment, data management, data confidentiality and security, a culture of regularly occurring system updates, and inherently “always connected” systems and users.
The term and concept of OT was formally coined by Gartner in the mid 2000’s, though its roots also run much deeper into history. Operational Technology (OT) is the use of hardware and software to monitor and control physical processes, devices and infrastructure in industrial (e.g. harsh condition settings in warehouses, manufacturing plants and outside) and critical infrastructure (e.g. vital functions that support health, safety and security of a society such as communication networks, energy and utilities, transportation and financial) environments. OT encompasses Supervisory Control and Data Acquisition (SCADA), Programmable Logic Controllers (PLCs), Human-Machine Interfaces (HMI), Real-Time Units (RTUs), and Computer Numerical Control (CNC) technology solutions. OT is sometimes referred to as Industrial Control Systems (ICS). Some informally refer to OT as “IT in non-carpeted spaces.” OT professionals are deeply trained in the design and operation of specialized physical environments, industrial processes, and machinery. OT priorities focus on process control, industrial environments, equipment availability, scheduled maintenance, and real-time data. Whereas IT and OT have typically had different job roles, expertise, and organizational teams (especially in larger companies), IT/OT job roles and responsibilities have been combined in smaller companies, especially in modern evolving settings. Organizations have realized that IT and OT functions need to closely collaborate and are more similar than dissimilar in mission and implementation in the overall success of the business.
The Emerged New Era
While IT and OT may never fully combine into one functional mission and organizational team in larger companies (they are different professional disciplines in many companies), they need to collaborate now more than ever. Their cooperation and inter-dependence need to continue and grow over time as inevitably more technology is used in OT environments, products, and processes. Strict isolation and “sneaker net” paradigms to keep the OT environment disconnected from the world are challenging, if not extinct, in the evolving modern landscape.
Traditionally, OT machinery and equipment were NOT technology-intensive, and therefore a deep understanding and competence for the use of technology was not required to work in and operate the OT environment. Times have significantly changed. Technology is infused into every part of modern life and OT is no exception. OT professionals have and need to continue to learn more about IT-related technology and how its use and importance in a physical OT environment is properly designed, implemented, and operated. Whereas critical OT environments have traditionally been (decidedly) air-gapped (physically isolated and not connected to the general IT environment and/or the Internet), that practice is becoming less practical and near impossible as technology use and dependence by OT applications, systems, and people continue to grow.
Consider the practical needs of an evolving modern company and technology industry landscape:
Technology solutions of all types will continue to evolve (do more, better and faster with less resources!) and increasingly need to be “always connected” to efficiently send telemetry, receive software and configuration updates, and to allow key multi-location/mobile internal employee and external business partner personnel access to monitor, manage and troubleshoot critical systems and processes 24x7x365.
The degree of “connectedness” and security of systems, data, and people to allow adequate and cost-effective operational monitoring data, actuation/control of key industrial systems and functions, and administrative personnel access can and will vary in different environments. A prudent, risk-based approach, balanced between efficient and competitive, cost-effective operations and physical security, cybersecurity and data confidentiality/privacy must be carefully considered.
The costs of hardware, software, licensing, plus administration and maintenance of fully or partially isolated environment (OT vs IT), can be a significant factor to cost-effectiveness, competitiveness, and maintaining high availability of critical services. Often, modern environments need to support secure, always-connected OT environments beyond traditional isolated/air-gapped settings.
Careful architectural and engineering design choices balanced with real-world operation needs are essential.
The Purdue Model and its reference architecture for the hierarchical design of organizing and securing ICS networks and technology assets remain important. However, they are increasingly challenged by the demands of modern Industry 4.0—an ongoing evolution and digitization of manufacturing and industrial processes driven by advanced technologies such as the Industrial Internet of Things (IIoT), Big Data, and Artificial Intelligence (AI). These innovations aim to enhance productivity, flexibility, and speed while reducing costs and time to market. Additionally, the growing adoption of cloud computing further tests the model’s relevance and adaptability.
Key cybersecurity architecture and principles such as Zero Trust are a must for an integrated IT/OT environment.
Best Practice Recommendations
The convergence and inter-dependence of IT and OT must be embraced in modern companies. Understanding and respecting the rigorous security and high-availability nature and requirements of critical OT systems and services is mandatory; however, traditional established thinking must be challenged to continue to operate the business competitively and efficiently in an increasingly technologically sophisticated world.
To aid companies in unifying their IT and OT excellence, the following considerations should be understood and embraced to the degree possible for an organization’s unique IT/OT converged environment journey:
Take appropriate risks: Understand the high stakes and risks of operating your OT environment and its resulting critical services as you evaluate solutions and new approaches to technology innovation.
Cost matters: Duplicating technology, systems, data, devices, and personnel costs money…a lot of it. It is important to balance perceived isolation versus partial isolation versus modern integrated environment design requirements and approaches. Your air-gapped/isolated environment may not be as “isolated” as you believe or hope it is! Many isolated OT exploits have found their way through vulnerable people, processes, and technology exploits. Appropriately challenge “traditional thinking” when and where practical.
Smart people make the difference: Continuously train and cross-train your personnel to build an efficient team that can see across the entire landscape. Rotational assignments, formal training (theoretical and practical hands-on), embedding IT and OT experts across teams, unifying team organizational structures, clarifying roles and responsibilities over time as appropriate are all ways to make your team stronger, more effective and creative at understanding and solving complex IT/OT landscape changes and opportunities.
Safety is always #1 in OT, but security is an immediate #2 imperative priority: Cybersecurity threats to OT environments are one of the foremost issues and can cause catastrophic negative operational impact. Exceptional cyber-hygiene in all aspects of cybersecurity architecture, engineering and operations are called for in high stakes environments such as OT. Embrace modern and advancing practices and technology solutions instead of shying away from them. Cloud computing and Internet reliance are at all-time highs in the industry. How close will your OT environments move to them, when, why and how?
When the worst happens, be operationally ready: Consider the need and ability to effectively operationally isolate an OT environment (people, process and technology) from all other environments when needed as threats arise or events unfold. Moving to more traditional and manual operational methods and processes may be entirely practical and necessary when technology isolation is mandated as significant threats present.
More similar than different: Your OT environment is (necessarily) becoming more like your IT environment over time whether you know or agree.
Where is your organization on their IT/OT convergence journey? Are you seeing the convergence of both IT and OT as advances in technology continue to shape the landscape of enterprise organizations? I would love to hear your thoughts and comments on this perspective. For a more in-depth discussion on the topic and to discuss the unique aspects of your IT and OT environments, our team of Executive Advisors would be happy to facilitate an introduction call to explore this topic together in the context of your unique enterprise environment.