KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Oh, the it's good to have this, this panel here. Thank you for the taking the time to help us through this issues that we're dealing with here. LAR you are with the, I O a, could you just tell us a, a, just a, a quick bit, aboutt a, what is it that you get involved with in the, in that organization?
Yeah, I, yeah. Thanks Graham. And nice to meet you, everybody.
Yeah, my, my name is Kel. I work with our pronou a bit differently Iotta foundation, which is a not for profit organization, working on dis ledger technologies. We have our own distributed ledger, which is flavor of blockchain, but with some of the benefits, but also some of the advantage that this leisure technology can bring.
And we work on different layer from the research and developing technology at this production, ready up to bringing it to the market and try to experiment what value the technology that we develop can bring in different verticals, domain, like supply chain, automotive and mobility, as well as telecommunication industry, as well as a glue between all this domain on this sector, when it's about IOT, internet of things and data that's about us. Yeah. Thanks very much. And we're going to be getting into that communication issue in, in a minute.
And Manuel you're with clarity who done a lot of work in the, in the, the OT space. Just, can you just give us a, a quick update on, on clarity and your main work with, with the company? Sure.
Thank you, Graham. So very happy to be here with everyone. So Manuel on the general manager of clarity in Europe, middle east and Africa based out of Switzerland, and yes, I'm with clarity. Clarity is one of the leaders in the industrial cybersecurity space, heavily focused on in securing the industrial landscape, industrial manufacturing plans, critical infrastructures, electric utilities, etcetera. We were established about seven years ago, heavily growing.
And our mission is really to go and help in the digital transformation of manufacturers and, and OT OT players, let's say in their digital transformation in securing their plants and facilities ensuring their uptime. So that's about clarity in a minute.
Super, Thank you very much. Appreciate that. Okay. Back to EB, I could shoot a question at you in terms of the OT installations that you're aware of, what you, the, the RT come you come into to knowledge of how well are they managed my experience. They typically they're poorly, poorly documented in terms of understanding the standing, the installation itself.
What, what, what's your thoughts about how people understand their OT environments? Yeah, I mean, I think for OT, yeah. I would say that the important part is that yes, understanding the environment, but also protecting and securing the data. And the important thing is always to, to be sure that data can be tracked from their source and then can be shared in a secure way. So we see more and more connected in industry and, and, and different data flow and the data flow that goes between different jurisdiction, different stakeholders.
So that the isn't, we have to be careful of not centralizing too much this data into one single point of failure, but this distributing in the centralized data and the security, integrity of data, that becomes very important. So when it's about all the installation, always the Providence of device.
So if we are going toward the model of zero touch deployment, we need to go and, and understand the sorts of equipment where the equipment comes from, and as well as the different feature, how best practice to install and so on and so forth, toing and things that is all of that need to be, I will say, shareable know knowledge where this ledger, like the one we work on can be, can play a role.
So definitely, yeah, that's, that's a very important aspect to, if you want to guarantee zero cash, especially deployment, we have to, to be sure that all the element are trusted and to be trusted, we need to know that Providence and data. Yeah. How about you Emmanuel?
How, what, what's your view of how well OT environments are understood in terms of being documented and people having a transparency on, on their installations? What's your, what's your findings?
So, so great question and picking up on what was already said. I'd say that when we come in into engagement and we start discussions with, you know, customer customers or prospects, obviously each and every one of those are somewhere in their journey into securing their industrial environment. And it usually entails that there are new people, for example, it security or OT security, or receiving the responsibility for securing those manufacturing plants or those critical infrastructure.
And by receiving a new responsibility, the first thing that people wanna know is to have full transparency and visibility on the assets and the installed base that are there. So that simple saying that people say a lot and that we actually believe in, you cannot secure what you don't know you have. And that's usually how engagements start. And I would say that, you know, when we start engagement, we see different maturity levels of different players in the market.
It depends a lot, whether those plans were inherited, those plants were acquired by other companies, or those plants are actually state of the art newly built each and every one of those might say that the, the status of the visibility of those that installed based of those controllers and, and assets that are producing and, and, and what they are. But I would say that almost none of the players that we start working with have automatic and continuous capabilities of tracking that visibility. And when we say visibility, we're not only saying, Hey, I have that asset.
Yes or no, it's like an IP address, but rather having detailed visibility on that asset perspective. So from, you know, vendor name, what is the criticality? What is the type of, what is, what is that asset doing in the process? And even tracking as much as possible, whether there is risks so associated to that asset. And that basically gets us to the first stage, which are related to identifying what are the assets that I have and managing the risk that I have. And that's usually where also clarity starts at basically to support those customers in their journey.
And yeah, the, you have a tool available that will go out and do the discovery of assets on the network is, is my understanding, is that, is that, Yes, that is, that is correct. And I would say that, you know, assets that are doing this or tools that are doing discovery are not new in the market, they're there for, you know, tens of years, those same OEMs that are producing the PLCs, such as Siemens, Rockwell, Schneider, RO go, and, and any other have those capabilities.
But the new here, the new capabilities is basically the ability of doing so across any type of vendor that is happening in that environment, any type of tool class. So whether it's an, it endpoint an OT type of assets, such as a PLC ant type of device, and many others that are, you know, in between, and also the, the ease of doing it. So obviously in the past, people were doing those, those discovery manually going cabin by cabin cabinets, and just getting that data today, we have capabilities that can give visibility into the whole manufacturing plants within minutes, which is quite new.
And I would say that we're seeing the transition in the market from collecting that data just based on network traffic, which is something that was the state of the art until recently, and moving into new type of data collection capabilities that are more scalable, such as running some type of edge capability into close, very close into the environment and picking up as much data easily. Okay. Thank you. Back to back to BICA. I want to follow up on what you said about the, the communications there, and you, you mentioned the distributed ledger technology.
Can you help us understand where that's taking us now? My, you know, from we, we're all very familiar with PKI that allows us to identify devices. It allow us to us to encrypt the, the transmission.
What is, what's a distributed gonna do to really help us in the device communication? Yeah.
No, thank you. That's very, very good, interesting question.
And yeah, we don't have to invent the wheel. We have just to compliment existing systems. So pick up also what a manager said about knowing assets, knowing their characteristics that's enough for, for one company. But I see that industry for consumers, much more about connected manufacturing, connected industries, and one weak point in this connectivity of, of industry become a liability for the, for the next, for the next industry to the chain.
So there is a need for sharing this information for keeping trust across how good this, for instance, the OT environment in one industry that is perhaps a supplier of another industry and so on and so forth and needs to be ledger technology can help to bridge this gap because that removes central point of failure. So that central place where this information is maintained.
And in particular, if you think about device identification, so if you think about the security of one device that we can easily identify down to this, to this chain, we don't need a central point that assign key assigned identities, but we can do this in the centralized way. We can do this with the centralized identities. So basically PKI exist also in the, the centralized world, but now key are stored as a public key on a distributed ledger, which is accessible and verifiable by everybody.
So that the power is that now of as a down supplier or down to the chain of somebody sending me hardware or whatever. So I can always verify the Providence by simply using the ledger without me to establish before. And this center point of, of aggregation of information like PKI requires. So this means that also the supply chain becomes much more flexible, much more agile. So I don't need to know a priority how I'm going to identify all the device that are belonging to my supply chain, but I can do this real time and online by sharing this information, using this.
So creating a PKI on the back of a dis ledger makes this much more scalable, but also agile, rather than the normal traditional PKI. You mentioned earlier, immutable, why would we be, why would, why should we be using immutable Storage?
Well, because if you think about now, adaptability, if we think about risk, that can happen. And of course we have to do post Martin analysis and so on and so forth, identify responsibility also very important. So it's not all important for the reason of blaming, let's say, who is failing, but also try to let increase the standard and the, and the best practice inside we, each environment, each company, because the whole reputation now is suppose, and can be audited and can be, let's say, still not public, but within even supply chain that you established, you can be audited.
So with disable information. So having the knowledge that you are gonna be observed is not only there for criticizing or for blaming you when something happen as a, as a, as a stakeholder, as an industry player, but raise the path for you to try to do things, right. So I think this irritability build not reversing all needs information, I think is very important to this behavior. Yeah. Okay.
And, and let's face it. We don't want any hackers being able to go back and change it. Yeah.
What's, COVID 19 done to, to the industry in terms of being able to maintain our environment. Let's face it in many situations, an OT environment is managed by third parties has COVID caused any grief, so to speak in terms of getting access to things, Emmanuel, what's your thoughts there?
So, great question, Graham. So basically I think that, you know, we've all seen the, the trends and what we've seen out there since basically in the last, almost 18 to 24 months, we say that digital transformation who is the number one cause to it, whether it was the CEO or the CIO or whether it was COVID. So actually COVID created much more of that digital transformation push and changes. And actually that applies also in terms of what we've seen in the, in the OT space.
And one of the things that we've seen is obviously industrial plants rely a lot on third party maintenance coming from OEM and vendors, such as the controllers manufacturers or robotics manufacturers or machine manufacturers that are providing maintenance. That can be even time critical to those, to the uptime of the production. And because of COVID, obviously there were many restrictions on travel and may restrictions on allowing people to come in and perform that maintenance.
And because of that, we we've seen is we've seen a very significant grow in the need of actually allowing secure remote access from outside of the organization into the inside of those of those networks. And that's something that we did see slowly happening before, but that change I would say has significantly, was made much faster obviously. And the problem that we've seen is obviously customers are not willing to allow access from remote because it is in a sense it's also a, a very important and very usual attack vector into the, into the network.
And on top of it, some very obsolete and traditional tools such as normal VPNs that were used in the past, or some gateways that were deployed by specific vendors are just not scalable or not secure and not allowing that the granularity that the customer need.
So what we've seen that is kind of the trend is going towards true enterprise secure remote access solutions for OT dedicated, for OT that allow the customers or the OT operators to open the, the, the channel from the outside for maintenance or for any other type of activity inside their OT network, but obviously allowing and complying into it type of security roles and regulation. And on the other hand, also giving very granular manageability and visibility into what's happened.
So imagine one use case that we've seen very, very often is once we have that tool and we're able to give that granularity, our customers ask us, well, actually I would like to monitor whether the vendor has done exactly what he told me that they have done in terms of the service provider, or has they done it in the time that I've expected, or what is the change that they've done, et cetera. So that's a, that capability of controlling is very important.
And on the other side, on the other hand is obviously wanna allow the OT personnel to actually manage those connections, because if somebody is able to get access into the plant, even if they're a legitimate person, but they're doing so when somebody is very close to, for example, a robot, there is obviously safety issues related to it. And you wanna allow that maintenance window exactly at the time and allowing them exactly the times that the OT personnel is allowing it. And all of that is basically that trend that is enabled by industrial secure remote access solutions.
And obviously clarity is one of those vendors that are providing those tools. Yeah. Yeah. And I think we do need to make that point, you know, in the past remote access to a supervisory system has been something you just don't do with the advanced advancements we've had in technology. That capability is now there. And as you pointed out with third parties doing a lot of maintenance for us, that can, that can be very important. Okay. We'd have to have time for one, one more item.
I just wanted to come back to you Kellar in regard to our data and best practices for data storage and also what that data storage can do for us in terms of extracting value from it. I'm thinking, you know, using AI to, to extract value from OT data and, and monetizing it so to speak, what's your experience there?
That, that, what are the possibilities? Yeah, it's a very good point. And actually something that I'm gonna touch probably closer in my, in my talk later. So data data yeah. Are very important. Let's say the, the oil, the new oil, but still again, generating data require effort. And most of this, of this time, the effort is down to provide the, the sensor will provide the, the sensing equipment for the data.
So, but this data can be useful for many different ways and many different other stakeholders. So, but there is still the need of protecting and securing this data and not sharing openly with and losing value on the data. So I think that data should be more shareable, but should be also more controllable from, from their, their owners. So there is this concept of self sovereign, let's say, sovereign, and then manage management of, of the data. So data should be track for their access, should be tracked for who actually using in the purpose they're using it and also be able to be monetized.
So we are experimenting with our technology technologies in terms of monetizing data, but also tokenizing data. So give the data a really, that is traceable trust, traceable, and then return value for when is analyzed with machine learning, AI and, and incentivize this way, the sharing of data. So they are very important, but they need to be shared security, but also counter need to be guaranteed.
So yeah, I love it. I love it.
I mean, look, we are out of time and you, as you mentioned, you're gonna be talking about that so people can follow up with you that way and Emmanuel, I'm sure participants can follow up with you too, in terms of what clarity can, can do, can do for them. I would like to thank you both for participating in this panel. Now. I hope the attendees have found it. Interesting. I found it interesting and yeah, let's, let's go on and make our I industry 4.0 installations, safe, visible, and well communicated. Thanks very much.
