Menu

IoT FEATURE NEWS

From Perimeter to Identity (Part 2): From Good Idea to Broken Reality

By

Five Reasons Why Zero-Trust Fails in IoT and OT — and How Leaders Fix It

Zero trust is the dominant security architecture of our era. Its principles—never trust, always verify, assume breach, enforce least privilege—have reshaped enterprise IT with measurable results. Identity is stronger. Lateral movement is harder. Implicit trust is shrinking.

Then those same organizations try to apply zero trust to their IoT fleets and operational technology networks. Results become uneven at best, and dangerous at worst.

The problem is not the people. It is not even the technology. It is a fundamental model mismatch between what zero trust assumes and how industrial and IoT environments actually work.

Why Zero Trust Was Not Built for the Plant Floor

Zero trust was engineered for enterprise IT—systems that are routable, identity-centric, and designed for continuous authentication. IoT and OT environments were designed for reliability, determinism, and uptime—not security.

In a factory, grid, or hospital network, availability is the highest priority. A single unplanned minute of downtime carries real consequences: lost product, safety incidents, regulatory violations. When security teams propose continuous reauthentication, short-lived credentials, or active monitoring agents, operations engineers hear one thing: potential disruption.

That tension is structural, not cultural. OT control loops cannot pause for policy evaluation. Latency matters. Devices operating Modbus, PROFINET, and other legacy industrial protocols were built decades before authentication was a design requirement. You cannot bolt a TLS handshake onto a PLC that was never designed for one.

Five Ways Zero Trust Quietly Breaks Down

Visibility Is Incomplete by Design

Zero trust begins with knowing every asset. Yet, industrial organizations routinely discover devices they did not know existed during network assessments, like legacy equipment on undocumented channels, shadow OT systems installed by maintenance vendors, and third-party integrators with persistent access.

CISA has repeatedly identified unmanaged devices and limited visibility as among the most common weaknesses in IoT and OT environments. Asset inventories lag reality. Telemetry is sparse, proprietary, or only present during specific operational states. Security tools trained to flag "silence" as normal miss the gaps entirely.

Networks Are Functionally Flat, Even When They Look Segmented

Organizations build zone diagrams and draw conduit lines between them. Then they discover that broadcast discovery protocols, shared gateways, and centralized controllers create coupling that the network map never shows.

Two devices can be completely isolated at the network layer and still be functionally inseparable. A compromised shared controller or protocol translator can change the state of systems that appear air-gapped on paper. Segmentation exists in documentation. Dependency persists in operation.

Trust Is Implicit, Durable, and Undocumented

In OT environments, trust was established at installation and has persisted ever since. Devices trust controllers because they always have. Controllers trust management platforms because they are "authorized." Cloud services trust device identities embedded in firmware.

These relationships are rarely documented and almost never revisited once a system goes live. Zero trust assumes trust can be challenged continuously. OT assumes trust persists unless something breaks. Both assumptions cannot be true simultaneously.

Enforcement Gets Pushed to the Wrong Place

When enforcement cannot happen at the device level due to legacy constraints, security teams push it outward to gateways, management platforms, and cloud services. These centralized enforcement points then become chokepoints.

Once those gateways are trusted (and they always are, eventually), they are rarely revalidated. If compromised, they bypass every downstream zero-trust assumption simultaneously, often without triggering a single alert.

The Skills Gap Is Real and Underestimated

Implementing zero trust in IoT and OT requires what practitioners describe as "unicorn talent,” meaning professionals who understand both cybersecurity architecture and industrial operations. Security architects know little about operational constraints; OT engineers lack security knowledge. The convergence of IT and OT has widened this gap, not closed it.

This creates governance fragmentation. IT teams push for universal multi-factor authentication. Operations leaders demand exemptions during emergencies. Zero-trust projects stall in meetings where neither side fully understands the other's constraints.

What Leading Enterprises Actually Do

The organizations making zero trust work in IoT and OT are not deploying it as an all-or-nothing framework. They are adapting it to the realities of the environments they operate.

They start with discovery, not policy.
Before writing a single zero-trust rule, leading teams invest in comprehensive, passive asset discovery. Automated tools uncover managed and unmanaged devices in real time, building the inventory that zero trust requires as its foundation. Importantly, this discovery is passive, using network taps and protocol-aware sensors that do not interact with fragile endpoints.

They use an overlay approach for legacy systems.
Rather than requiring device-level changes that legacy PLCs and controllers cannot support, mature teams build identity and access control into the network layer around those devices using proxies, gateways, and access management platforms. This delivers zero-trust enforcement without touching the underlying asset.

They phase implementation around risk, not zones.
Instead of trying to redesign the entire network, leading organizations identify their highest-risk devices and critical communication paths first, apply identity-based controls there, and expand outward over time. Starting with large trust zones and shrinking boundaries incrementally avoids the disruption that kills OT security projects.

They protect the management plane above everything else.
Because centralized enforcement points are structurally amplified targets, leading practitioners disproportionately invest in securing management platforms, update mechanisms, and protocol gateways — not because they are attractive targets, but because a single compromise there bypasses everything downstream.

They use AI-assisted segmentation proposals.
Industrial networks with thousands of assets cannot be manually placed into zero-trust zones without errors. Mature implementations use AI and ML tools to generate zone segmentation recommendations based on observed traffic patterns, which control engineers then validate and approve. This blends machine scale with human operational judgment.

They align metrics to OT KPIs, not IT frameworks.
Zero trust wins OT buy-in when security teams can show that implementation will not conflict with availability, safety, or production KPIs. Framing controls in terms of "protected uptime" and "incident containment speed" rather than "zero-trust maturity" makes the case in language operations leaders understand.

The Honest Takeaway

Zero trust is not the wrong answer for IoT and OT. It is an incomplete one when applied without adapting its assumptions to the environment. The organizations that succeed treat it as a continuous improvement program—not a project—and extend it with controls that address inherited trust, shared control paths, and legacy protocol realities that the original model was never designed to handle.

The goal is not a perfect zero-trust architecture. It is a security posture that makes compromise harder, contains failure faster, and continues to work when availability cannot be compromised.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Partner, Crossfire Media

SHARE THIS ARTICLE
Related Articles

Your Secret Weapon for Enhanced Liability Defense

By: Contributing Writer    6/23/2026

Running a business has its benefits. It can free you from a traditional 9-5 structure. However, it also introduces new layers of risk-especially in a …

Read More

The Digital Supply Chain: Resilience, Visibility, and the End of Flying Blind

By: Carl Ford    5/26/2026

Digital supply chain transformation is helping enterprises replace fragile, efficiency-only models with resilient, real-time operations powered by end…

Read More

The CIO Reimagined: From IT Keeper to Digital Business Leader

By: Carl Ford    5/26/2026

The modern CIO is evolving from an IT operations leader into a strategic digital business executive, responsible for driving AI governance, cloud stra…

Read More

Industrial IoT and the Rise of Smart Level Monitoring

By: Contributing Writer    5/18/2026

Industrial operations are becoming increasingly data-driven. From manufacturing plants and oil terminals to water treatment facilities and agricultura…

Read More

How Does Anthropic's Mythos Foretell the Post Quantum Nightmare?

By: Carl Ford    5/14/2026

AI security tools like Anthropic's Mythos are exposing hundreds of exploitable flaws in legacy software stacks, underscoring the urgent need for bette…

Read More