arrow_backIndustrial Software Insider

OT Security Faces Vendor Access Governance Challenge Amid Third-Party Risk Growth

Industrial cybersecurity leaders warn of increasing third-party vendor access risks, citing governance gaps and shifting focus to zero-trust frameworks.

schedule 3 min
OT Security Faces Vendor Access Governance Challenge Amid Third-Party Risk Growth

Industrial cybersecurity leaders are raising concerns about third-party vendor and contractor access to operational technology (OT) networks, citing critical governance gaps and calling for zero-trust and comprehensive vendor risk management practices.

A recent survey by Secomea, The State of Industrial Remote Access 2026, found a disconnect between organizations' confidence in remote access security and the reality of their audit capabilities. Only 43% of respondents reported maintaining complete audit trails of vendor sessions, revealing significant visibility gaps, particularly among enterprises managing large numbers of external vendors . Overconfidence in security is often accompanied by weaknesses in vendor oversight, credential management, and accountability . The survey identified that organizations managing between 21 and 100 vendors faced substantially higher risk of incidents, suggesting vendor-related threats frequently result from internal governance failures rather than vendor actions alone 1Industrial organizations overestimate remote access security, new global report finds.

Background

Securing third-party access is a growing challenge for industrial operators dependent on external vendors for maintenance, updates, and technical support. Traditional methods such as Virtual Private Networks (VPNs) enable broad network access without enforcing least-privilege principles and provide limited session visibility, making them inadequate for restricting lateral movement or facilitating forensic investigations in compromised environments2Why Third-Party Access to OT Environments Requires Stronger Security Controls | Cyolo.

Industry analysts and sources recommend implementing zero-trust security, network micro-segmentation, identity and access management (IAM), and secure remote access tools to enhance vendor access governance. These methods support compliance with standards and frameworks like IEC 62443 and NIS2, which require stronger controls and monitoring of third-party access3Strengthening Third-Party security in OT environments – PRIVAL.

Details

The Secomea report shows nearly 70% of organizations now use shared IT/OT governance models-where IT and OT teams cooperate on security and operational matters-which closely correlates with better operational efficiency, improved auditability, and reduced incident rates. In contrast, organizations with weak IT and OT alignment reported nearly triple the rate of vendor-related security incidents 1Industrial organizations overestimate remote access security, new global report finds.

Industry-wide, session visibility remains insufficient. Fragmented use of access tools-including VPNs, OEM utilities, privileged access management (PAM) solutions, and newer OT-focused platforms-has diminished control and hindered effective oversight 1Industrial organizations overestimate remote access security, new global report finds.

Zero-trust adoption has demonstrated measurable benefits in the study. Organizations applying all five core zero-trust principles achieved levels of auditability and visibility not attainable through technical tools alone, enabling more efficient vendor onboarding and stronger security postures 1Industrial organizations overestimate remote access security, new global report finds.

Industrial cybersecurity experts corroborate these findings, advocating for Zero Trust Network Access (ZTNA), micro-segmentation, IAM, and industrial demilitarized zones (IDMZ) as essential strategies for reducing supplier and supply chain risk. Continuous monitoring, contextual logging, and vendor-provided Software Bills of Materials (SBOMs) are cited as important controls for managing risks across first-party, third-party, and open-source software in industrial environments4As industrial systems modernize, adaptive OT cybersecurity replaces patchwork defense - Industrial Cyber.

Outlook

The industry is moving toward integrated zero-trust frameworks that unify access governance across IT and OT domains and enforce per-connection, least-privilege access. Greater alignment with regulatory requirements such as IEC 62443 and NIS2 is expected to drive further investment in governance-focused vendor access controls and enhance auditability throughout industrial systems.

Sources

  1. Industrial organizations overestimate remote access security, new global report finds
  2. Why Third-Party Access to OT Environments Requires Stronger Security Controls | Cyolo
  3. Strengthening Third-Party security in OT environments – PRIVAL
  4. As industrial systems modernize, adaptive OT cybersecurity replaces patchwork defense - Industrial Cyber

More Articles

SANS 2026 Flags OT Cybersecurity Workforce Gaps as Critical Risk
Research

SANS 2026 Flags OT Cybersecurity Workforce Gaps as Critical Risk

Cloud-Native MES and IT/OT Convergence Reshape Manufacturing Security Posture, Say Industry Leaders

Cloud-Native MES and IT/OT Convergence Reshape Manufacturing Security Posture, Say Industry Leaders

Systemic Risk Rises as OT Security Gaps Persist in 2026
Industry

Systemic Risk Rises as OT Security Gaps Persist in 2026

Industrial Software Insider

© 2026 Industrial Software Insider. All rights reserved.

We use cookies to analyze and improve our website.