The IT/OT stack can be a major stumbling block in digital transformation. Or, with the right changes, it can be the key to unlocking digital at scale.
More and more manufacturing organizations are undergoing digital transformations enabled by use cases powered by the Industrial Internet of Things (IIoT). However, many are having trouble scaling these pilots to achieve significant operational or financial benefits.
One reason for this “pilot trap” is because at most companies, the IT (information technology) and OT (operational-technology) stacks are siloed, resulting in poor solution definition, deployment, and adoption. Consequently, business sponsors often cannot see the value of the pilot or the results it produces. These are serious hindrances, given that IIoT use cases need the support of the business as a whole. They rely on data from a wide range of production and supply chain processes, encompassing sources across all facilities, enterprise systems, and even suppliers for input into IT applications sitting on enterprise platforms.
As digital capabilities become more strategic, and complex work-arounds become less and less feasible, more companies are getting serious about breaking down these silos and converging the IT/OT operating model. Doing so promises to accelerate in-flight use cases, democratize access to data and technology across the value chain, launch new use cases that utilize cloud-native capabilities, and improve frontline decision making by using data from both IT and OT systems.
The obstacles to convergence
Enterprise IT is typically managed by the chief information officer (CIO), whereas OT systems, shop floor IT, and plant maintenance are typically managed by the COO (and sometimes business unit managers or plant leaders). Historically, IT and OT implementations have catered to different problems and therefore evolved into significantly different architectures and protocols.
Not surprisingly, there are now significant structural and cultural obstacles to convergence. At most companies, there is no joint governance covering IT and OT, and only limited joint management and execution of cross-technology strategies and policies. This results in a high degree of duplicate and overlapping processes, compounded by a lack of interdisciplinary profiles and skills. Moreover, OT environments have tended to adopt new technologies more slowly than IT environments involving less up-front investment (such as cloud-based technologies or ones featuring continuous feature releases).
Some of the more specific challenges to convergence include:
- the need for manual translations between the enterprise and operations layers, often via spreadsheets
- data that either are not collected or are fragmented in silos within IT and OT layers
- the lack of an integrated management execution system—or multiple systems without any interconnection
- control and supervision layers without adequate interconnection, sensors, or analytics, with minimal integration into adjacent process steps
This organizational divide leads to other challenges, such as inconsistencies in technical standards, cybersecurity policies, and guidelines. As one chief information security officer at a consumer goods company recently said: “I think about IT/OT convergence a lot, but the current tools are not ready for the complexity we need in terms of size and legacy systems.”
The foundations of IT/OT convergence
To tackle convergence challenges, companies can transform the IT/OT operating model before moving into technical and architectural transformations. Five elements have shown to be especially important for converging the IT/OT operating model.
Common governance. The first step is to establish the organization, roles, and responsibilities for standardization and consistency across processes, KPIs, skills, data, and security guidelines. At the electronics company, leaders established a centralized local IT front office to govern shop floor IT and OT systems at individual plants, which are bridged to the central IT systems. This setup helped ensure that standards were applied consistently across all plants and could be scaled effectively. This setup also enabled a comprehensive view for identifying which data should be integrated to deploy IIoT use cases
Process harmonization. It’s best practice to harmonize central and local IT and OT processes to increase collaboration and more synchronized milestones to deliver digital use cases. Adopting industry standards, such as those from the Information Technology Infrastructure Library, can help. Clear, centralized governance, with checkpoints defined throughout the process of harmonization, helps reinforce alignment and resolve problems before they derail progress.
Common KPIs. A common set of KPIs is essential to track both IT and OT systems across main dimensions, such as productivity, timeliness, quality, and resilience—bearing in mind the different starting points of OT systems. This task helps the business understand the benefits of pilots and supports efforts to adopt and scale them. The electronics company began tracking KPIs measuring escaped defects, failed deployments, and test coverage. This increased transparency helped change the perception that IT was underperforming. Emphasizing test KPIs also promoted business owner involvement in testing and change management, which is critical for scaling IoT applications.
Skill transformation. Companies need to build new in-house digital capabilities, such as data science and cloud architecture, either through internal training or hiring external expertise. It’s also important to enforce common standards for these skills across all plants and central IT.
Central data and security management. IT and OT security standards are separate, and may remain so. However, to manage and maintain a high level of cybersecurity, the two standards must share a single operating model to ensure that controls—such as for asset management, data loss prevention, security operations, and incident response and recovery—are consistently applied to both IT and OT systems. The challenge many companies face is the pressure to “prove” that these efforts pay for themselves by avoiding data leakages or security incidents. As security attacks become more prevalent, this mindset can pose an increasingly unrealistic barrier to effective security.
