Bridging the Divide: How Leading Companies Achieve IT/OT Convergence for Enhanced Security and Efficiency

In the complex landscape of modern industry, two distinct technological worlds have traditionally operated in parallel: Information Technology (IT) and Operational Technology (OT). IT manages the data, applications, and corporate systems that drive business operations, while OT controls the physical processes, machinery, and infrastructure that produce goods or deliver services. For decades, these domains remained largely separate, characterized by different priorities, technologies, protocols, and cultures. However, the accelerating pace of digital transformation, the rise of the Industrial Internet of Things (IIoT), and the increasing sophistication of cyber threats are forcing a fundamental shift: the convergence of IT and OT.

This convergence promises significant benefits, including improved security posture, optimized operational efficiency, reduced costs, enhanced data utilization, and the creation of new business opportunities. Yet, it is a complex undertaking, fraught with technical, organizational, and cultural challenges. How far have companies truly progressed in integrating these historically siloed domains? What are the tangible opportunities unlocked by this convergence, and how can organizations effectively govern and manage the combined IT/OT environment?

A recent study conducted by management consultancy 4C Group, in collaboration with Markus Westner from OTH Regensburg, sought to answer these critical questions. The study involved qualitative interviews with 31 CIOs and IT/OT managers from large companies across 12 diverse industries, including automotive, chemical, electronics, retail, and mechanical engineering. These companies represent a significant segment of the industrial economy, with an average annual turnover of €3.2 billion and employing approximately 10,700 people.

The findings reveal a clear consensus among participants: the future involves IT and OT co-existing, but this co-existence must be underpinned by common processes, clearly defined roles, and a unifying vision and strategy. While the journey towards full integration is ongoing and varies in maturity across organizations, the strategic imperative for convergence is widely recognized.

Understanding the IT/OT Landscape

Before delving into the convergence journey, it's essential to understand the fundamental differences and components of IT and OT.

What is Operational Technology (OT)?

Operational Technology encompasses the hardware and software used to monitor and control physical devices, processes, and events in industrial environments. It is the technology that keeps factories running, power grids stable, and transportation systems moving. The study authors define OT as the systems that manage the performance of physical assets. The OT stack can be visualized in layers, often referenced in models like the Purdue Enterprise Reference Architecture:

• Level 0: The Process Level: This is the physical process itself – the machinery, production lines, pipelines, or power generation equipment.
• Level 1: The Intelligent Device Level: This includes sensors, actuators, and other intelligent devices that interact directly with the physical process, collecting data and executing basic control commands.
• Level 2: The Control Level: This layer consists of systems that control and manipulate the devices at Level 1. Programmable Logic Controllers (PLCs) are a prime example, executing logic-based control programs. Distributed Control Systems (DCS) are used for more complex, large-scale processes.
• Level 3: The Manufacturing Operations Management (MOM) Level: This layer focuses on managing production workflow, scheduling, and quality control. Manufacturing Execution Systems (MES) are key components here, bridging the gap between the control layer and the enterprise level. This level is often considered the boundary between traditional OT and IT.
• Level 4: The Enterprise Level: This is the domain of traditional IT, where business systems manage overall operations.

The topmost layer specifically mentioned in the study's definition of the OT cosmos is the “process control level,” which aligns closely with Level 3 and involves monitoring, controlling, and managing entire industrial plants. This often utilizes Supervisory Control and Data Acquisition (SCADA) systems, which gather data from lower levels and provide a human-machine interface (HMI) for operators to visualize and interact with the process.

What is Information Technology (IT)?

Classic IT, in contrast, revolves around systems that manage data and applications primarily for business functions. While IT systems can exist at various levels, they are traditionally dominant at the higher levels of the enterprise architecture:

• Corporate Level (Level 4/5): This includes enterprise resource planning (ERP) systems, customer relationship management (CRM) systems, supply chain management (SCM) systems, and other business applications that manage finance, human resources, sales, and overall corporate strategy.
• Operational Level (Level 3/4): While MES sits at the boundary, other IT systems might support operational planning, logistics, and data analysis related to production but not directly control the physical process.

IT systems are characterized by their focus on data integrity, confidentiality, and availability, often prioritizing flexibility, connectivity, and rapid innovation cycles. OT systems, conversely, prioritize safety, reliability, and real-time responsiveness, often operating on proprietary protocols and having much longer lifecycles due to the nature of industrial equipment.

IT/OT convergence is the complex project of linking and integrating these previously distinct IT and OT systems and domains more closely, enabling data flow, shared infrastructure, and unified management approaches.

Leadership in IT/OT Convergence: The CIO's Central Role

A key finding of the study is the prominent role of the Chief Information Officer (CIO) in leading IT/OT convergence initiatives. According to the survey, 61% of companies place responsibility for convergence under the CIO's purview. Less than a quarter have adopted a tandem leadership model involving both IT and OT managers. In over 10% of cases, responsibility remains undefined, highlighting a potential barrier to progress.

Martin Stephany of the 4C Group attributes the dominance of IT managers to their typically more pronounced experience and skills in areas critical to convergence, such as cybersecurity, data management, and enterprise-wide system integration. Furthermore, a direct counterpart to the CIO role often doesn't exist on the OT side, making the CIO a natural fit to champion cross-functional initiatives.

The CIO's leadership is crucial not only for technical integration but also for navigating the organizational and cultural challenges inherent in merging these distinct domains. They are uniquely positioned to bridge the communication gap, foster collaboration, and align convergence efforts with overall business strategy.

The Compelling Opportunities of IT/OT Convergence

The study participants identified significant opportunities driving the convergence trend. The most frequently cited benefits were increased security and cost savings.

Enhanced Security Posture

Historically, OT networks were often isolated ('air-gapped') from corporate IT networks, relying on this physical separation for security. However, with increasing connectivity driven by IIoT and remote access requirements, this isolation is no longer guaranteed or sufficient. OT systems, often running legacy software and hardware with known vulnerabilities, are becoming prime targets for cyberattacks, including ransomware, which can have devastating consequences for physical operations and safety. Threats from cyberattacks in the OT sector continue to increase, making robust security paramount.

Convergence allows organizations to leverage the mature security practices, technologies, and expertise developed within IT to protect vulnerable OT environments. Advantages include:

• Consistent Security Policies and Standards: Implementing unified security frameworks that apply across both IT and OT domains.
• Centralized Monitoring and Threat Detection: Gaining visibility into OT network traffic and activity, enabling faster detection and response to incidents.
• Standardized Patch Management and Updates: Developing processes for the consistent rollout of security updates, a critical but often challenging task in OT environments due to uptime requirements.
• Improved Identity and Access Management: Implementing central user management and stricter access controls to OT systems.
• Enhanced Incident Response: Developing integrated incident response plans that address both IT and OT systems.

As one study participant noted, the IT organization's years of experience in security make it possible to “transfer best practices, technology, and awareness approaches to the OT side.” This transfer of knowledge and capability is a major driver for convergence, as organizations recognize that OT security is becoming a mainstream concern that requires a professional, enterprise-wide approach.

Cost Savings and Efficiency Gains

Convergence offers significant potential for synergy and standardization, leading to cost reductions and improved efficiency. By integrating systems and processes, companies can eliminate redundancies and streamline operations. A CIO from the oil and gas industry highlighted the prevalence of redundant systems like Active Directories, which are often less efficiently managed in OT compared to IT. Standardizing such infrastructure components across the converged environment can yield substantial savings.

Other aspects contributing to cost reduction and efficiency include:

• Improved Transparency: Greater visibility across the entire operational landscape, from the plant floor to the enterprise level, enables better decision-making and resource allocation.
• More Intensive Exchange Between Teams: Closer collaboration between IT and OT teams reduces miscommunication and rework.
• Clearer Requirements for Procurement: Defining unified IT/OT requirements upfront when procuring new production facilities or equipment avoids costly retrospective adjustments. Oliver Pütz, CIDO of Rolls-Royce Power Systems, shared an example where a lack of early communication led to additional expenses because suppliers couldn't meet IT requirements defined later in the process.
• Streamlined Maintenance and Support: Consolidating support structures and leveraging IT's experience in managing complex systems can improve the efficiency of maintaining OT assets.

Unlocking the Value of Production Data

One of the most transformative opportunities of IT/OT convergence lies in the ability to collect, analyze, and leverage production-related data. Historically, vast amounts of data generated on the plant floor remained trapped within OT systems, inaccessible to enterprise-level analytics or external stakeholders. Convergence breaks down these data silos, enabling a seamless flow of information from sensors and controllers up to business intelligence platforms and cloud-based analytics engines.

Mathias Bücherl, group CISO at Heidelberg Materials, explained, “In general, production-related data offers enormous opportunities for companies, especially data that could not previously be processed and commercialized.” This data can be used for a multitude of purposes:

• Process Optimization: Analyzing real-time and historical production data to identify bottlenecks, improve efficiency, reduce waste, and optimize resource consumption.
• Predictive Maintenance: Using data from sensors to predict equipment failures before they occur, enabling proactive maintenance that reduces downtime and extends asset lifespan.
• Quality Improvement: Monitoring production parameters and correlating them with quality metrics to identify root causes of defects and improve product consistency.
• New Business Models: Leveraging production data to offer data-driven services or digital products to customers. Robert Ellersdorfer, technical director of Binder+Co. AG, emphasized the importance of this, stating, “Data-driven, digital products enable us to open up new markets. Without these digital products, we would lose our market leadership in this segment.”
• Supply Chain Integration: Sharing production data with supply chain partners to improve visibility, coordination, and responsiveness.

To fully capitalize on this potential, a consistent, end-to-end data flow is essential. While many companies have excellent individual data solutions within specific areas, the challenge lies in promoting a unified data pipeline from the supplier to the customer. As one CIO predicted, the demand for delivering quality data directly from production to the customer will become a standard requirement in the near future.

Employee Development and Collaboration

Beyond technical and process improvements, convergence also fosters a more collaborative and skilled workforce. By bringing IT and OT teams closer together, employees have the opportunity to learn from each other's expertise and gain a broader understanding of the business. Thorsten Frosch, OT security officer at Andreas Stihl AG, highlighted this benefit: “If we talk to each other more, we can benefit much more from the knowledge we have in production and IT. We have to exploit this potential in order to really move the company forward.”

Holger Blumberg, CIO of Krones AG, sees advantages in encouraging employees to switch between IT and OT roles. This cross-pollination of skills not only enhances individual career development but also helps companies attract and retain talent in a competitive market by offering diverse and challenging opportunities.

Maturity of IT/OT Convergence: A Heterogeneous Landscape

Despite the clear benefits and growing recognition of the need for convergence, the study reveals a varied picture regarding the actual progress companies have made. Using a maturity model, the 4C Group study found that only 13% of organizations have reached the highest level of “optimizing,” indicating fully integrated IT and OT systems and processes.

A significant portion, 23%, are still in the early stages, perhaps exploring the idea or running limited pilot projects. The majority of companies fall somewhere in between, demonstrating varying degrees of implementation, particularly concerning shared processes and data utilization.

Several factors contribute to this heterogeneity:

• Decentralization of OT: Unlike traditional IT, which is often centralized, OT is typically more decentralized, with individual production sites or plants operating with their own unique system landscapes. This is especially true for international branches, where system heterogeneity can be significant.
• Varying Willingness to Cooperate: The readiness of OT teams at different locations to collaborate with IT varies, influenced by historical independence, local priorities, and perceived benefits (or lack thereof) of convergence.
• Legacy Systems: OT environments often contain legacy systems that are difficult and costly to integrate or replace, posing significant technical hurdles.
• Cultural Differences: The distinct cultures of IT (focused on change, flexibility, data) and OT (focused on stability, safety, physical processes) can create friction and communication barriers.

Challenges and Barriers to Integration

While the opportunities are compelling, the path to convergence is not without obstacles. The study implicitly and explicitly points to several challenges:

• Organizational Silos: Deep-seated organizational structures and reporting lines that separate IT and OT can hinder collaboration and decision-making.
• Cultural Divide: Differences in priorities, risk tolerance, communication styles, and operational rhythms between IT and OT teams can lead to misunderstandings and resistance.
• Skill Gaps: A lack of individuals with expertise spanning both IT and OT domains makes it difficult to manage integrated systems and projects.
• Data Ownership and Governance: Determining who owns production data, how it should be accessed, and ensuring data quality and security across the converged environment is complex. The study notes that data sovereignty often resides within OT areas, which can complicate enterprise-wide data strategies.
• Technical Complexity: Integrating disparate systems running on different protocols, architectures, and lifecycles requires significant technical effort and expertise.
• Security Policy Discrepancies: As highlighted by Stefan Zach, VP of global IT at the Wieland Group, IT may set security specifications, but OT is responsible for implementation, leading to potential gaps if policies aren't jointly developed and enforced. A lack of unified security policies and standards is a common barrier.

Security as the Primary Driver

Despite the array of potential benefits, the respondents consistently cited security as the single biggest driver for IT/OT convergence. The increasing connectivity of OT systems exposes them to the same types of cyber threats that IT systems face, but with potentially more severe consequences, including physical damage, production downtime, environmental harm, and safety risks. The numerous legacy systems prevalent in OT environments often lack modern security controls and have known vulnerabilities that attackers can exploit.

Against this backdrop, both IT and OT stakeholders recognize the urgent need to enhance cybersecurity and security resilience across the operational landscape. Convergence provides the framework to extend IT's security expertise and tools to protect critical OT assets. Closing the security gap in OT/IT convergence is seen as a fundamental step towards protecting industrial operations in the digital age.

Establishing an IT/OT Governance Framework

To successfully navigate the complexities of convergence, a structured approach is essential. The study authors propose an IT/OT governance framework as a guideline for integrating and managing the various areas. This framework outlines the basic building blocks necessary for the project and provides concrete recommendations for implementation.

The starting point for any convergence initiative must be a shared vision and strategy, clearly defined and communicated throughout the organization. Stephan Heinelt, group CIO of Altana AG, emphasized this point: “The target image of convergence should be clearly defined for the company, otherwise implementation is not possible.” This vision provides direction and aligns efforts across different departments.

Key components of an effective IT/OT governance framework include:

• Common Vision and Strategy: A clear, shared understanding of *why* convergence is necessary and *what* the desired future state looks like.
• Operational Framework: This includes a project portfolio to manage convergence initiatives and a concrete roadmap outlining the steps and timelines.
• Clearly Defined Roles and Responsibilities: Establishing who is accountable for different aspects of the converged environment, from system ownership to data management and security.
• Standardized Processes: Developing common processes for areas like change management, incident response, procurement, and asset management that apply to both IT and OT.
• Policies and Standards: Implementing unified policies and technical standards (e.g., for networking, data protocols, security configurations) that govern the integrated environment. Purchasing regulations that define minimum IT/OT requirements for new equipment are an example.
• Communication and Collaboration Mechanisms: Fostering a common language and creating platforms for regular interaction between IT and OT teams, such as interdisciplinary project teams or working groups.

Developing a common language is particularly important. IT and OT professionals often use different terminology and have different perspectives. Enabling them to communicate on an equal footing and develop a shared understanding of the project goals and challenges is vital for success.

Six Recommendations for Successful IT/OT Convergence

Based on their research and the proposed governance framework, the study authors derived six concrete recommendations for companies embarking on or advancing their IT/OT convergence journey:

1. Ensure Top Management Support: Convergence is a strategic initiative that requires buy-in and active sponsorship from the highest levels of the organization. Management must clearly communicate the goals, strategy, and framework for convergence and actively drive the initiative. This executive support is crucial for overcoming internal resistance and resolving potential conflicts between IT and OT areas.
2. Use Security as a Driver: Given the increasing threat landscape targeting OT systems, security provides a powerful and often universally accepted rationale for convergence. Highlighting the risks of cyberattacks, particularly ransomware, can serve as a lever to gain support and resources for integration efforts aimed at improving the security posture of operational environments.
3. Appoint a Central OT Manager: The decentralized nature of OT and the lack of a single point of contact comparable to the CIO can impede effective communication and coordination with IT. Establishing a central OT management position provides a necessary counterpart to the CIO, facilitating strategic alignment, resource allocation, and consistent implementation of convergence initiatives across different operational sites.
4. Increase the Geographical Proximity of Teams: As IT and OT systems become more intertwined, fostering closer physical proximity between the respective teams can significantly improve collaboration and understanding. Sharing office space or establishing integrated operational centers can increase awareness of each other's needs, build trust, and facilitate informal knowledge sharing, breaking down historical silos.
5. Continuously Demonstrate Added Value: OT teams, focused on maintaining stable operations, may initially be hesitant about convergence if they don't see clear benefits. It is crucial to regularly highlight the tangible added value of convergence initiatives to those affected. This can be done through case studies, pilot project results, and metrics demonstrating concrete improvements in areas relevant to OT, such as reduced downtime, improved efficiency, or enhanced safety, alongside cost advantages.
6. Proceed Step by Step and Iteratively: Attempting a 'big bang' approach to IT/OT convergence is often impractical and can overwhelm operational teams. A step-by-step, iterative approach is more appropriate. This involves prioritizing initiatives based on potential impact and feasibility, starting with pilot projects in areas or locations that are most receptive or where the need is most acute (e.g., the “willing” OT locations). This allows organizations to learn, adapt, and build momentum gradually, ensuring that IT is not perceived as simply imposing its processes on OT but rather collaborating towards shared goals.

The Future of Integrated Operations

The convergence of IT and OT is not merely a technical project; it is a fundamental shift in how industrial organizations operate. It is a prerequisite for realizing the full potential of Industry 4.0, smart manufacturing, and the digital enterprise. By breaking down silos and integrating systems, companies can move towards real-time decision-making, predictive operations, and highly automated, flexible production environments.

While the study shows that many companies are still early in their convergence journey, the direction is clear. The benefits in terms of enhanced security, operational efficiency, cost reduction, and the ability to leverage data for innovation are too significant to ignore. The challenges are real, stemming from technical complexity, organizational inertia, and cultural differences, but they are not insurmountable.

Success hinges on strong leadership, particularly from the CIO, a clear and shared vision, a robust governance framework, and a commitment to fostering collaboration and mutual understanding between IT and OT professionals. By following the recommendations outlined in the study – securing top management support, leveraging security as a key driver, establishing central OT leadership, promoting team proximity, demonstrating value, and adopting an iterative approach – companies can effectively bridge the IT/OT divide and build the foundation for resilient, efficient, and innovative operations in the digital age.

The journey towards full IT/OT convergence is a marathon, not a sprint. It requires sustained effort, investment, and a willingness to change established ways of working. However, for large industrial companies navigating an increasingly competitive and complex global market, it is a necessary evolution to ensure future success and unlock new levels of performance and value.