The Cloud in OT: Great for Status, Bad for Control

Jori VanAntwerp

CEO and Founder at EmberOT || Web

For over two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and improving their overall security efforts. He has had the pleasure of working with companies such as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now CEO & Founder at EmberOT, a cybersecurity startup focused on making security a reality for critical infrastructure.

Cloud-based services have become ubiquitous, and this includes operational technology (OT) environments.

While there are undeniably many reasons to adopt cloud technologies and a number of benefits, OT environments in particular need to closely examine the potential risks and possible unintended impacts. These risks can include increasing a system’s attack surface, chances of latency, and creating a single point of failure for entire operations.

Organizations must consider the fact that when it comes to the cloud, there isn’t a one-size-fits-all approach. The solution may require customization to meet that environment’s operational, business, regulatory, and security considerations. Cloud-based technologies must be carefully considered within the context of the specific environment and even the operation in which they will be used.

The “cloud” can often have different meanings, and those differences matter. A private cloud refers to infrastructure managed by the organization or a trusted partner, often hosted on-premises or in a dedicated cloud computing data center, which provides teams with tighter control over data flows and security. Software as a Service (SaaS), on the other hand, typically involves a third-party platform where the software and the data reside entirely off-site, managed by a vendor.

Then there’s the public cloud, offered by providers like Amazon, Google, and Microsoft, where compute resources are shared across customers and accessible over the internet. Each of these models introduces its own tradeoffs, such as visibility, scalability, cost, and risk, especially when applied to critical infrastructure.

Cloud adoption in OT, or any environment, can not be a checkbox exercise. It requires a clear understanding of the operational environment, constraints, business operations, and what the cloud is expected to deliver. A structured risk model or maturity framework can help align cloud decisions with business goals and security priorities.

In some cases, cloud simply is not feasible. Remote sites with limited connectivity may face bandwidth or latency issues that make cloud-based services impractical if not unusable. Even in well-connected environments, teams should define what they want the cloud to solve. Is the goal centralized visibility, simplified updates, or outsourced analytics? Each use case brings its own security and architectural tradeoffs.

We’re going to take a closer look at key considerations OT teams need to evaluate before moving forward with any cloud solution.

Getting Cloud-Level Views of Operational Environments

There’s no denying the cloud can offer real advantages in OT, especially when it comes to visibility. Centralized access to telemetry and performance data across multiple sites enables operators and analysts to monitor environments in near real-time, without waiting for someone to drive to a remote location or manually pull logs. For widely distributed operations, that’s a meaningful gain.

Cloud-enabled visibility may also improve response times. Teams can spot anomalies faster, correlate data across sites, and prioritize where to act, all without jump hosts or boots on the ground. That level of access is especially valuable in environments where staffing is thin and time is critical.

Cloud backups can enhance disaster recovery, particularly when hardware failure, natural disasters, or ransomware compromises on-site systems. But that redundancy comes with a catch. If everything points to a single cloud provider and that provider goes down, the same systems meant to ensure continuity can quickly become a single point of failure. For critical infrastructure, that risk needs to be weighed carefully and mitigated with hybrid approaches or offline contingencies.

Of course, getting this level of visibility requires more than just pushing sensor data to the cloud. It demands deliberate architecture, access control, and safeguards to prevent the exposure of sensitive operational data. We’ll get into that next.

Identifying and Warding off the Storm Clouds

As every OT operator or analyst knows all too well, when it comes to OT environments, even milliseconds of delay can be detrimental to someone’s safety. That’s why the network requirements and resources for any cloud services under consideration need to be carefully considered for each site.

Latency is another major concern when it comes to deploying cloud technologies in an OT environment, especially if it can impact normal operations.

A cloud connection can also increase the attack surface of your environment. Many OT systems were never designed with constant connectivity in mind. When these systems are brought online to support cloud-based workflows, they introduce new risks that traditional security controls may not fully mitigate. Legacy protocols, flat networks, and fragile configurations can become exposure points the moment external access is introduced.

Cloud services also introduce new configuration and access risks. Misconfigured assets or overly permissive defaults can expose sensitive data or grant unintended access to critical systems. Every cloud-connected resource must be tightly controlled, monitored, and mapped to clear policies. Without that discipline, the convenience of the cloud can quietly become a liability.

The most dangerous scenario is also the most obvious: someone outside the organization gaining control or influence over operational systems through remote access. Whether it is a malicious actor or an accidental permissions issue, the risk is the same: systems behaving in unpredictable or unsafe ways because control has shifted beyond your perimeter.

Cloud dependencies can also become operational chokepoints. If a cloud service goes down, whether from an attack, misconfiguration, or vendor-side failure, and your architecture depends on it to function, you now have a single point of failure at the heart of your process.

This is why organizations must have response and recovery plans in place to ensure unauthorized access can be stopped and that operations can continue, even if any cloud-based services are unavailable.

Safely Navigating the Cloud(s) in Your Environment

The truth is, cloud-like functionality already exists in many industrial environments, even if it is not labeled as such. If your systems are sending data off-site or to enterprise networks for centralized monitoring, analysis, or storage, you are already operating in a hybrid model.

Many OEMs now ship equipment with remote support, telemetry collection, or predictive maintenance features built in. These functions often rely on internet-based communication to share data across geographies, whether to the vendor’s environment or your internal systems. In practice, these are cloud-adjacent capabilities, and they come with the same considerations around connectivity, control, and risk.

Certain vendors have machines and devices configured to allow for the ability to monitor telemetry data from specific machines or sets of machines across large geographical locations. This configuration can enable remote support, predictive maintenance windows, and other optimization opportunities. This, too, is similar to the visibility offered by some cloud services.

Industrial systems are becoming increasingly connected, and the internet is often the default means of connectivity. Pretending the cloud is not part of your environment will not make it go away, and ignoring it will not make it safer.

So what can you do? Instead of writing off the cloud entirely, the more innovative approach is to understand where and how it is being used, then define the controls needed to keep it secure. Any connection that allows operational data to leave the environment or enables remote access should be tracked, monitored, and governed by policy. This includes vendor support tunnels, telemetry relays, and remote dashboards.

Cloud can bring value. But in OT, value should never come at the cost of safety or reliability. With the right safeguards in place, cloud capabilities can enhance resilience and efficiency, without compromising the integrity of your operations.

~Jori 🤘🔥