Applying Zero Trust to IoT and OT Networks

Industrial IoT and operational technology networks are the next frontier for zero trust microsegmentation. Unlike traditional IT environments, OT networks have unique constraints — legacy protocols, real-time requirements, and devices that can’t be patched.

Why OT Networks Need Microsegmentation

OT networks were historically air-gapped. That’s no longer true. Connected sensors, remote monitoring, and cloud-based SCADA have blurred the boundary. A single compromised IoT sensor can become a pivot point into the operational network.

The Constraints

• Latency sensitivity: Production line tolerances are measured in milliseconds. Encryption and inspection at every hop isn’t feasible.
• Legacy protocols: Modbus, DNP3, and PROFINET were never designed with security in mind.
• Device lifecycle: Industrial switches and PLCs have 10-20 year refresh cycles.

A Practical Approach

1. Identity every flow — map all east-west traffic between IoT/OT devices
2. Define minimal permitted paths — not “VLAN A can talk to VLAN B” but “sensor-12 can send telemetry to collector-3 on port 502”
3. Enforce at the network layer — microsegmentation via policy, not per-device agents

Full deployment guide: https://microsegmentation.uk/posts/what-is-microsegmentation/