Let’s talk about OT resilience! You’re probably right that those Windows 7 or XP machines don’t have much data — but they are driving your manufacturing floor, your pumps, and your monitors.
Unfortunately, your modern IT resilience, Cyber resilience, or Data resilience software stack is less likely to support those older OSs. But if you don’t have methods for securing and rapidly recovering your Operational Technology platforms, then you have a gaping hole in your resilience strategy.
transcript
Most data protection vendors, partners, and service providers talk about cyber resilience, data resilience, or maybe good old fashioned IT disaster recovery. The goal is to protect a modern server infrastructure combined with more cloud-based applications than you probably want to admit. The foundation for that resilience strategy is usually one or more backup solutions that includes replication, orchestration, cloud services, and integrated cyber capabilities to protect and recover myriad modern workloads. That’s all for IT.
How about OT – Operational Technology?
It’s easy for IT folks to say “Those couple 100 Windows 7 or XP machines don’t have much data on them” and they’re probably right. But those little platforms drive your manufacturing floor … your oil pumps … your health monitoring tools … and millions of other capabilities that your business cannot afford to be without.
In the 30+ years that I’ve been doing this, I’ve rarely seen a data center IT backup technology successfully applied to OT devices.
- Most IT software vendors don’t want to deal with supporting legacy OS’s — and I get it. But those OS’s are purpose-built and deployed in such a way that it makes no sense for those vertical vendors to deliver on the latest 2025 build of Windows 11.
- Just as important, OT deployments don’t have technicians ready to jump into action. In fact, in many cases, those devices may not even be Internet connected, so the requirements for preventing disruptions and assuring recovery are inordinately different.
To be fair, the same way that most IT resilience solutions won’t be effective in protecting and recovering OT, best of breed OT solutions probably aren’t as good a fit in the modern IT data center and clouds — and that’s OK.
What is not OK is to plan for your organization’s resilience from ransomware, disasters, and every other bad thing without considering the OT systems that your business relies on and quite possibly aren’t anywhere in your resilience strategy.
Most environments have a primary data center backup solution that they usually supplement with something for virtualization … for 365 … for other production clouds. My guess is the forward-thinking environments are probably also supplementing for the protection of their OT systems, as well. If that’s you, I’d love to hear what you’re using and why … so send me a message, an e-mail, or leave your thoughts on the original LinkedIn article.