Small and Medium-Sized Industries:
Zero Trust remote access management to reduce risks in industrial environments
According to the IBM X-Force 2025 Threat Intelligence Index report*, the manufacturing industry is the most targeted sector by cyberattacks worldwide. The main causes include the exploitation of publicly accessible applications, valid credentials, and remotely accessible services. These factors reflect cybercriminals’ tendency to take advantage of poorly configured or insufficiently secured access points.
In such a context, identity and access management — especially for remote access — has become a top priority for companies in the manufacturing sector.
This article outlines the challenges faced by small and medium-sized manufacturers (SMEs) in securely managing identities and access, and presents practical solutions to address them.
Small and medium-sized industries, essential links in supply chains
Because they manufacture essential components for other industries and often act as subcontractors or suppliers to large corporations, small and medium-sized manufacturers are crucial links in supply chains. Their strategic position and economic importance make them particularly attractive targets for cybercriminals.
While some legacy technologies are still used in the sector, manufacturing has also become highly automated, increasing its exposure to cyber threats. Malicious cyber incidents targeting these companies can have severe operational and financial consequences: financial losses due to production disruptions or shutdowns, costs related to damaged or destroyed products, downstream supply chain disruptions or paralysis, leakage of sensitive know-how, loss of market opportunities, reputational damage, and erosion of customer trust.
Due to their activities and their key role in the supply chain, small and medium-sized manufacturers face strong compliance requirements. Several subsectors — including medical devices, IT products, electrical equipment, and machinery — fall under the European NIS 2 Directive. Companies subject to this regulation must meet specific security requirements, particularly regarding identity and access management. By providing secure access control, multi-factor authentication (MFA), and identity management, IAM solutions are key enablers for NIS 2 compliance.
In terms of compliance, the industrial sector also refers to standards such as ISA/IEC 62443 and NIST 800-82 (Revision 3). While these are not legal obligations, they are often required by customers, insurers, or regulatory bodies during audits. Adhering to their recommendations and best practices is therefore strongly advised.
Implementing secure identity and access management is essential for enabling manufacturing SMEs to ensure production continuity under all circumstances and strengthen their overall cyber resilience.
What challenges do small and medium-sized businesses face in terms of security, identity and access management (IAM)?
A complex industrial environment with multiple access points
Because of the wide scope of their operations, small and medium-sized manufacturers often have production sites and employees spread across multiple locations, subsidiaries, and plants — sometimes operating 24/7 — and distributed across different regions, countries, and even continents. Such an organization increases the attack surface and makes identity and access management far more complex.
Industrial environments have undergone profound transformation in recent years. While digital transformation has been a key driver of innovation, it has also created new needs — particularly regarding the traceability of access to Industrial Control Systems (ICS). The goal: to know who connected to which application or machine, did what, and when — with evidence to support it.
The growing interconnection and segmentation of IT and OT environments is another defining feature of modern industrial systems — and a major cybersecurity challenge in itself.
Remote access security: a priority issue
In an industrial environment, different types of users need to remotely access critical resources and applications to perform various actions such as maintenance, updates, monitoring, or control. Remote access security therefore concerns both internal employees and a wide range of external partners — suppliers, manufacturers, and service providers — who may number in the dozens.
Still widely used, the practice of providing access to industrial environments through VPNs is no longer suitable. VPNs create a permanent connection to the network — one that is both intrusive and incapable of tracking user activity on the equipment. Moreover, managing VPN access is complex and places an excessive workload on IT teams.
On top of these challenges comes the need to optimize the workload of IT teams within manufacturing SMEs, in a context of constant transformation and increasing cyber threats.
Zero Trust identity and access management for improved industrial performance with the cyberelements platform
The cyberelements Zero Trust IAM platform covers the three main use cases for remote access to industrial environments:
Secure remote access to an engineering workstation, for example, one located within a plant and hosting an ICS application.
Remote use of the manufacturer’s application via a bastion, for instance, when a manufacturer needs to access an industrial device in a plant to perform maintenance operations (a typical privileged access management — PAM — use case).
Secure file transfer.
Zero Trust access management
cyberelements is built on a protocol-level break “by design” and provides access through a centralized HTML5 web portal. This architecture ensures that no direct connection is ever established between the endpoint and the OT environment. Since third-party devices are inherently unmanaged, they do not have direct network access to the industrial environment.
cyberelements addresses the need to control “who connects to the industrial environment and how” by securing all web administration consoles in a simple way — without requiring any client or server. By recording web sessions, cyberelements provides increased visibility into all actions performed within the environment.
The use of a password vault with on-the-fly password injection and automatic rotation ensures that authentication secrets are never exposed.
Multiple MFA modes are supported to accommodate a wide variety of user experiences.
Converged IT/OT systems management ensuring watertight separation between the two
As a convergent platform, cyberelements enables centralized access to both IT and OT systems while ensuring complete separation between them through a multi-tenant, multi-gateway approach. Administrators can create a dedicated instance for OT users and another for IT users. Tenants can also be used to segment regulated OT systems (for NIS compliance) from non-regulated OT systems.
In summary: secure remote access for small and medium-sized businesses
The manufacturing industry is the most targeted sector worldwide by cyberattacks. Small and medium-sized manufacturers (SMEs) are essential yet vulnerable links in the supply chain.
The interconnection and segmentation of IT and OT environments, the proliferation of geographically distributed sites, and the need for remote access by multiple stakeholders create a large attack surface and complicate access management.
As a Zero Trust IAM platform, cyberelements addresses the security challenges of remote access through Zero Trust identity and access management and its ability to provide convergent management of IT and OT systems while ensuring complete separation between the two.
Several SMEs have deployed the cyberelements platform to secure remote access to their IT and industrial systems and rigorously manage identities and access rights.