How should remote access be secured for OT vendor maintenance?

Best practices include: requiring MFA for all remote access sessions, using dedicated jump servers or remote access gateways rather than direct VPN access, limiting sessions to specific time windows approved for maintenance activities, recording all remote sessions for audit purposes, using ZTNA to limit vendor access to only the specific systems they need, and terminating remote access immediately when maintenance is complete.

Definition

Remote Access

Connecting to networks, devices, or systems from external locations. Remote access introduces significant risk in OT and IoMT environments not originally designed for external connectivity.

What is Remote Access?

Connecting to networks, devices, or systems from external locations. Remote access introduces significant risk in OT and IoMT environments not originally designed for external connectivity.

Remote access enables users, vendors, and administrators to connect to systems and networks from external locations. In OT and healthcare environments, remote access is used for vendor equipment maintenance, remote monitoring by managed service providers, clinical device management by manufacturers, and administrative access by staff working from home. Remote access has expanded dramatically, driven by operational efficiency requirements and accelerated by the COVID-19 pandemic.

Remote access is one of the most exploited initial access vectors in OT and healthcare attacks. The Colonial Pipeline ransomware attack was initiated through a compromised VPN account. The Oldsmar water treatment attack was conducted through remote desktop software left running on an operator workstation. Healthcare organizations regularly experience breaches through compromised vendor remote access credentials. The combination of persistent connectivity, often-weak credentials, and access to sensitive OT and clinical systems makes remote access a high-value target.

Securing remote access in OT environments requires balancing operational requirements with security controls. Vendor remote access is often a contractual requirement for equipment maintenance; the question is how to provide it securely. Zero Trust Network Access (ZTNA) solutions provide more granular control than broad VPN access — limiting each remote session to only the specific systems the vendor legitimately needs rather than broad network access.

Key Facts

Remote access is the initial access vector in over 40% of documented OT security incidents
The Colonial Pipeline ransomware attack started with a compromised legacy VPN account
Vendors with remote access to OT environments represent significant third-party risk
CISA recommends limiting remote access to dedicated jump servers with multi-factor authentication for all OT environments

How ORDR Addresses Remote Access

ORDR monitors remote access activity as part of behavioral baseline monitoring. Remote access sessions that fall outside normal patterns — access outside business hours, connections from unusual geographic locations, access to systems outside the vendor's typical scope — generate behavioral anomaly alerts. ORDR also identifies devices that are being accessed remotely, providing context for remote access session review.

See ORDR in action

Frequently Asked Questions

Back to Glossary

Complete visibility across your entire attack surface.

ORDR unifies IT, IoT, and OT asset intelligence so your team can see—and act on—what matters most.

REQUEST A DEMO Platform Overview