In a new episode of the Beyond Tomorrow podcast, Cecilia Jacobsson, Business Area Manager at PlantVision , and Martin Eriksson, CEO and founder of cybersecurity company Xertified, meet to discuss precisely this: how we can create secure remote access to our OT networks without compromising security.
It is a conversation that moves between technology, strategy, and reality—and challenges old truths about how security should be built.
From VPN to real control
"Letting someone in via VPN is like opening the door to the office lobby and saying, 'Welcome and good luck,'" says Martin Eriksson. It's a comparison that pinpoints the problem with traditional solutions. In a world where production environments are complex and collaboration takes place across geographical and organizational boundaries, firewalls and traditional segmentation are no longer enough.
Instead, a new approach is needed, where security is built around each individual resource rather than around the network.
When security becomes an obstacle
What happens when security becomes too complicated? "We've seen examples where it takes three weeks to give a subcontractor access to a factory for a job that takes 30 minutes," says Martin. But an even bigger problem is remembering to close that route again after the job has been done.
It is in situations like these that shadow IT can arise, i.e. when employees find their own ways into the systems to get the job done. This is a well-known phenomenon in the industry and a clear sign that solutions must be both secure and user-friendly.
The threats are both clever and real
Cybercrime is now the world's third largest economy, and attackers are using AI to gain access. Fake Teams calls, credible emails from the boss – this is a new reality where social engineering has become one of the biggest risks.
"You need to know who is trying to get in, and what they are allowed to do," says Martin. Identity management is therefore becoming a cornerstone of future security work – something that is also highlighted in new regulations such as NIS2.
From three weeks to 20 seconds
There are solutions. By decoupling security from the network and instead building it around each resource, it is possible to create an environment where remote access is both secure and convenient. Martin describes it as putting a digital padlock on each machine. "You shouldn't even be able to knock on the machine if you don't have the right to be there."
He calls it "nano-segmentation" – a security model where protection follows the machine, regardless of where it is located. This allows you to move your equipment between factories, countries, or networks without compromising security. "It shouldn't take more than 20 seconds to grant someone access rights," says Martin. "And you should be able to do it without being an IT expert."
This approach not only enhances security, it also opens up opportunities for better utilization of expertise, faster collaboration, and increased flexibility at a time when the industry is facing major challenges.
Hide everything and show only what is necessary
The new approach is based on two principles: minimizing access and individualizing it. "Trust no one and verify everyone!" says Martin. It may sound harsh, but Martin believes that this motto is the key to better collaboration. Because it's not about mistrust, but about control.
In an era where industry needs to share expertise across company boundaries, where technicians and partners collaborate in real time, it is crucial to be able to give the right access to the right person – and only to what they actually need.
"Security isn't about building walls, it's about building trust in the right way," explains Martin.
Don't chase perfection
The section concludes with a simple but powerful insight: you don't have to be perfect—you just need to be better prepared than the others. "The goal is to make your business uninteresting to those who wish you harm," says Martin. "Then they'll move on to someone else."
Want to learn more about how you can create secure remote access in your business—without compromising efficiency or user-friendliness?
