I work at a site where IT have control over the SCADA VMs and they have always been airgapped from the corporate network and the internet for security reasons.
Now I would like to change this.
I have managed to convince them to allow access to the gateway from the corporate network (thank god) for accessing clients.
But, I would now like the gateway to have access to the internet for SSO, updates etc.
IT are dead against this.
I don't have enough of a knowledge on this subject matter to convince them otherwise.
Can anyone help me in this area to help my IT team understand why this can be done safely (and how it can be done safely).
The thought of manually managing all the users without SSO is giving me a headache just thinking about it...
Thanks!
1 Like
It's not about if it's possible. It's if IT is willing.
You could check out this if you haven't read it yet:
Ignition Security Hardening Guide | Inductive Automation