Protect your sites and industrial controller systems (ICS).

Secure Access Management for Critical Operational Technology (OT) 

Secure remote access for on and off-site operators and maintenance engineers with PrivX OT Edition.

Get the OT White Paper




role-based access control (RBAC)

Flexible segregation, segmentation restriction management with access groups, workflow approvals and extenders

3rd party access management

Easy to use by the supply chain and external contractors  - and for auditing their remote access

swiss army knife of tech for industry 4.0

Comprehensive functionality for OT targets & applications in the hybrid cloud, including RDP, VNC, HTTP(S) and SSH


Identity and authorization verified in real time, every time, for every user and connection attempt without permanent credentials. On-site job approvals. Just-in-time Zero trust access.


Manage multiple user groups, vendors, geographies, and asset types with ease. Users only see the resources they have the right to access with least privilege. No exposed secrets. User ID always visible.


Update role memberships in real time from user directories (LDAP, AD) or IAM/IGA systems for multiple targets based on on-premise, hybrid cloud (AWS, Azure, GCP) or SaaS technologies in IT/OT convergence.

OT ICS cybersecurity for Industrie 4.0 and IIoT in IT/OT convergence

System up time is critical in IIoT/OT environments and it requires constant monitoring and management of the devices and systems within them. Access to resources must be governed, identified, authorized, approved, audited and monitored in a secured and restricted manner. Proper secure access must be implemented in accordance with regulations, directives and practices, such as the EU network information security (NIS), NIST, IEC62443 and ISO27001.

With cloudification and IT/OT convergence, site engineers, administrators, maintenance personnel, remote operators and consultants access OT targets remotely, including:

  • Industrial control systems (ICS)
  • Supervisory control and data acquisition (SCADA)
  • Programmable logic controllers (PLC)
  • Discrete process control systems (DPC)
  • the human-machine interface (HMI) remote terminal units (RTU)

PrivX OT Edition

PrivX OT Edition is a tailor made secure access management solution for the requirements of the highly automated operational technology in the middle of IT/OT convergence.

Provide secure, single sign-on (SSO) access with optional multi-factor authentication (MFA) to any OT target. Restrict the level of access to the least amount of privilege needed to get the job done. Apply a level of granularity that VPNs and firewalls alone cannot provide. All through one centrally managed system.


PrivX OT Edition aligns manufacturing industries and critical infrastructure providers  with the Zero Trust cybersecurity framework that advocates the principle of ‘Never trust, always verify’, providing  just-in-time access for every connection for operational and cost efficient access management.

Learn more about the unique PrivX Technologies behind the solution.

PrivX Technologies

Manufacturing: the 2nd most-attacked industry

According to IBM, manufacturing moved to second place in 2020, up from eighth in 2019. Typically, vulnerable credentials are leveraged for ransomware attacks.


The EU Commission has estimated a 22 % increase in costs for implementation of NIS 2.0. 


In Q1 2021, there was a massive increase in attacks agains VPN services, driven by the popularity of remote work. 

Zero Trust prioritized in the US

“...[Advance] toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)” - President Joe Biden.

faster operations with automation

Secure access made fast and easy 



Keep your joiners, movers and leavers in sync with the targets they need to access automatically. Enjoy a minimized need for manual configurations or maintenance



PrivX OT Edition is based on cloud-native architecture with microservices and open REST APIssfor all functions. That's why it is light on hardware requirements but great on scalability, resiliency and high availability (HA) in any technological context.


Fast and flexible to deploy

Deploy PrivX OT Edition to:

  • Cloud (AWS, Azure, GCP), private clouds and virtual machines (VM)
  • on-premise (datacenters or manufacturing sites)
  • hybrid and legacy environments.
zero trust access WITH no leave behind credentials

Users and secrets managed


Identified and audited

Clear and easy-to-use

  • workflows for managing roles, approving sessions and segregation of access to targets and sites
  • on-site and off-site secure access for 3rd parties, remote operators and maintenance engineers
  • multi-factor authentication (MFA), role-based access control (RBAC) , audit trails and session recording.   

Centralized control room

PrivX OT Edition synchronizes identities from multiple directories, including  Active Directory (AD) Lightweight Directory Access Protocol (LDAP), and OpenID and maps them automatically to the right roles. All accessible targets managed under a single pane of glass.


Easy to use and secure

Enhance productivity through a single-sign-on (SSO) and HTML5 ‘thin-client’ user interface. No software agents on the client or the server, no complex configuations. Just-in-Time Zero Trust access without credentials left behind for misuse.

compliant secure remote accesS

Comply with regulations 


ISA/IEC 62443

ISA/IEC 62443 Industrial Automation and Control Systems Security series of cybersecurity standards is applicable to automation and control system applications. 


ISO 27001

ISO 27001 is one of the most recognized industry standards. In particular annex A.9.1 of ISO 27001:2013 focused on the business requirements of access control. 



The European Network And Information Security Directive (NIS) is applicable to measures for the security of network and information systems across the Union. 



National Institute of Standards and Technology  (NIST) has several recommendations for proper access control and governance, including NIST Special Publication 800-210 for General Access Control Guidance for Cloud Systems.

Customer cases and use cases

Global IoT Device Provider Secures Maintenance Operations 

Premise: Headquartered in Europe, the customer is a manufacturer of home appliances with a turnover of +10 B€, +50K employees and +35 factories worldwide. The company’s brand portfolio includes more than 10 well-known appliance brands. 

The customer was looking for a secure access management solution that would radically reduce the risk of sharing a 'golden key' that grants access to all their IoT devices.

Challenge: The golden key was shared among all QA Engineers that connected to customer IoT devices to perform maintenance tasks. This was a serious security risk since often the identity of key users was unclear. The QA Admins were also constantly manually rotating and managing new golden keys.


Solution: With PrivX Privileged Access Management solution, the customer was able to ensure that their Quality Assurance Engineers would be able to maintain IoT devices as easily as before but without actually handling, sharing, or seeing keys anymore.

Moreover, all sessions are identified and tracked, the QA Engineers are assigned the right role for the task at hand on login and the golden key is used through a vault. The key is safe from misuse, accidental misconfigurations or ending up in the hands of bad actors looking to steal intellectual property (IPR). Moreover, QA Admins no longer need to replace and rotate keys all the time.

Learn more in the full case study below.

IoT Customer Case

Secure OT access for 3rd  party engineers in power plant

Premise:A global energy company operating dozens of electricity plants. Each plant has critical equipment (OT devices) from 3rd party vendors with service contracts. Access to OT devices is realized through an application gateway. The company needed a secure remote access solution to allow 3rd party vendor technicians to perform scheduled and on-demand maintenance.

Challenges: 3rd parties had visibility into the whole OT environment. No visibility into the use os shared credentials.  Granting access took a long time and revoking access was cumbersome No session monitoring or audit trail.

PrivX OT Edition- Power plant-1

Change: Direct access to the application servers is restricted, and externals don't  handle shared credentials. No one ever sees any access secrets. User IDs are verified by multi-factor authentication (MFA) and are visible with access sessions. Effective workflows for access requests and approvals.  Time-boxed access for the OT target site; automatic revocation after the job is done.  Always up-to-date list of OT targets  based on user role (RBAC). Session recordings and auditing events for SIEM.


A Marine Vessel Operator Secures Remote Access and IoT Data Collection 

Premise: With the help of IoT sensors, on-board computing, satellite communication and cloud-based analytics, the customer aimed to enhance operational profitability.  However, connectivity from the public cloud environment to mission critical vessel systems came with risks.

Challenges: Limited transparency into the remote access without visibility into the sessions. The VPN connections to the ship networks were  always on. Indiscriminate access to all areas once logged in to VPN service. Untracked and unidentified connections to ship subsystems. Shared accounts and manually managed access credentials.

Change: Increased transparency and compliance via audit trail and session recording. Secrets secured and managed centrally for risk mitigation. Automated linking of roles to identities. Just-in-Time (JIT) access granting and revocation with least privileged for granular security. Scalable cloud deployment and increased level of automation for easy fleet expansion.

Secure OT remote access for 3rd party vendors in an industrial automation environment

Premise: The customer is a global manufacturing company operating in dozens of factory sites in multiple regions. There are production-critical automation equipment on each site that needs to be accessed by multiple 3rd party vendors and in-house personnel.

RDP, SSH, and VNC connections were managed via Citrix and (programmable logic controller) PLC access is administered on the VPN and network level. The company needed modern centralized solution for all access protocols as well as role-based approval process tool.

Challenges: The previous solution lacked transparency and a proper audit trail for sessions and tasks performed on the device. No visibility into the use of shared credentials. The VPN solution did not provide needed granularity to be secure.


Change: Access to OT targets inside the demilitarized (DMZ) network is now done via PrivX and its Extender component (reverse proxy) offering secure connections between sites. Internal and External users (such as on and offsite maintenance engineers) now have access to the required resources with just enough access (JEA) permissions needed to get the job done and based on their roles.

Access can be granted quickly for a predefined timeframe and in just-int-time (JIT) fashion. Available resources are listed in a single view which allows easy and more efficient way of work. User IDs are verified by multi-factor authentication (MFA) and are linked to individual, monitored sessions.

Access requests are handled via built-in workflow tools providing a proper approval process. Connections are authenticated with Ephemeral Certificates or vaulted secrets that are not visible for end user.

Why the Manufacturing Industry Should Get Serious About Zero Trust and Just-in-time Access

IT/OT convergence is shaking up the utility, transportation, energy and manufacturing industries. Learn why secure remote access is at the center of this transformation and how companies can protect their critical operations.

Read the blog

Zero trust remotE access for OT

White Paper: Secure Access Management for Operational Technology (OT) and Critical Infrastructure

Learn why OT and IIoT need to transcend VPNs, firewalls and various remote access tools to stay safe from threats and risks. Fill in the form to get your copy of this White Paper by SSH.COM.

Thanks for submitting the form.

Click to download the PDF