
Safe-T Secure Application
Access Brochure
Download
PROVIDING SECURE REMOTE ACCESS TO OT ENVOIRMENTS
Your Challenge – Many organizations see the great need to establish a stable and well-supported remote-work program that would allow employees to access resources from home in typical times as well as in DR scenarios. Organizations with OT environments have a special concern in this regard due to the critical nature of these systems and often because of the regulations involved (NERC/FERC/HITRUST, etc.).
There are many ways to technically achieve remote access but they are either very insecure or complex (or both). The reality is that without extremely high levels of internal network segmentation, the typical methodologies such as VPN provide a level of security risk that is just not tolerable. The alternative is to directly expose resources to the Internet, which is also too much of a risk, especially with regards to OT Environments.
THE SAFE-T SOLUTION
With Safe-T’s Secure Application Access, you can provide highly secure access to your OT systems and devices via a Software Defined Perimeter solution without the need to dismantle your VPN for other, less sensitive access. Using our SDP solution, access is only granted to these resources after authorization has been completed. Access to these OT systems can then be disabled on the VPN, ensuring that only fully authorized remote users can even connect to a resource under the Safe-T solution.
As can be seen in in the figure below, the Safe-T Secure Application Access solution is composed of three servers. The solution is deployed in multiple tiers within the organization and cloud:
- Cloud tier– includes the Authentication Gateway which is deployed on-premises or in a cloud location (Amazon, Azure, etc)
- DMZ tier– includes the Access Gateway
- LAN tier – includes the Access Controller which connects to the organization’s backend applications, storages and authentication services (IDP, IAM, etc).

BENEFITS
- No behavior changes to your non-OT users—continue using your VPN client
- No need to remove/change existing network and security components
- Authenticates users before granting access, with almost zero network change
- Dynamic, on-demand resource access according to user role/permission
- Takes your users off the network and close firewall ports for enhanced security