Industrial environments — from manufacturing plants to transportation hubs — are often intentionally cut off from the public internet. This “air-gapped” design shields operations from cyber threats and ensures stability, but it also creates a challenge: the devices in those networks still need updating, monitoring, and support.
This device management dilemma sits at the intersection of operational technology (OT) and information technology (IT), forcing organizations to weigh the security and reliability of on-premises control against the efficiency and scalability of remote management. The result is a balancing act — one that many enterprises are still learning to master.
Why Connectivity Isn’t Optional
Industrial systems — whether they’re running a refinery, a water treatment facility, or an automated warehouse — rely on a complex network of connected devices. These devices manage processes, collect sensor data, and enable operators to make informed decisions in real time.
Even in isolated networks, they require regular firmware updates, configuration changes, and monitoring. Alerts are critical if a device goes offline or performance drops. Left unmanaged, outdated or misconfigured devices can become operational weak points, leading to downtime or vulnerabilities.
But in air-gapped environments, traditional cloud-based device management tools can’t reach these systems directly. That gap forces operators to find ways to update and manage devices without introducing security risks — a task easier said than done.
The Limits of “Cloud-Only” Thinking
Over the last decade, industries embraced the scalability and convenience of the cloud. Many assumed the future of device management would be entirely remote, with centralized platforms handling updates, analytics, and control from anywhere.
For office IT, that shift largely made sense. But in industrial settings, the move to cloud-only models often left OT teams behind. Critical plant systems stayed offline for security and stability reasons, making cloud-based tools impractical.
The result: OT teams resorted to more manual, resource-intensive processes. In some cases, they relied on vendor-specific workarounds or pulled in third-party solutions not designed for industrial realities. Over time, the limitations of cloud-only models became clearer — especially as cyber threats grew more sophisticated and compliance requirements tightened.
Today, many industrial organizations are adopting a hybrid approach: on-premises management for air-gapped networks, paired with cloud-based tools for systems that can safely connect to the internet.
An on-premises management platform can give OT teams complete visibility into their devices, even without an external connection. They can push firmware updates, adjust configurations across multiple units at once, and receive real-time alerts when issues arise. Templates or “gold images” can standardize deployments, reducing the risk of errors and minimizing the need for senior engineers to perform every setup task.
This approach also supports workforce efficiency — a critical advantage given the labor shortages and skills gaps affecting industrial operations. Less experienced technicians can handle deployments using pre-approved templates, while more seasoned staff focus on higher-value work.
Security by Design
For industries that depend on uptime, security is non-negotiable. Air-gapped networks already reduce the attack surface, but device management tools must add their own safeguards.
Modern on-prem solutions can encrypt all communication between management software and devices — often using TLS 1.2 or higher — ensuring data isn’t transmitted in plain text. They can also encrypt serial communications by default, further limiting opportunities for interception.
This layered approach means that even if there is some connectivity between the business network and the OT side — as is often necessary for reporting and operational oversight — the devices themselves remain protected from external intrusion.
When device management is mission-critical, redundancy isn’t just a nice-to-have — it’s a requirement. Many industrial operators are now deploying multiple on-prem management instances to ensure they don’t lose visibility or control during maintenance windows or unexpected outages.
By maintaining synchronized instances, operators can fail over seamlessly, avoiding blind spots that could disrupt production or compromise safety.
Listening to the Operators
One reason hybrid strategies are gaining traction is that they’re shaped by the real-world needs of industrial operators. Rather than forcing a “cloud-only” or “on-prem-only” model, the most effective solutions mirror the workflows, interfaces, and reporting capabilities operators already use.
For example, an on-prem platform that mimics the look and feel of its cloud counterpart can ease the learning curve for staff who manage both connected and air-gapped environments. Similarly, offering API access and syslog integration lets organizations feed device data into existing monitoring and analytics systems without re-architecting their infrastructure.
As industrial IoT continues to evolve, the gap between OT and IT is narrowing — but it’s not disappearing. Air-gapped networks will remain a fixture in sectors where security and uptime are paramount. At the same time, cloud adoption will continue where it makes sense, especially for analytics, remote collaboration, and centralized oversight.
Future device management platforms will likely become even more seamless across these environments, enabling operators to switch between on-prem and cloud contexts without retraining staff or duplicating effort. Expect to see more emphasis on consistent user interfaces, deeper analytics capabilities, and AI-driven insights that can operate locally as well as in the cloud.
For industrial organizations, managing connected devices isn’t just about keeping the lights on — it’s about maintaining safety, security, and efficiency in some of the world’s most demanding environments. Balancing on-prem control with remote management needs isn’t a one-time decision; it’s an ongoing strategy that must adapt as technology, threats, and operational requirements evolve.
By adopting flexible, secure, and operator-friendly approaches, enterprises can ensure that whether a device is across the plant floor or across the country, it remains visible, manageable, and ready to perform.
Ron Elliott is an experienced Information Technology Supervisor with a demonstrated history of working in the oil & energy industry. He’s skilled in VMware ESX, Servers, Windows Server, Window, and Employee Training.