Knowledge Nov 24, 2025 What Will It Take to Secure the Future of Manufacturing? Disrupting 30 Years of Legacy Tech

In a firewall-free factory, security policies are not tied to physical networks—they follow the user, device, and workload dynamically.

In today’s rapidly evolving industrial landscape, manufacturing isn’t just about machines and assembly lines—it’s about connectivity, intelligence, and resilience. At KDDI America, we believe that the factory floor of tomorrow must be designed for the networked age: where every device, system, and user interacts securely and with agility. The smart factory era demands more than incremental upgrades—it demands transformation. KDDI America stands ready to partner with manufacturers who are ready to leave behind decades of outdated perimeter thinking and embrace a future built on secure, cloud-enabled, zero-trust connectivity.

The manufacturing renaissance spurred by smart factories and industrial automation is a double-edged sword: On one side is value and modernization, and on the other is its side-effect, a massive expansion in attack surfaces. Unfortunately, the old way of securing it all, itself exacerbates the problem.

“Billions of dollars have been and are still being poured into legacy network and security solutions,” says Deepak Patel, a Zscaler senior director overseeing product management for OT. “Thankfully, as decision makers get to truly know the business risk, the industry is starting to overcome 30-year-old inertia.”

Many manufacturers still use old ways to protect their walls—VPNs, access control lists and firewalls to segment and secure their networks. It is understandable, as the industry has enough challenges to deal with. But outdated security approaches were never intended for today's connected industrial environments. “To put it simply, manufacturers need to transform their networks because otherwise it’s impossible to be secure,” according to Patel. 

Legacy perimeter security assumes everything inside the network is trustworthy. This worked when factories were isolated, but now smart factories connect to the cloud, are accessed remotely, integrate with third parties, etc. The price tag for continuing with traditional security includes the following:

• Costly and complex VPNs and firewalls: Their management and maintenance puts a time- and labor-intensive burden on IT teams.
• Lateral movement: Shared VLANs allow devices to communicate between each other freely, making OT environments vulnerable to ransomware and malware spread.
• Third-party access blind spots: Suppliers and contractors often have persistent, broad network access, increasing exposure.

Examples include the ransomware attack that shut down Bridgestone Americas’ manufacturing facilities in North and Latin America for about a week in 2022. Soon later, Toyota suspended operations at all of its domestic plants in Japan after a supplier, Kojima Industries, suffered a cyberattack, leading to an output loss of about 13,000 cars. 

Many companies are already making the move to agentless, zero-trust based, device-level segmentation. A major automotive company is using Zscaler solutions across their production plants, isolating every device, workload, and user from threats. By eliminating implicit trust and applying segmentation dynamically, they’re significantly reducing the attack surface. 

One of the most exciting evolutions in zero trust for manufacturing is the move toward firewall-free factories. Historically, OT segmentation has relied on physical firewalls, VLANs, and access control lists (ACLs) to separate production environments from IT and external networks. But this approach has proven costly, complex, and ineffective at stopping lateral movement.

Firewalls have always been seen as the main part of industrial security. But they have problems that make them a challenge to keep managing in today's manufacturing environments.

• Operational complexity: Managing thousands of firewall rules across multiple sites and cloud environments consumes resources and is error-prone.
• High costs: Firewalls and SD-WANs require ongoing maintenance, dedicated appliances, and complex configurations that drive up costs.
• Security gaps: Firewalls assume internal traffic is safe, which makes them ineffective against insider threats and compromised devices.

True security protects individual assets, applications, and connections—not just the perimeter. By shifting to firewall-free factories, we can replace perimeter controls with zero trust microsegmentation.

In a firewall-free factory, security policies are not tied to physical networks—they follow the user, device, and workload dynamically. Instead of relying on IP-based segmentation, zero trust enables:

• Device-level microsegmentation: Each OT asset (PLCs, sensors, controllers, and others) is isolated in a “network of one,” stopping malware spread. Extending zero trust to LANs eliminates lateral movement without firewalls, NAC, or VLAN dependencies.
• Identity-driven access: Operators, engineers, and vendors are granted access based on who they are, not their network location.
• Zero trust remote access: Contractors and suppliers receive temporary, restricted access with full visibility and monitoring.

Agentless zero trust segmentation simplifies security by eliminating complex ACLs and firewall rules, enabling granular segmentation without infrastructure changes. It also acts as a ransomware kill switch, automatically blocking nonessential device communication to stop lateral movement without disrupting operations. This prevents ransomware from spreading across IoT and OT environments, minimizing the risk of operational downtime. 

A network with Zscaler zero trust device segmentation, as in the depiction below, means the Zscaler Zero Trust Exchange is the default gateway and policy enforcement point for all traffic. It collects telemetry, learns about how ‌factory networks work, and evolves policies to control access to IT and OT segments (after it groups them autonomously). 

The architecture allows you to isolate OT systems into a segment of one, and restrict factory floor access to known MAC addresses. East-west firewalls, NAC appliances/agents, and micro-segmentation agents are not necessary, meaning a very small IT footprint with greater security. All this with a cratering of total cost of ownership compared to alternatives.