OT Security

Built for OT security.Not bolted on.

Digitillis reads sensor data in pull mode and never writes to your control layer. Air-gap friendly, IEC 62443 aligned, and deployable fully on-premise with zero data egress.

Request Datasheet for Security ReviewPlatform overview

Security architecture

Four pillars of OT-safe design

Every architectural decision was made with the Purdue Model in mind. Digitillis never touches your control layer.

Read-only OT access

Digitillis subscribes to OPC-UA and MQTT topics. It never writes to your control layer (L0–L2), never issues commands to PLCs or DCS systems, and holds no write permissions on any industrial control network segment. Platform automation actions (such as work order creation) operate at L3/L4 systems only.

  • OPC-UA subscriber mode only — no writes to control layer
  • MQTT subscriber — no publish to control topics
  • No PLC or DCS credentials of any kind
  • All sensor data flows outbound from OT — no inbound connections to control systems

Network isolation

The Digitillis edge gateway sits in your DMZ or Level 3 network. All OT data flows outbound only through the gateway. No inbound connections from the IT network or internet reach your OT zone.

  • Edge gateway deployable in Level 3 DMZ
  • Data diode compatible — supports hardware unidirectional gateways
  • No inbound connections from IT to OT
  • Firewall rule profile: one outbound port, zero inbound

Data residency

Process data stays on-premise. Only anonymized prediction outputs and model metrics leave the OT zone. Raw sensor values never traverse the internet in on-premise deployments.

  • Raw sensor data processed locally on edge gateway
  • Only prediction outputs sent to dashboards, not raw values
  • On-premise deployment: zero data egress to Digitillis infrastructure
  • Private cloud option: data stays in your AWS or Azure tenant

Credential-free sensors

Digitillis connects to your existing historian or MES using read-only service accounts. No new credentials are created on PLCs or field devices. Your OT security perimeter is unchanged.

  • Connects to historian or MES — not to PLCs directly
  • Read-only service accounts with minimum privilege
  • No new PLC or DCS accounts required
  • Compatible with existing OT credential rotation policies

Compliance alignment

IEC 62443, NIST CSF, and Purdue Model

Digitillis is designed for Level 3 of the Purdue Model only. It never operates at Level 1 or Level 2.

IEC 62443

Industrial automation and control systems security

Digitillis is designed for Level 3 (Operations) only. It never operates in Level 1 (Field) or Level 2 (Control). The read-only connectivity model aligns with IEC 62443-3-3 system security requirements.

NIST CSF

Cybersecurity Framework

Digitillis maps to the Detect and Respond functions. Anomaly detection, alerting, and prescriptive recommendations align with the DETECT and RESPOND tiers. No modifications to IDENTIFY, PROTECT, or RECOVER layers.

Purdue Model

ISA-95 / ISA-99 network hierarchy

Digitillis operates at Level 3 (Site Operations) and Level 4 (Business). It receives data from Level 2 (Control) via historian or MES, and can create work orders and update records in Level 3/4 systems (CMMS, ERP). It never issues commands to or writes to Level 0, 1, or 2 systems directly.

Air-gap deployment

Works with no cloud connection at all.

For environments where no data can leave the plant network, Digitillis deploys fully on-premise. All inference runs locally. ARIA operates in structured mode with no Anthropic API dependency. Dashboards serve from your internal network.

  • All ML inference runs on the edge gateway or on-premise server
  • ARIA structured mode requires no cloud API key
  • Dashboards served from your internal network
  • Model updates delivered via signed artifact packages, not internet
  • Works behind data diodes and hardware unidirectional gateways

Certifications roadmap

We hold ourselves to the same standards we recommend to customers. Here is where we are and where we are going.

  • SOC 2 Type IIIn progress

    Audit period underway. Report expected H2 2026.

  • ISO 27001Planned roadmap

    Planned following SOC 2 completion.

  • IEC 62443-3-3Architecture aligned

    Read-only OT design maps to SL1 requirements. Formal assessment planned.

Application security

Enterprise-grade IT security

Your operational data is your competitive advantage. We protect it at every layer of the application stack.

Authentication & access control

JWT-based authentication enforced at every API endpoint. All requests validated before reaching application logic.

Role-based permissions

Admin, operator, and viewer roles with fine-grained access control. No user sees data or actions beyond their permission level.

Service-to-service authentication

API key authentication for integration-to-integration calls. Every service credential is scoped to a specific operation.

Rate limiting & abuse protection

Configurable per-IP rate limiting with automatic blocking. Protects against abuse without impacting legitimate operational traffic.

Complete audit trail

Every prediction, action, approval, and configuration change is recorded with timestamp, user, and context. Immutable and queryable.

On-premise & private cloud

Deploy as per your choice. Option of full deployment within your own infrastructure for complete data sovereignty — no dependency on Digitillis cloud for any runtime operation.

Share the OT Security datasheet with your security team.

The OT Security datasheet covers network architecture diagrams, firewall rule profiles, data flow descriptions, and compliance alignment matrices. It is intended for your security review team and can be requested via the contact form.

Request OT Security Datasheet