Request Consultation
Blogs

Industrial IoT: Connecting OT to IT Without Breaking Either

OT/IT convergence is the holy grail of Industry 4.0 — and the place most projects stumble. The architecture patterns that work.

Apr 09, 2026 5 min

The factory floor speaks one set of protocols. The cloud speaks another. Connecting them is its own engineering discipline.

Operational Technology (OT) and Information Technology (IT) grew up apart. The factory floor runs Modbus, OPC, and Profinet over isolated networks. The cloud runs HTTPS, MQTT, and gRPC over the public internet. Bridging them safely is the central challenge of Industry 4.0.

The threat model

OT networks are built on the assumption that nobody hostile is on them. PLCs trust any device that can route to them. Connecting a PLC network to the cloud naively is a security catastrophe waiting to happen. The discipline of OT/IT integration is, more than anything, a security discipline.

The Purdue model, updated

The Purdue Enterprise Reference Architecture defines hierarchical zones: Level 0 (sensors), Level 1 (PLCs), Level 2 (SCADA/HMI), Level 3 (manufacturing operations), Levels 4-5 (corporate IT). Modern Industrial IoT respects this hierarchy: data flows up through controlled gateways, never directly from the cloud to the PLC.

The DMZ pattern

A demilitarized zone (DMZ) sits between OT and IT. The DMZ hosts brokers (MQTT, OPC UA), firewalls (one-way data diodes for high-security environments), and gateways. PLCs talk to the DMZ; the DMZ talks to the cloud. Each direction has explicit, auditable rules.

OPC UA as the lingua franca

OPC UA (IEC 62541) is the modern standard for OT data. Self-describing, secure, vendor-neutral. Most modern PLCs (Siemens, Rockwell, Beckhoff, Mitsubishi) speak OPC UA natively. Cloud platforms (AWS IoT SiteWise, Azure IoT Industrial) ingest it directly. Pick OPC UA over Modbus where the equipment supports it.

MQTT for time-series

For high-volume sensor data, MQTT (with MQTT Sparkplug B for industrial use) is the standard. Brokers like HiveMQ, EMQX, and AWS IoT Core scale to millions of devices. The Sparkplug B specification standardizes payloads and topic namespaces — adopt it.

Edge compute reduces backhaul

Send aggregates to the cloud, not raw sensor streams. Run filtering, aggregation, and anomaly detection on edge gateways. NVIDIA Jetson, Siemens Industrial Edge, and Azure IoT Edge all enable this. The cellular bill alone justifies the architecture.

What we ship

For client IIoT projects: OPC UA from PLCs to a Siemens Industrial Edge or custom Linux gateway. MQTT (Sparkplug B) from gateway to a cloud broker (HiveMQ or AWS IoT). InfluxDB or TimescaleDB for time-series storage. Grafana dashboards for operators. ClickHouse warehouse for long-term analytics. The pattern is durable and the security audit story is straightforward.