VPN

A VPN, or Virtual Private Network, is a technology that creates an encrypted communication tunnel over a shared or untrusted network, such as the public internet, between defined endpoints. It is commonly used to provide remote or site-to-site access to internal networks while protecting data in transit from interception or tampering.

Core characteristics

In industrial and regulated manufacturing environments, a VPN commonly refers to a controlled method for connecting:

• Remote users (for example, engineers, support staff, or vendors) to internal OT/IT networks
• Sites or facilities to each other (site-to-site VPNs) over external or carrier networks
• Plants to cloud services in a way that limits exposure of internal systems

Typical properties include:

• Encryption and authentication: Traffic is encrypted and endpoints must authenticate (for example, with certificates, credentials, or MFA) before access is granted.
• Logical segregation: The VPN creates a logically private path over a shared medium but does not, by itself, define network segmentation or security zoning.
• Policy-driven access: Access can be restricted by user, device, network, or application, and is usually governed by documented security policies and change control in regulated settings.
• Protocol-based implementation: Common technologies include IPsec VPNs, SSL/TLS VPNs, and increasingly zero trust or software-defined perimeter solutions that behave VPN-like.

Operational meaning in industrial environments

In OT and manufacturing contexts, a VPN is often part of controlled connectivity between security zones, such as between a corporate IT network and a plant network, or between a vendor and a specific industrial control system. It may be one of the technical mechanisms used to implement a formal, documented communication path that is monitored and governed under security and quality procedures.

Operationally, this can involve:

• Documented procedures for granting and revoking VPN access for users and systems
• Logging and monitoring VPN sessions for security, audit, and troubleshooting
• Restricting VPN-connected devices to specific subnets or applications rather than full network access
• Coordinating VPN configuration changes through change management aligned with OT and quality controls

Relationship to conduits and other secure connections

In security standards and regulated industrial environments, a “conduit” typically refers to a controlled, documented communication path between security zones, with defined policies and monitoring. A VPN can be one of the technologies used to realize such a conduit, but:

• A VPN is the technical mechanism that provides encryption and connectivity.
• A conduit is the governed communication path that includes design, documentation, segmentation, monitoring, and change control.

Not every VPN connection qualifies as a formal conduit. For it to function as a conduit in regulated environments, it usually needs additional controls, documentation, and alignment with the site’s security zoning and compliance procedures.

Common confusion

• VPN vs. regular network connection: A regular network connection can be any IP connectivity (for example, a routed path on a LAN or WAN). A VPN adds encryption and authenticated tunneling over another network.
• VPN vs. network segmentation: A VPN protects traffic in transit but does not inherently enforce proper OT/IT segmentation or security zoning. Firewalls, VLANs, and access control policies are still required.
• VPN vs. zero trust access: Some modern zero trust solutions replace or complement traditional VPNs, using per-application access and continuous verification. In practice, both are used to control remote access to industrial systems.