IT / OT Segmentation

Client Profile

Client Type - Mid-market

Region - AMER

Industry - Retail

Number of employees - 1200

Business Challenge

  • Lack of security tools to secure business-critical services and access to sensitive data.
  • Lack of collaboration between IT and OT leaders to define security policy.
  • Risk of exposure to security threats.

Solution Outcome

  • Highly secure OT network architecture powered by Palo Alto 3000 and 400 next-generation firewalls.
  • Improved secure posture and in-depth visibility.
  • Security policy to support dynamic and ever-changing  OT environment.


TDI Vertical was engaged to design and implement segmentation of network services between the IT and OT environments.

The goal of segmentation was to provide the Client with a highly-secure OT network architecture and for the business-critical services and sensitive data to be segmented, secured, and without direct exposure to enterprise IT.

Implementation of network segmentation between the IT and OT environments was performed leveraging a multi-phase strategy allowing TDI Vertical and the Client to understand critical traffic flows, OT network devices, required network access, and to align security policy essential to support segmentation of services

Discover / Envision

TDI Vertical performed a network study and a holistic evaluation of critical inter and intra-traffic flows between IT and OT environments.

Collected information provided TDI Vertical and the Client with a complete understanding of all OT devices, network services, and their impact on business.

Additionally, collaborative design workshops were held with IT and OT leaders to discuss the current state of IT and OT network environments and to align security policy and security controls to support segmentation.

Solution Design

TDI Vertical developed a network security design to support segmentation and enable secure access to business-critical services and sensitive data.


  • Per-site hardware design. (Bill of material, “BoM”)
  • High-level enterprise-wide network architectural design.
  • Low-level enterprise-wide network architectural design.
  • Implementation framework starting with critical production sites.
  • Post-implementation validation and support framework.

Deliver / Deploy

Implementation of segmentation was based on a network security design developed as part of the solution and an existing converged network and security architecture.

Segmentation of services between the IT and OT environments enabled the Client to achieve highly-secure OT network architecture with in-depth visibility and granular control of access.

The use of existing converged network and security architecture allowed the Client to maximize the return on recent investment in network and security hardware.

Why Choose TDI Vertical?

Join our email list for updates, promotions, and more.

Related projects