Digital transformation has accelerated the convergence of IT and operations technology (OT), and European organisations are now facing difficult decisions when it comes to OT environments. In fact, according to IDC’s European Security Survey from July 2019, two-thirds of European organisations rate OT security as critical.

Digital transformation isn’t a technology outcome, but a business outcome that is enabled by technology (and driven by security). One technology that should be considered part of digital transformation is the digital twin. But just how secure are digital twins?

The digital twin concept

The digital twin concept was developed in early 2000, and is a multi-layered, living, virtual model of a product, asset or service. These models are connected to the real physical operations — their physical twins — via the internet of things (IoT) to visually enhance data flow, communication and collaboration across engineering, operations, supply chain and services.

What does it mean for security?

The sheer volume of data collected, transmitted and processed from products, assets and processes — which is conveyed back and forth to the digital twin — can make managing the scale of these processes unnerving. Yet organizations need to ensure that this information is secure and trusted throughout the whole process. Therefore, security must act as an embedded enabler of innovation through the use of encryption, authentication and threat detection technologies, with all the necessary security policies in place to create and ensure digital trust.

Digital trust builds on security, policy and risk management to provide the confidence required for employees, partners and customers to work with an enterprise at digital speed and scale.

Digital twin security drivers

  • By operationalising security- and privacy-by-design, security can become a critical enabler of trust in the operation of products and assets using digital twins.
  • The digital twin will become the full driver of communication and collaboration across the organisation’s entire digital thread — a framework to unify and orchestrate data across a product’s life cycle — only if the right security technologies and policies are applied and maintained to preserve digital trust.
  • Only in an authenticated and trusted ecosystem can participants collaborate and safely operate products, assets and processes through digital twins.

Digital twin security concerns

  • As with any digital security strategy, consistent updating of technologies and policy is critical so the organisation can stay one step ahead of cyber criminals, and securing the multiple endpoints of products, assets and processes will require a complex, multi-layered, distributed approach to security.
  • The safe inclusion of the whole ecosystem and supply chain into the digital twin will be crucial, as all partners will need to be part of the model for it to function properly.


For organisations that want to create or improve their digital twin project, and to ensure the success of their digital transformation in general, the security team now has the opportunity to position itself as a business enabler that drives innovation and business outcomes. The security team can become the guarantor of digital trust, implementing security by design into the digital twin project, but also throughout the company’s culture, practices, processes and platforms.