The factory wants data. IT mostly sees risk.

The production manager wants to know what is happening on his lines. Not tomorrow, not via a report that arrives once a month, but live, and with enough context to act on it. The IT manager understands that, but points to the security committee, the risk assessment, the project that has already been postponed three times. Both are right. That is precisely why this conversation so rarely leads anywhere.

OT networks are built for the availability and safety of production processes, not for data sharing. The PLC that drives a line, the SCADA that logs states, the energy meter that measures every minute: they contain exactly the data that analytics tools, dashboards and optimisation platforms are waiting for, but they run in an environment where every unplanned intervention carries a risk of downtime or quality deviation. IT knows that. And IT also has to deal with a growing regulatory landscape that makes that concern concrete.

The Cyber Resilience Act requires demonstrable security throughout the full lifecycle of connected assets. That is not an abstract formulation. It directly affects who may read what, how data travels from the OT network to IT, and who is accountable when something goes wrong. For a production company that takes its digitalisation journey seriously, this is not something to arrange after the fact.

The approach that still gets chosen most often looks pragmatic: a direct connection, a script that polls a PLC every few minutes, an open port accessible via VPN. It works, until it becomes an attack vector, or until the PLC suffers because the polling mechanism consumes resources that were meant for process control. Neither scenario is a theoretical worst case; both are documentable operational problems that organisations only discover after they have already occurred.

A safer architecture starts from different principles. Communication from the OT network is exclusively outbound, meaning no inbound traffic toward machines is possible. Data acquisition happens read-only at protocol level, without write permissions or active access to operating systems. Connections are encrypted via TLS. Every device that forwards data has a certified, known identity, and everything the system does is fully auditable. That is not a theoretical security layer but a working boundary between the OT domain and everything behind it.

For the production manager, this changes the situation concretely: data becomes available without touching the PLC or SCADA system. The source remains intact, the production environment stays stable, and what changes is how data is extracted and via which channel it travels.

For IT, the question shifts from 'are we allowed to open this up?' to 'is this mechanism demonstrably safe?'. Outbound-only communication, device identity and read-only acquisition are answers to that question that hold up in any security committee, because they are based on architectural choices rather than trust or temporary agreements. The tension between the factory that wants data and IT that sees risk does not disappear on its own, but it is solvable once the architecture takes both positions seriously.

Capture Edge is built for exactly this boundary between the factory’s need for data and IT’s responsibility to protect the OT environment. It allows production data to leave the shop floor without turning the OT network into an open integration zone. Data acquisition happens read-only at protocol level, communication is outbound-only by default, and every edge component operates with a known device identity. That gives production teams the visibility they need, while IT keeps a controlled, auditable and secure architecture in place.

The point is not to make IT less cautious. The point is to give IT an architecture that makes caution operationally workable. Capture Edge becomes the controlled handover point between OT and IT: machines keep doing what they were built to do, while data becomes available for dashboards, alerts, analytics and optimisation without direct exposure of the production environment. In that sense, Capture does not remove the tension between production and IT. It gives both sides a structure they can trust.