Background

Today’s automated manufacturing environments run on remote access. To ensure smooth production, they require access for service partners and external vendors like machine builders. This access becomes even more important when equipment issues arise.

But for one European bottling machine manufacturer, enabling remote access had become a growing security and compliance concern.

The company operates complex operational technology (OT) environments that support both internal production teams and external vendors. Over time, remote access had evolved into a patchwork of VPNs and custom-built solutions—tools that were originally deployed to keep operations moving but didn’t meet modern security expectations, NIS2 in particular.

With increased regulation and security risks, the company now needed to figure out how to grant access to vendors and meet compliance requirements without exposing their sensitive OT environments.

Challenge

The manufacturer relied on VPN-based solutions to grant external vendors access to its production environment. While this approach was functional, it came with clear limitations:

  • VPNs provided broad network access, rather than precise, role-based permissions
  • Access was difficult to standardize and audit across IT and OT systems
  • Vendor connections increased the attack surface of the production environment
  • Existing solutions did not meet emerging NIS2 compliance requirements

From a security perspective, the situation was becoming increasingly risky. From a compliance standpoint, it simply wasn’t sustainable.

Responsibility for addressing these risks sat with the IT security team. Their job was to strengthen the company’s security posture without disrupting plant operations or slowing down vendor support.

Goals

The company set out to rethink how external access was managed across its production environment. Rather than adding another point solution, the team defined a clear set of goals:

  • Replace VPN-based and non-compliant access methods
  • Introduce a zero-trust approach to remote access
  • Enable secure access to both IT and OT assets, including PLCs
  • Improve governance, auditability, and maintainability
  • Ensure alignment with current cybersecurity regulations, including NIS2

Crucially, the solution had to work at scale, supporting hundreds of endpoints in live production environments. And it had to do all this without adding complexity for internal teams or external partners.

Solution

To meet these requirements, the manufacturer adopted TeamViewer Tensor for operational technology as a centralized, zero trust remote access platform.

Rather than extending network access via VPNs, Tensor enabled secure, session-based access to specific systems—only when needed, and only to authorized users.

Key aspects of the approach included:

  • Unified zero trust access for IT assets (such as Windows XP systems) and OT assets (including Programmable Logic Controllers, or PLCs)
  • Centralized access control managed by the cybersecurity team
  • Strong enforcement of least-privilege access, reducing exposure of the OT network
  • Support for large-scale environments, with 500+ production endpoints
  • Clear separation between users, assets, and permissions

By consolidating remote access into a single platform, the organization eliminated tool sprawl and reduced reliance on custom or homegrown solutions.

Results

With TeamViewer Tensor in place, the manufacturer significantly improved how external access was governed across its production environment.

Improved security posture
 

Zero trust enforcement meant vendors could only access the systems they were explicitly authorized to use, and nothing more. This dramatically reduced lateral movement risk and minimized the potential impact of compromised credentials.

Simplified compliance with NIS2
 

By replacing VPN-based access with a modern, controlled remote access solution, the organization addressed key compliance gaps. Centralized policies, access controls, and auditability supported alignment with NIS2 cybersecurity requirements, helping the security team show due diligence.

Better IT and OT alignment

 

Tensor enabled a consistent approach to access across both IT and OT systems. This reduced operational friction and improved maintainability across the broader ecosystem, without forcing IT/OT convergence.

Scalable vendor access

 

External vendors could continue to support production environments efficiently, without introducing additional security risk. Access was granted quickly, controlled centrally, and revoked just as easily when no longer required.

A foundation for secure remote operations

For this manufacturer, the shift away from VPN-based access was both a technical upgrade and a strategic decision. By adopting Tensor’s zero trust remote access model, the organization gained:

  • Greater confidence in its security controls
  • A clearer path to regulatory compliance
  • Improved governance across IT and OT environments
  • A scalable, future-proof approach to external vendor access

In an era where manufacturing environments are increasingly connected, and increasingly targeted, secure remote access has become a cornerstone of operational resilience.

This case shows that with zero trust remote access, manufacturers don’t have to choose between security, compliance, and operational efficiency. With Tensor, they get all three.

Do you want to know more?

Are you interested in remote access solutions? We are happy to explain our approach.

  • Submitting ...

    Thank you!

    Thank You!

    Thanks for contacting us! We´ll be in touch soon.

    Ooops. An error occured

    Please try again later or contact us directly at: +49 7161 60692 1133

Explore more success stories