For more than a decade, vendor remote access has been treated as a practical necessity. But as we move toward 2026, the strategy of Critical Infrastructure Self-Custody has shifted from a preference to a mandate.
The Hidden Risk in Vendor Access Models
In many operational environments, vendor access has grown organically. From turbine suppliers to building management contractors, unmanaged access paths create a web of risk that sits outside the asset owner’s direct visibility.
This isn’t about malicious intent; it’s about governance. When credentials exist beyond central identity systems, activity occurs in the shadows. This is why a Critical Infrastructure Self-Custody model is the only way to ensure long-term resilience.
SOCI Compliance and Asset Accountability
Regulatory frameworks, including Australia’s SOCI obligations, now place explicit accountability on asset owners. “We trusted the vendor” is no longer a defensible legal position. If a third party accesses your operational systems, you must be able to prove who, when, and what was done without relying on that vendor’s logs.
The 4 Pillars of a Self-Custody Access Model
A true self-custody approach requires four foundational shifts in how OT access is governed:
- Brokerage Control: All remote access is brokered through enterprise-controlled portals rather than vendor-owned VPNs.
- Centralised Identity: Authentication is managed via the asset owner’s internal systems (MFA/SSO).
- Time-Bound Permissions: Access is role-based and automatically revoked after the maintenance window closes.
- Sovereign Logging: All activity logs are retained in the asset owner’s environment for audit and incident response.
Secure Access as Boardroom Governance
Identity-aware access is no longer “IT plumbing.” It is a foundational control discussed alongside safety systems and redundancy. Boards in 2026 are moving from trusting a vendor’s access model to governing it themselves.
How to Implement Critical Infrastructure Self-Custody
Transitioning to a self-custody model doesn’t happen overnight. It requires a tiered approach to reclaiming the “keys” to your environment:
Step 1: The Access Audit. Most organisations are surprised by the number of active “backdoor” connections. Identifying every persistent VPN and legacy credential is the first step toward sovereignty.
Step 2: Unified Access Gateways. Replace fragmented vendor connections with a single, hardened entry point. This provides a “single pane of glass” for all third-party activity.
Step 3: Just-in-Time (JIT) Provisioning. Move away from “always-on” access. By implementing JIT, access is only granted when a specific work order is active, significantly reducing the attack surface.
“Trusting a vendor is fine. Trusting their access model is no longer acceptable.”
If you are ready to re-evaluate your vendor access strategy, reach out to our critical infrastructure experts for a consultation.
