Akamai is expanding its push into operational technology security, announcing a joint solution with NVIDIA that aims to protect critical infrastructure without the performance penalties traditionally associated with endpoint-based security tools.
The solution integrates Akamai Guardicore Segmentation with NVIDIA’s BlueField Data Processing Units (DPUs), shifting segmentation and visibility functions away from host systems and into dedicated hardware. The companies say the approach is designed for environments where installing software agents is either impractical or too risky — particularly in operational technology (OT) and industrial control system (ICS) environments.
For operators in energy, manufacturing and transportation, the challenge is longstanding. Many programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems and other industrial assets were never designed with modern cybersecurity controls in mind. In many cases, they cannot tolerate additional software agents without risking system instability, production downtime or voided vendor warranties.
That has left organisations facing a persistent trade-off: deploy advanced security controls and risk operational disruption, or prioritise uptime and accept limited visibility and segmentation.
Akamai and NVIDIA are positioning their joint offering as a way around that dilemma. By offloading user-configurable security processes to the BlueField DPU — effectively placing enforcement in a hardware layer separate from the main CPU — the companies say organisations can implement Zero Trust segmentation without installing agents directly on fragile or legacy systems.
In practical terms, the DPU acts as a “bump-in-the-wire” device, enabling out-of-band visibility across systems, networks and applications. Security policies can be enforced at the infrastructure layer, allowing operators to isolate compromised systems or restrict anomalous connections in real time. The hardware-level control is intended to limit lateral movement — a common tactic in attacks targeting industrial environments.
The companies also claim the approach can detect anomalous network activity and indicators of compromise, with the ability to filter and isolate threats even if a primary system is breached. By keeping segmentation and observability functions off the host, CPU resources remain dedicated to operational workloads — whether that is managing a water treatment process or running high-performance computing workloads.
The timing of the announcement reflects broader concerns about the exposure of critical infrastructure. Recent assessments from US authorities have repeatedly warned that energy, water and transportation systems are high-priority targets for both state-aligned and financially motivated threat actors. In Australia and other regions, regulators have similarly tightened reporting and resilience requirements for operators of essential services.
Compliance pressure is likely to be a significant driver for adoption. Organisations facing stricter cyber resilience obligations — as well as rising cyber insurance scrutiny — are increasingly looking for segmentation and isolation capabilities that can be demonstrated to auditors without introducing new operational risk.
That said, questions remain about deployment complexity, cost and integration in brownfield industrial environments. Retrofitting hardware-based controls into existing plants can be logistically challenging, particularly where legacy network architectures are poorly documented. Success will depend not only on the technical capabilities of the DPU integration, but on how seamlessly it can be implemented in live operational settings.
The joint solution is expected to be available globally in the second quarter of 2026.
