NIS 2 and NIST CSF 2.0 are clear: production and corporate networks must be segregated. NIST SP-800-82 goes further, calling for at least three zones — OT, IT, and a DMZ between them — with firewalls ensuring no direct link exists between control and corporate networks.
Standard protocols fall short here. OPC UA is too complex to daisy-chain reliably across a DMZ — information is lost in the first hop. MQTT can be chained, but its QoS guarantees don't propagate, so users at the end of the chain won't know their data is inconsistent.
Cogent DataHub tunnel/mirroring was purpose-built for DMZ connections. It mirrors the full data set at every node in the chain, with guaranteed consistency from source to user. If a connection drops, every downstream client knows immediately. When it's restored, data quality returns to Good across every link — no manual intervention required.
All connections are outbound-only. No inbound firewall ports. No VPN. No attack surface.
