The Co-Managed Security Model
Manufacturing IT leaders are under more pressure than ever before. You are expected to secure an expanding network perimeter that now includes production lines, robotics, IIoT sensors, and SCADA systems alongside traditional corporate IT. You must keep factories online 24/7, support Industry 4.0 transformation, and manage connectivity across multiple plants and distribution centres—often spanning continents. And you are expected to do all of this with lean teams and tighter budgets.
The old model of relying entirely on internal resources or handing everything over to a black-box managed service provider is no longer fit for purpose. One leaves your team overwhelmed and reactive; the other leaves you locked out of your own infrastructure with no visibility or control when you need it most.
There is a better way. The co-managed security model gives manufacturing IT leaders access to specialist expertise, enterprise-grade platforms, and global support—whilst retaining full visibility, policy control, and decision-making authority. It is how lean IT teams deliver more, without sacrificing control or burning out.
Why Manufacturing IT Teams Are Stretched Thin
Manufacturing networks are fundamentally different from typical corporate environments. You are not just managing laptops and mobile devices connecting to SaaS applications. You are responsible for production systems that cannot afford downtime, OT networks that were never designed with security in mind, and a constantly expanding attack surface as factories become more connected.
The challenges are stacking up:
Network downtime halts production. A single circuit failure can bring an entire production line to a standstill, costing tens of thousands of pounds per hour in lost output. Production lines, robotics, and IIoT sensors cannot tolerate the kind of interruptions that corporate users might grumble about but ultimately work around.
Rigid, expensive legacy connectivity. Many manufacturers are still running expensive MPLS contracts that are slow to provision, difficult to modify, and impossible to scale quickly when a new facility opens or an acquisition completes.
Security gaps across distributed sites. Multi-site manufacturers face increased attack surfaces, with sensitive intellectual property, production data, and OT systems exposed across multiple locations, third-party suppliers, and contractor access points.
Limited visibility and control. IT teams often lack real-time insight into application performance, link health, and user experience across geographically dispersed plants and warehouses—making it nearly impossible to troubleshoot issues before they impact production.
Add to this the ongoing challenge of recruiting and retaining networking and security specialists who understand both IT and OT environments, and it is clear that the traditional “do it all in-house” model is unsustainable for all but the largest manufacturing organisations.
What Co-Managed Actually Means (And Why It Matters)
Before we go further, it is important to define what co-managed really means—because it is often confused with traditional managed services.
Fully managed services typically lock IT teams out of their own infrastructure. You raise a ticket for every change, wait for someone else to make basic policy adjustments, and lose visibility into what is actually happening on your network. When something breaks at 2 a.m. on a Saturday and production is down, you are entirely dependent on a third-party service desk response time.
Co-managed services operate on a fundamentally different principle. Your IT team retains full access to the SD-WAN console, network access control dashboards, analytics, and policy management. You can see everything, make changes when you need to, and maintain direct control over your security posture.
The specialist provider—in this case, Digital Carbon—works as an extension of your team, not a replacement for it. We handle design expertise, deployment support, day-to-day optimisation, vendor management, and 24/7 escalation, whilst you stay firmly in the driver’s seat.
This model is ideal for manufacturing IT leaders who want enterprise-grade capability without the overhead of building deep in-house expertise across every platform, or the loss of control that comes with traditional outsourcing.
SD-WAN Manufacturing: The Co-Managed Advantage
One of the most tangible sd wan benefits for manufacturing organisations is resilience. Production environments cannot afford single points of failure, yet many factories are still relying on a single MPLS circuit or broadband connection to keep ERP systems, MES platforms, and real-time dashboards running.
Arista VeloCloud SD-WAN, deployed by Digital Carbon in a co-managed model, transforms how manufacturing networks are built and operated.
Active-Active Link Aggregation and Intelligent Failover
VeloCloud combines multiple underlay links—broadband, DIA, dedicated fibre, 4G/5G, and even satellite where needed—into a single, intelligent software-defined overlay. If one path degrades or fails, traffic is automatically steered to healthy links without disrupting production systems, robotics, or IIoT devices.
Dynamic Multipath Optimisation (DMPO) continuously monitors packet loss, latency, and jitter across all links, applying forward error correction, jitter buffering, and intelligent packet steering in real time. In field tests, DMPO increased usable bandwidth on variable-quality links by up to 90% for voice and up to 650% for video—critical for SCADA, MES, and remote collaboration.
Zero-Touch Deployment for New Facilities
When you open a new plant, complete an acquisition, or bring a distribution centre online, sd-wan manufacturing solutions like VeloCloud can be deployed in minutes, not weeks. SD-WAN edge devices are shipped pre-configured and activated from the cloud. A non-technical person on-site plugs in power and a network cable, and the device automatically joins your WAN fabric with the correct security policies, application priorities, and VPN configuration already in place.
For manufacturers running lean IT teams, this eliminates the need for costly truck rolls and on-site engineers every time a new facility comes online.
Application-Aware QoS and Centralised Policy Control
VeloCloud classifies thousands of applications out-of-the-box and enforces priorities automatically. You can define business outcomes once—such as “ERP and MES traffic must always use the best available path”—and the SD-WAN enforces these policies across every factory and warehouse globally, without requiring manual configuration at each site.
In a co-managed model, Digital Carbon provides the design expertise to build those policies correctly from the start, whilst your team retains the ability to adjust them as production needs evolve.
Network Access Security: Zero Trust for the Factory Floor
Sd wan solutions alone are not enough. As manufacturing networks converge IT and OT, the attack surface expands dramatically. IoT sensors, PLCs, SCADA systems, contractor laptops, and BYOD devices are all connecting to the same infrastructure—and traditional perimeter security models are no longer effective.
This is where Arista Guardian for Network Identity (AGNI) becomes a critical component of the co-managed security model.
Cloud-Native Network Access Control
AGNI is a cloud-native, zero-trust network access control (NAC) solution that delivers identity-based access across both wired and wireless infrastructure—without requiring on-premises hardware. It is built on modern microservices architecture, scales elastically from hundreds to millions of devices, and integrates with major identity providers including Microsoft Azure, Google Workspace, and Okta.
For manufacturing environments, this means you can:
-
Authenticate and segment OT devices using unique pre-shared keys (UPSKs) for IoT sensors, PLCs, and industrial devices that do not support 802.1X authentication.
-
Enforce passwordless authentication using digital certificates for corporate devices, eliminating the risk of credential theft.
-
Gain complete visibility into every device on the network through automated profiling and posture assessment, integrated with endpoint detection and response (EDR) platforms like CrowdStrike and Palo Alto Cortex XDR.
-
Apply microsegmentation to isolate OT networks from IT, preventing lateral movement if a device is compromised.
AGNI integrates with Arista’s Network Detection and Response – NDR solution to provide continuous behavioural monitoring, assigning risk ratings to connected devices and automatically quarantining or restricting access based on administratively-defined policies.
AI-Driven Administration
AGNI includes an autonomous virtual assistant (AVA) powered by AI/ML that provides configuration assistance, advanced troubleshooting, and network policy simulation—reducing the learning curve and administrative burden on lean IT teams.
In a co-managed model, Digital Carbon handles the initial design and integration of AGNI with your existing identity systems, network infrastructure, and security tools, whilst your team retains full access to dashboards, policies, and analytics.
Real-World Results: 70% Cost Reduction and Full IT Control
A leading UK-based manufacturing company operating across four locations faced the exact challenges described above: high MPLS costs, lack of visibility, inflexibility, and slow provisioning times for new sites.
The company turned to Digital Carbon to deploy a co-managed Arista VeloCloud SD-WAN solution with hybrid connectivity—combining dedicated internet access with integrated 5G for redundancy.
Digital Carbon offered a free three-month trial to build confidence in the solution, during which the customer experienced:
-
Improved network performance with enhanced visibility and control
-
Better application prioritisation and quality than their previous MPLS solution
-
100% uptime with seamless redundancy through 5G wireless connections
-
Significantly improved SaaS application performance via VeloCloud Cloud Gateways
Following the trial, the customer transitioned all locations from MPLS to VeloCloud SD-WAN, resulting in:
-
70% reduction in WAN costs compared to MPLS services
-
Faster provisioning of new sites (weeks instead of months)
-
Enhanced visibility and control over network management
-
Full training and support, enabling the IT team to manage basic changes independently whilst Digital Carbon handled complex optimisation and vendor escalations
As the IT team noted: “Digital Carbon’s solution has transformed how we manage our network infrastructure. The flexibility, cost savings, and improved performance have exceeded our expectations. Their support during implementation was exceptional—providing us with training and ensuring we were fully equipped to manage our new system.”
Why Sd Wan Providers Like Digital Carbon Are Different
Not all sd wan providers operate on a co-managed model. Many position themselves as traditional managed service providers, locking customers into opaque service wrappers with limited visibility or control.
Digital Carbon is built differently:
You stay in control. Your IT team retains access to the SD-WAN console, analytics, and policy management—no tickets required to make routine changes.
We bring specialist expertise. From initial design and architecture through deployment, migration, training, and ongoing optimisation, Digital Carbon’s specialists work as an extension of your team.
Global connectivity sourcing. We source broadband, direct internet access, 4G/5G, and satellite connectivity from trusted carriers worldwide, simplifying procurement and vendor management across multiple regions.
Value-add services. Integrated voice, remote hands, and ongoing optimisation ensure production facilities stay connected and productive throughout their lifecycle.
The engagement model is transparent: discovery workshop, live demo, tailored proposal, proof-of-concept over three to six months, and phased rollout at the pace that suits your business.
Getting Started: A Path Forward for Manufacturing IT Leaders
If your manufacturing organisation is struggling with expensive legacy WANs, limited visibility, security gaps across distributed sites, or simply a lean IT team that is stretched too thin, the co-managed security model offers a practical path forward.
By combining enterprise-grade sd-wan manufacturing platforms like Arista VeloCloud with cloud-native network access security from AGNI—delivered and supported through Digital Carbon’s co-managed model—you gain:
-
High-quality, resilient connectivity that keeps production lines running
-
Zero-trust network access control across IT and OT environments
-
Full visibility and centralised policy control
-
Predictable OpEx costs without heavy upfront CapEx
-
Specialist expertise without losing control of your infrastructure
Manufacturing IT teams can do more with less—not by working harder, but by working smarter with the right partners and platforms in place.