Skip to main content
search

PETRONAS

PETRONAS Secures OT Access with Xage Zero Trust Platform
Petronas

Headquarters
Kuala Lumpur, Malaysia

Industry
Oil & Gas

Key Takeaways

  • Implemented identity-based Zero Trust access to secure OT systems across offshore and onshore operations.
  • Eliminated insecure VPN and jump-host access, improving security and user experience.
  • Gained full visibility and control through MFA, session monitoring, and just-in-time privileged access.
PDF Version

Overview

PETRONAS, a Fortune 500, fully integrated international oil and gas company based in Malaysia, operates a massive global footprint spanning offshore platforms, onshore plants, LNG facilities, pipelines, and refineries across more than 50 countries. With a workforce exceeding 50,000 and an accelerating digital journey, PETRONAS recognized that traditional remote access methods such as VPNs, jump hosts, and shared credentials were no longer sufficient to protect OT environments. As cyber threats against global critical infrastructure intensified, the organization needed a modern, identity-driven security architecture capable of strengthening control without disrupting mission-critical operations.

Challenges and Requirements

The company’s digital journey began in 2018 when the once distinct boundaries between IT and OT began to disappear. This shift required a unified, enterprise-wide cybersecurity strategy designed to be proactive against known threats and resilient against emerging ones.

By 2020, the COVID-19 pandemic and sudden shift to remote work exposed the limitations of the existing access model. VPNs provided broad network access that was difficult to contain, while jump hosts added administrativecomplexity and required ongoing maintenance. Shared credentials created high-risk standing privileges with no simple way to limit scope or duration.

Security teams lacked real-time visibility into user sessions, and many OT assets did not support modern authentication. It became clear that PETRONAS needed a scalable solution capable of enforcing Zero Trust principles across diverse and distributed environments.

Solution

To address these challenges, PETRONAS sought a solution that was simple to deploy, fast to scale, and capable of limiting lateral movement within OT networks. They also wanted to shift away from a traditional perimeter-based model because hardening the perimeter alone left the internal environment vulnerable.

Through Xage’s Zero Trust access platform, PETRONAS replaced broad, network-level access with identity-based, leastprivilege controls. Users authenticated through a centralized portal with multi-factor authentication (MFA) and role-based permissions, while just-in-time access ensured that contractors and engineers received only the precise, time-bound access they required. All sessions were brokered through a secure service that isolated the user from the underlying OT environment. Because Xage’s architecture is fully agentless, PETRONAS deployed the solution quickly across both offshore and onshore operations without disrupting production.

“We were surprised how quickly we were able to deploy Xage for Proof of Value in our Production environment. It took us a couple of weeks to deploy Xage vs. other similar solutions that have taken months.”

Head of Cyber Strategy & ArchitecturePETRONAS

Outcomes

The results were immediate and significant. PETRONAS appreciated that Xage’s agentless design worked seamlessly with existing infrastructure and required no downtime for deployment. What they expected to take six months was fully operational in only one month, which delivered meaningful time and cost savings.

By eliminating VPNs and jump hosts, PETRONAS strengthened its cybersecurity posture and  reduced the risk of credential compromise or unauthorized lateral movement. Security teams  gained complete visibility and auditability of all remote sessions, which improved monitoring, incident investigation, and compliance reporting. Engineers and contractors benefited from a more streamlined and secure workflow, gaining access only to the systems they needed with minimal friction.

By adopting a Zero Trust architecture, PETRONAS modernized the security of its critical infrastructure environments and enhanced resilience, reliability, and operational continuity across its global energy operations.

Challenges

  • VPNs and jump hosts provided overly broad network access with limited session visibility.
  • Difficult to enforce granular, time-bound privileges for contractors and engineers.
  • Legacy OT systems lacked modern authentication support, complicating secure access across distributed operations.

Outcomes

  • Strengthened cybersecurity with least-privilege access and full session auditability.
  • Improved operational productivity through streamlined, secure access for internal teams and contractors.
  • Reduced lateral movement risk and increased resilience without disrupting production or modifying OT equipment.
Close Menu