If a machine is networked for machine data acquisition, IT security must also be considered from the outset. Because with networking, a machine is always more vulnerable than without networking. That is a fact. But there are many ways to reduce the resulting risks to a minimum by using generally accepted security mechanisms.
The most basic protection against unauthorised access is strict network separation. A clear distinction must be made between the different network areas, how they are connected and which communication between the networks is permitted. This is implemented with a firewall. For production networks, solutions are also available which segment the production network as such again and seal off individual production islands separately. Only the paths required for machine data acquisition are opened for defined clients.
The standardised communication protocols also contain integrated mechanisms to guarantee the security of data collection. Thus, security has been implemented as a standard requirement in the OPC UA concept. In addition to encrypted transmission, OPC UA also provides for certificate exchange between client and server. Unfortunately, many other protocols originate from a time when the focus was not yet on security, so that integrated mechanisms are missing and always have to be configured additionally. OPC UA is therefore also a good choice from a "security" perspective.
Last but not least, user authentication is also required for machine data acquisition in order to restrict access to the data by role. For modern systems for data storage (databases / cloud) these functionalities are standard and only need to be actively used.