Hey there! That's a really smart question - I've been dealing with this exact challenge in my own manufacturing setup. When you've got legacy PLCs that were never meant to see the internet but now need to talk to cloud MES systems, it's like trying to teach an old dog new tricks while keeping it safe from modern threats!Here's my practical approach that's worked well:1. Start with network segmentation - I create a separate OT network zone for the PLCs, completely isolated from the regular IT network. This is non-negotiable for legacy systems.2. Use edge gateways as buffers - Instead of connecting PLCs directly to the cloud, I use industrial edge gateways. These act as translators and security buffers - they collect data from PLCs using native protocols (like Modbus, Profibus) and then securely forward it to the cloud.3. Implement one-way communication - For most legacy PLCs, I set up data diodes or unidirectional gateways that only allow data to flow FROM the PLCs TO the cloud, not the other way around. This prevents anyone from tampering with the PLCs remotely.4. Add protocol gateways - Since legacy PLCs don't speak modern security protocols, I use protocol gateways that convert their communications to secure protocols like OPC UA with encryption before sending to the cloud.5. Monitor at the network level - I deploy network monitoring tools specifically designed for OT environments that can detect abnormal traffic patterns without requiring any changes to the PLCs themselves.6. Consider virtual PLCs for critical upgrades - For systems that need more advanced connectivity, I sometimes use virtual PLCs that run alongside legacy hardware, providing modern security features while maintaining existing control logic.The key is treating legacy PLCs as 'untrusted' devices that need to be protected from the outside world, not secured themselves. You build security around them rather than trying to retrofit security into them. What kind of PLCs are you working with, and what's your biggest concern about connecting them?