Building trust: What are the real risks of a smart building?

Imagine this: you step into a building and it immediately recognises what you need. Ambient light floods the foyer. The temperature is neither too hot nor too cold. An elevator greets you as you enter and ensures you have a safe, smooth ride. As you are guided to your desired workspace, the lighting will be adjusted to suit your personal preference. In short, it’s the perfect work environment for you, and a great selling proposition for a building owner.

Centralised access to data is what makes this possible in a smart building. This includes information from sensors and building systems that had in the past operated largely independently. Dealing with this centralised access requires careful consideration as to the systems architecture in order to maintain integrity of the data, which may contain personal information. A significant aspect to this consideration is the decision to host infrastructure locally or in the cloud.

A smart building is full of connected tech

Smart buildings incorporate layers of sophisticated technology: everything from sensors in lift towers to the settings on a coffee machine. Each device is supported by the Internet of Things (IoT) to share, record, and process information across a network of connected devices in order to deliver an enhanced experience.

Devices are not just integrated with each other, but with external systems. Emergency or urgent services might be further linked to external providers who use the information to perform actions in real time, for example if a lift gets stuck or ventilation fails. Web-enabled technology might plug in to a smart grid, which uses its own devices to deliver efficient and stable energy across the building or wider energy network. Data is likely to be analysed both in real-time as well as over longer periods with third-party systems for learning and adapting to the information it interprets. Everything is online around the clock.

This ‘plugged-in’ environment is creating a convergence of physical systems and IT systems, bringing IT challenges. While this convergence delivers many benefits, from human comfort to sustainability, its implementation needs to be carefully considered to ensure data security.  

Risk Factor 1: Considerations around securing your data

One smart building will likely house thousands of endpoints. The more endpoints, the more potential entry points where security can be compromised. Risks of exposure could include unwanted access to detailed information about the way your building is used, and the people who use it.

To avoid potential disaster, plan ahead.

Work with experts to make the building secure by design – created from the beginning to be secure. Consider every part of your network, no matter how small, and ask questions about each stage of the data collection and storage process:

• How are individual sensors and end-points connected?

• Who is responsible for ensuring that the network infrastructure is kept up to date?

• Do they connect to a mesh network, where everything is decentralised? If one part is compromised, is the whole network vulnerable?

• When other devices and users access the network from outside, how can you ensure their security? What if you have remote workers accessing data from devices you can’t control?

• How does the data centre keep the data safe, whether it’s external or internal?

• Is the software used to manage and interpret data vulnerable to attack? If it’s created and managed by a third-party, what measures are they taking to make it secure?

• Who owns the data? Who is responsible for it?

Taking the above considerations into account - and this is not an exhaustive list - it may seem attractive to minimise the external connections and host the IT infrastructure locally within the building. While this will make sense for some applications, and in some cases may be a requirement, cloud hosting offers many advantages that may lead to a more suitable solution.   

Not only can cloud-based solutions be regularly updated to include the latest product features but have the advantage of operating on constantly updated infrastructure. This means that the latest security patches can be implemented with minimal delay.

Cloud systems are flexible and scalable, with options for small, individual buildings right through to whole building ecosystems. Added computing performance or data storage can be added as required and in many cases you will only pay for what you use.

 Need more convincing? This kind of system has strong cred outside of smart buildings – the world’s most security-hungry organisations are using them. The CIA has a US$600 million contract with Amazon Web Services, with plans to significantly increase its spending. Even the Pentagon is moving to a cloud system, to store classified information securely and with confidence.

Risk Factor 2: Storing data securely comes at a cost

Security is no doubt your main concern, but money is may also be a factor. Although an on-premises setup can be tailored to your requirements, the cost of implementing and maintaining it can be prohibitive.

Cloud systems are a great alternative.

They have lower upfront costs, without the need to bring in onsite hardware. Prices are flexible, so they change according to your needs. You’ll make little to no investment in training or upskilling staff in server administration, and your support staff are off-site, so you’re not paying for a full-time enterprise IT team.

Unlike on-premises systems, cloud versions are housed in purpose-built data centres, where the safety and integrity of information is the main game. Provided every local device in the building is appropriately encrypted and secured – a solution is only as robust as its weakest link, after all – a cloud system offers great security. The provider is responsible for making sure software is up-to-date, hardware is upgraded as required and security risks are patched. These centres are also less susceptible to physical damage and natural disaster, so you’re less likely to lose money from data breaches.

A centralised data platform from connected devices offers enormous benefits to buildings of all sizes. It can form the basis of a more human-centric environment, truly connecting occupants with the building.

Keeping data and devices secure doesn’t have to be hard or expensive, but it requires careful consideration. Cloud enterprise systems offer a secure alternative to on-premises solutions without hefty upfront costs or difficult staffing requirements, making them the ideal way to keep your building smart, online and safe.