How to Streamline Facilities Management in Banks
In August 2020, Toronto-based TD Bank Group announced its intention to become a leader in...
Deployment of Internet of Things (IoT) devices in commercial buildings and the universal network connectivity of equipment is increasingly investigated and pursued by owners, facility managers, and contractors. Their impact on building automation systems can be significant, opening up opportunities for improved efficiency, better operational performance, and enhanced occupant comfort. But security concerns should be considered carefully to ensure the introduction of these technologies does not create new vulnerabilities.
Security breaches in networks that include control-related devices can have severe consequences; IoT devices that are accessed by unauthorized and malicious groups can compromise the security of private data and physically damage equipment within your network. That’s why understanding IoT building security best practices and protocols is essential to creating the most secure facilities.
IoT systems embedded with software, sensors, and advanced technologies that enable connectivity and communication between building systems can introduce new points of vulnerability to security threats. Partnering with a systems integrator that has in-depth buildings IoT expertise is invaluable for implementing a properly-designed security architecture that keeps your systems and data safe and protected from risks such as hacking, security breaches, and equipment tampering. Working in concert with your IT department, the right integrator will share experience and potential strategies and help develop key practices and plans for moving forward.
To conform to best practices and protocols, key areas of focus should include:
Advanced Vulnerability Assessment and Physical Security
An advanced integration partner can perform a vulnerability assessment to help you understand your operational risks from end-to-end and identify weaknesses that may expose the system to attack. Based on the assessment, a systems integrator can design and install a security and surveillance system that physically secures IP-enabled devices and offers extended protection against unauthorized entry and security breaches. This may include biometric locks, exterior surveillance monitoring, storage access control, and visitor access management.
Access Control and Organizational Security
A systems integrator should require that all employees and contractors sign confidentiality agreements before gaining any access to your systems. Remote access to your servers should be protected using a virtual private network (VPN) with two-factor authentication and strictly limited to only those who are authorized to work on your project. All access must be logged by IP address to further ensure strict security, and system access must be configured to limit access to only specified and necessary portions of the system. Smart analytics can be deployed to enforce access roles and user permissions in real-time within your facility systems.
Standard Security Practice
A system that monitors and automatically flags security risks such as failed logins and suspicious activity is a critical part of IoT building security best practices and protocols. However, security depends not just on how data is accessed, but how and where it is stored. Within the secure network, data protection is achieved by securely replicating data on storage devices across multiple locations, protecting against compromise of a single site. Critical data is continuously backed up as a standard practice, and close management of software versioning assures your software is regularly updated with the latest security patches.
Additionally, encryption is necessary for all data sent over public networks. This means developing an effective approach to the management of encryption certificates and using modern encryption standards that offer the highest level of security.
Future-focused system integrators can build and streamline IoT building security infrastructure based on stringent best practices and protocols, taking into account the needs and challenges present within each building. The right team will design and thoroughly test incident response procedures, monitor and communicate information concerning anomalous activity, and coordinate external audits and security/privacy certifications. With comprehensive, customized solutions, you have the tools you need to protect your property.
The emergence of IoT technologies has introduced continuously evolving security concerns in commercial buildings. The recent passage of the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 affirms the significance of these concerns and outlines new security standards designed to address vulnerabilities in IoT devices, provide guidelines for reporting vulnerabilities, and requirements for vulnerability disclosure. But while these efforts are a step toward better security, they are not enough to offer reliable security. As these threats continue to emerge, it is important to seek expert guidance and develop robust strategies for managing system vulnerabilities related to advanced IoT technologies.
The security of a network used for IoT devices hinges on our ability to build a solid foundation of cybersecurity best practices across the IoT system throughout our buildings and portfolios. When you and your IT team members partner with a systems integrator with expertise in IoT building security, you can safely deploy IoT devices and reap their benefits without compromising your business, your building, or your data.
Richard Miller leads Buildings IOT's IT team to deliver managed services to smart buildings from data centers to shopping malls. He writes about cybersecurity for smart building systems, IT/OT collaboration and more.