By Chris Grundy
The technological silos that historically existed in corporate buildings placed limitations on how buildings were managed and operated. The days of one system for one function, discrete with no communication to other systems, are quickly eroding. Corporate real estate occupiers are realising that buildings which share information between systems, staff and other buildings are enabling value through:
- Staff mobility and effectiveness
- Staff preferences and retention
- Energy efficiency and operating cost savings
- Health & wellbeing (through monitoring)
- Remote management
We are moving into the ‘information sharing’ age of buildings. This is illustrated by considering where we have come from (silo systems), where we are now (virtual systems), and where industry leaders are going (information sharing systems).
Silos: walled environments
Virtual environments: breaking down silos
Information sharing: enabling value
What does this mean and why should corporate real estate managers be concerned about whether their building can be hacked?
To achieve information sharing, integration of building systems and enterprise systems are required. It is the joining of two often discrete worlds – the IT department and real estate.
The IT world is well versed in dealing with systems that only exist in a virtual world. The real estate world is used to seeing and touching, where design concepts are translated into tangible things.
A holistic approach is required so that systems talk to one another, and do so in a secure manner, irrespective of location of user device, to interact. It is this ‘talking’, done by software and machines, which requires a holistic approach to security. Only a true holistic approach will realise the benefits, without exposing corporations to excessive risk, non-compliance and the potential for internal and external hackers. If executed correctly, the internal threat is far higher in the real world.
What could a hacker do to an information connected building?
- Override the lift controls?
- Elevate access control privileges?
- Delete CCTV footage?
- Turn critical things off?
- De-activate security systems?
- Obtain staff details?
- Take control of information systems: signage, public address, telephone or from a business perspective:
- Override security controls to steal intellectual property
- Be a nuisance and drive up energy bills
- Be a nuisance and break building systems
- Disrupting business by turning the power off
- Causing panic / endangering life – threating duty of care to staff and visitors
Corporate real estate needs to work with IT to answer some key questions of building and workplace designers, procurement approaches, management and maintenance:
- In a traditional model of multiple designers, packaged procurement and multiple sub-contractors, who has overall responsibility for design, installation, commissioning and maintenance?
- How do I go about assessing information security risk for my organisation?
- When I have assessed risk, how do I define administration, technical and physical controls for security?
- Do I need to draft new policy for my organisation and what training needs to be put in place?
- Once installed, who is going to manage, monitor and change system(s) to the new business needs?
Find out more about Cundall’s IT and audio visual consultancy services here – http://www.cundall.com/Services/IT-and-audio-visual.aspx