By Shaun Cooley, Founder and CEO of Mapped
In an age increasingly dominated by the internet of Things (IoT), buildings have become elaborate networks of software and hardware designed to monitor and control complex mechanical and operational systems. Building owners and operators rely on teams of suppliers to install and integrate these systems, often across multiple properties. These systems improve the quality of the building for users and managers alike. However, each time a supplier connects to your system, that connection can expose your building to security threats that can proliferate across your entire portfolio. There are several critical ways that cyber attackers can use devices to access a building’s systems, including:
- Open ports that connect to all systems in a building
- Remote support and software update connections
- Search engines like Shodan that can identify servers that are connected to the internet
There is always a level of risk to integrating, managing and updating a building’s myriad systems. You can’t reliably predict the security habits of multiple vendors and managing their systems involves more than enforcing physical security. The cloud is a wonderful asset, but multiple connections magnify the possibility of security breaches.
The solution? Move your perimeter to the cloud
A secure cloud platform that manages access to your systems will improve your security profile and reduce risk to your systems. To help mitigate these potential security threats, there are certain key features you should look for in a cloud solution. These include:
Streamlined access to your systems A cloud platform with a single cloud API decreases security vulnerabilities because it reduces the number of access points to one. Your suppliers integrate their systems through the cloud API instead of ports in multiple buildings. This eliminates physical access to your systems and significantly reduces the threat of an on-premises attack.
Integration with all the devices, systems, and sensors in your environment A building can have 50 or more different systems, including BAS, HVAC, lighting controls, Wi-Fi, digital signage and more. Your solution should be able to integrate all your systems and provide visibility and fine-grain control of the data flow between building systems, devices, sensors, and applications.
Monitoring capabilities You should be able to track and monitor the current state of all environments and control data accessed by internal and external entities. A viable solution should have the capability to monitor your environments for operational data, firmware and other updates. It should also provide the means for peer communications as an ideal source for detecting unexpected changes to the environment and establishing zero-trust policy. You will be able to quickly identify any fluctuations in access or data flow that could signal a cyberattack.
Visibility and fine-tuned control of data When you’re collecting data from multiple vendors, you can lose sight of where data is originating, transiting, and landing in your system. A solution should let you tag data for easy identification and provide controls that determines who can access the data.
Some solutions provide account-level access to data types, but that leaves a security gap when it comes to giving access to actual data. A preferred solution is one where you can tag the data by location, system type, or personal identifiable information (PII). For example, if data from a badge reader is tagged as PII, you should be able to identify and limit access to that information.
Protection through a single, secure pipeline solution
Suppliers plug devices into building systems without thinking of the impact to your overall system. The lack of security protocols that led to the Target attack back in 2013 hasn’t remained an isolated incident. In 2020, hackers attacked building access control systems and downloaded malware that turned the system into a distributed denial-of-service (DDoS) bot.
As ransomware and other attacks continue to rise, you need a dynamic solution to monitor and protect your environment. A secure and reliable API can change the dynamic for managing complex environments. Moving access from your physical environment to a cloud platform with a single point of access and secure encryption can reduce risk and protect your systems.
About the Author
Shaun Cooley is the Founder and CEO of Mapped, the first data infrastructure platform for commercial and industrial IoT (Internet of Things). In his prior role as VP.CTO for Cisco’s Internet of Things (IoT) Business, he was responsible for Cisco’s long-term IoT technology strategy. This included shaping product architecture, security, privacy, and technology partnerships, as implemented by Cisco’s IoT business, advising governments on IoT regulation, driving Cisco’s participation in IoT related standards bodies and consortia, and championing innovation to solve existing or anticipated industry needs.
Prior to joining Cisco, Shaun was a Distinguished Engineer for Norton, by Symantec, where he was a driving force in Norton’s shift from utilities to security. Over his 18-year tenure, Shaun contributed to the creation and advancement of offerings in the Norton portfolio – a product portfolio that produces over $2 Billion in annual revenue.
Shaun has over 25 years of industry experience, holds a master’s degree in computer science from University of Illinois, and is a Certified Information Systems Security Professional (CISSP). He is named inventor on 121 issued United States patents with over 100 more pending. He is an active angel investor and a start-up mentor through Acceleprise SF and advisor for Deep Angels. Shaun was previously a director of the Open Connectivity Foundation and former board member of Attivo Networks.
Shaun can be reached on Twitter at @shauncooley and, and more information can be found about Mapped at mapped.com.