Why implementing a properly-architected building services and security operations network is increasingly critical
If ever there was a time to be considering improvements to the strategic and operational management of your facilities, market conditions are indicating this is it.
In the wake of Covid-19 lockdowns, banks are reporting uncertainty around its impact on commercial property valuations, and have indicated that where transactions are occurring, they tend to be with higher quality properties. At the same time, the deployment of integrated, IP-based building management and security systems are on the rise. While they represent an efficient and economic way to manage and secure facilities, they are also potentially increasing cybersecurity risk.
For building owners and managers, these factors make the smart management of facilities even more critical. Managing costs, reducing security risks, and servicing tenants effectively, take on greater importance, and put a focus on the technology being used to integrate, connect and secure your building management, access control, and other on-site systems.
What is a building services network?
A building services and security operations network (BSN) is a dedicated, IP-based, building services and security operations network, separate to any on-site corporate network. It connects, integrates, secures and monitors a building’s management and security systems and services (such as building management, video surveillance, access control, HVAC, elevators, digital signage, lighting controls etc).
The BSN enables, secures, and connects both the new and legacy building management and security systems on which commercial buildings rely. The BSN’s firewall enables secure, remote access and VPN connectivity to be provided on a system-by-system basis for secure and remote operation, management, and support of each of the building services. Secure cloud back-up is also enabled and supported through the BSN firewall.
Property management costs and risks
Every day our network engineers in the field see numerous issues with commercial properties: unmanaged networks, unsecure networks, duplicate networks and infrastructure, lack of documentation, IP conflicts, unmanaged switches, no firewalls, and no remote access. These practices are exposing building owners and facilities managers to increased risks and costs in an already commercially-challenging and security-dynamic environment.
Managing cost and efficiency are key considerations. Without an effective BSN in place, your suppliers will find it hard to efficiently and remotely manage their systems, resulting in increased cost for maintenance. For example, if your access control system supplier doesn’t have remote access, any fault will require a site visit (often called a “truck roll”) – increasing costs and requiring additional management oversight.
Multiply that by the numerous systems that a modern building has and it adds up to significant inefficiency, overhead cost, and risk. The number of suppliers servicing a building will only increase as traditional systems are augmented by new ones such as digital signage, cloud video surveillance, smart building services, air-monitoring services, and guest WiFi services.
Business continuity is another issue – not just for your building, but for your tenants. Video surveillance network or component failures provide a classic example. The fault could be the video surveillance provider, the network video recorder, the POE switch, the cameras, or even a network-connectivity or ISP issue. Troubleshooting this without a properly-architected BSN will be difficult and costly. A properly designed BSN with appropriate network monitoring in place provides clarity of your network assets and components, an overview of your building (or site’s) network, and real-time visibility into the uptime and load on all of the IP-based devices and systems that sit on it. This enables a quick, and often remote, diagnosis of problems, rather than bouncing back and forth between suppliers and/or costly and multiple site visits.
Ultimately, continuity and cost issues reduce your competitiveness in a highly-constrained and competitive commercial real estate market. Property and facilities managers need to be able to understand any issues and respond efficiently and effectively. If your OPEX costs to tenants are continuing to grow, or are high relative to other similar buildings, your ability to attract quality tenants can be compromised.
Protecting your assets
The ability to manage risk is probably the biggest issue with which building owners and managers are grappling. While many building services platforms (e.g. video surveillance/CCTV, access control, HVAC) emerged pre-internet, they can no longer be treated as closed systems. The latest generation of building services and building security systems are all IP-based and are being installed alongside legacy systems. Too many IP-based devices remain unsecured in modern buildings. All of them require some sort of network integration, separation, as well as secure remote access.
The Ponemon Institute conducted a major USA study in 2019 that looked at business leaders’ perceptions of third party unsecured IoT (IP-based) devices within their facilities. Many of these are related to building systems – for example, climate control systems.
The study showed that 18% had experienced a data breach due to unsecured IoT devices and 23% had suffered a cyberattack. Eighty-one percent of respondents believe such a cyberattack is very likely in the next two years and 82% believe a data breach is very likely.
These statistics highlight the serious risks of cyber attacks on building management and security systems. Ransomware attacks on building management systems are increasing, access control systems have been hacked, and video surveillance systems accessed or disabled. If BSNs don’t keep up, these risks will continue to grow as hackers and other bad actors become more sophisticated.
Five steps to gaining control
What most building owners or facilities managers want is confidence that their buildings are being managed efficiently and securely. To achieve this you need to design and implement a BSN that provides visibility, control, and security for the building and security services that sit on the BSN. The challenge is often that these services have been added incrementally, over time, without reference to the overall BSN architecture and evolving security requirements. Often there is no single network diagram or security policy covering a site or building’s BSN.
There are five key steps to gaining this confidence:
1. Auditing your building’s current state:
Get a clear view of your current situation, covering all of your building’s network and associated infrastructure. What building services and systems, network components, digital services, IoT devices, servers, and switches are in the network – how does it all fit together? What is the current state of network cybersecurity and IP planning? Where are the gaps and potential risks, where have there been failures, which services require truck-rolls and physical site visits to upgrade, patch and take a back-up?
2. Understand future state requirements:
What is your strategic roadmap for your facility? What are you planning to do with current and future building and digital services, such as the building management system, video surveillance, access control, digital signage and so on? What kind of cybersecurity posture is appropriate? Which services need to be integrated and talk with each other? Which services can be enabled with secure, remote access, and cloud back-up? What level of resiliency is required? What does a highly functional, safe and cost-effective approach to building services management look like?
The reality is that any building owner or manager wanting smarter, healthier, safer and more efficient facilities need to have a properly-architected, IP-based, secured, building services and security operations network in their building, or on their site.
3. Design a network to meet these requirements:
With your requirements documented, the next step is to prepare a high-level design (HLD) of the future state network and all of the services and components. This also includes the type of fibre circuit, firewall, switches, and level of redundancy/resiliency that is required. The HLD is translated into a low-level design (LLD), which specifies the exact IP and VLAN plan, firewall rules, how each service, and any new components, are integrated into a safe and secure network environment. Remote access rules and integration rules are also documented.
4. Implementation of a BSN and migration of current services:
In some cases, this will be a remediation and/or upgrade of an existing BSN, but the outcome needs to be the same: confidence that you have a BSN that is properly architected, documented, secured, managed and maintained, with secure remote access and cloud back-up enabled. Only those who are meant to remotely access a certain service or network element are able to gain access. This puts the facilities manager truly back in control.
5. Ongoing monitoring and management:
Key to the success of an effective BSN is the ability to decouple a service from the specific service provider. Building managers want visibility and control of the services that sit on their BSN. With a cloud-based network uptime monitoring system, they can easily keep track of every element on their network, helping facilities managers drive clear service level agreements with service providers. With a properly-architected, managed, and monitored BSN, it will be easier to identify when and where there is a fault or an outage and hold the appropriate party to account.
Gaining clarity and control
Covid-19 has impacted the way businesses are operating – and the commercial property sector is no exception. Part of that means taking a smarter approach to ensuring that your buildings are ‘smart’ and as efficient as possible. That includes implementing a well-managed BSN that gives building owners and facility managers visibility, clarity, and control of their sites. This in turn will help them not only respond to current constrained market conditions but deliver greater profitability due to increased efficiencies and reduced OPEX.
If you need some clarity, schedule a consultation with one of our building systems and security operations experts here.