Why AEC firms who’re concerned about cyber security shouldn’t hesitate to embrace the Cloud
Ever since the Cloud as a concept entered the public consciousness, concerns about its perceived cyber security weaknesses have been a major obstacle to organisations - and, indeed, entire sectors - embracing digital transformation. The AEC sector, in particular, has traditionally been slow to begin the process of Cloud transformation, although the number of future-minded firms phasing out their legacy systems and embracing the scalability, agility, and operational resilience the Cloud has to offer in recent years indicates that we are seeing a shift in this regard.
But for all these successes, cyber criminals attempting to take advantage of the disruption caused by the move towards hybrid working throughout 2020 and 2021 has created a number of new factors that must be considered if Cloud transformation is to deliver the greatest possible benefits to the AEC sector as a whole.
Steering the AEC sector through an increasingly intimidating threat landscape
Throughout the move to hybrid working, we have seen a serious increase in ransomware and phishing attacks, as cyber criminals sought to exploit any new vulnerabilities in IT infrastructure. In 2021, three major players within the AEC sector - Bouygues UK, Bam, and Interserve - fell victim to serious ransomware attacks in the space of just four months.
At the same time, the rise of 'smart' buildings and the Internet of Things, where multiple physical devices (ranging from printers to lighting, heating, and access control) are connected to the internet, has created a significantly larger threat footprint across firms' physical spaces, with criminals using these devices as a 'back door' to corporate networks.
The question then, is how the AEC sector can protect itself against these increasingly bolder, more aggressive cyber attacks?
Developing a unique security posture for a unique sector
Many of the cyber security challenges faced by the AEC sector are a result of the singular nature of the data they work with on a daily basis. Building Information Modelling (BIM) files are very much the lifeblood of the sector, allowing colleagues to efficiently combine their experience, expertise, and creativity throughout the design process for new buildings, either by working at individual files that can later be collated, or through one single, fully integrated file. Such files, by their very nature, are of extremely high volumes, which means Cloud storage is increasingly establishing itself as the logical way of storing such files without this becoming an ongoing financial burden. However, concerns about the security of Cloud solutions, especially considering the number of users who require access to these files and new attack vectors described above, persist.
Learning to trust the Cloud
As new threat vectors reveal themselves and cyber criminals employ ever-more insidious methods to access critical data, the worlds of Cloud and cyber security continue their own evolution in order to stay one step ahead. As a result, many of the older criticisms of Cloud transformation within the AEC sector have largely been answered, with potential solutions including:
A combination of Public and Private Cloud solutions will allow firms to access the flexibility and cost savings Public Cloud can offer, combined with the control and security inherent in Private Cloud.
Complete control of user access
Assigning network privileges on a per-user basis ensures that only those who need to work on specific files are able to access them, ensuring they can continue to collaborate remotely, without compromising security or compliance.
Implementing MFA (i.e. requiring multiple individual credentials before a user's identity is verified) offers an additional layer of security for critical systems and minimises the risk of compromised passwords creating vulnerabilities.
Utilising SD-WAN for hybrid working rather than a VPN provides additional visibility and control over network traffic and allows corporate security policies to be applied at the edge, ensuring they are employed consistently, regardless of where staff are connecting from, without creating a drain on IT teams' time.
There's no doubt that cyber security will remain an ongoing challenge for the AEC sector, but by integrating these solutions, based on firms' individual requirements, will help maintain optimal cyber security, without affecting the ability to offer hybrid working and cross-site collaboration.