Industry Trends

Smart Building Security: Risks and Remedies

By Rick Peters | October 13, 2021

Intelligent building technologies are enabling the commercial real estate market, as professional real estate investment and management firms look for the data-driven benefits and efficiencies that innovative building technologies can provide. At the same time, however, these companies realize that they lack the knowledge and skills required to implement these systems correctly, securely, and safely. Compounding this issue are the physical and cyber liability risks that prevent many intelligent building technology projects from getting off the ground. The key to success is a flexible and cost-effective security architecture that delivers smart building security with uniform delivery throughout existing and new properties.

Fortinet offers expertise to assist in developing an intelligent building architecture and long-term management strategy. This strategy delivers all the benefits inherent in digital building systems with significantly less risk.

The commercial real estate industry faces unique risks when integrating intelligent building systems. Some of these challenges include:

  • Lack of end-to-end network and cybersecurity monitoring and visibility
  • Multiple, disparate internet connections installed throughout the building with no centralized control
  • Poor network and device patch-management practices
  • Insecure remote access technologies and processes

The challenge is even greater with need to tackle existing intelligent building solutions present risks that are hard to quantify. Most were designed and deployed to solve a single problem inside or outside a facility. This created a situation where disparate systems, networks, and remote access connectivity were deployed without the appropriate management processes and monitoring required to protect digital assets and data from cybercriminals properly. Lacking visibility and control, building owners can never fully understand the extent of their existing technology vulnerabilities or realize adequate smart building security. 

Managing Smart Buildings

Building a Connected Network within a Smart Building

A centralized or converged network can serve as the backbone for technology infrastructure within buildings. Instead of deploying separate networks for every in-building technology, which increases deployment costs and limits visibility, a centralized network platform is a superior option that can serve as the building’s digital foundation for all existing and future technology solutions. A converged platform approach allows building owners to properly deploy technology systems with a uniform security policy. Additionally, the ability to monitor a building-wide network enables end-to-end visibility into all systems. This affords implementation of the proper security monitoring tools so that cybersecurity breaches can be rapidly identified and neutralized.

A connected network platform is flexible, secure, and can scale to meet the needs of commercial buildings of all sizes. This business model delivers a complete lifecycle of services that includes:

  • Characterizing the profile of a building 
  • Architecture design and migration strategies 
  • Building out the capabilities
  • Providing operational support and intelligence 

Security First: The Connected Platform Architecture 

Deploying intelligent building technologies safely and efficiently requires a security-first approach to effectively mitigate risks and network challenges within multi-tenant and in-building digital infrastructures. A connected platform architecture can be custom-built to solve smart building security for commercial real estate projects today and in the future.

Fortinet’s connected platform was built on the Fortinet industry-leading Security Fabric platform. The platform essentially creates a software-defined parameter to logically and securely segment the network based on building owner and tenant need. This significantly reduces cybersecurity risk:

  • Between building operations systems and tenants
  • When connecting to and from internet-based resources
  • Preventing vulnerable or compromised devices from joining the network

A typical connected platform consists of a unified wired and wireless network deployed throughout a building or campus. Fully redundant internet connections are tied to a pair of high capacity Fortinet next generation firewalls (NGFWs). By employing this architecture, staff can securely segment the network into logical domains. Thus, the connected platform offers owners and tenants a resilient and secure network they can confidently use to conduct their business.

One major concern of a unified network architecture shared throughout the building is ensuring that users and devices are who they claim to be and that they meet the necessary levels of device security policy before joining the network. The Fortinet Security Fabric integrates a Zero Trust Network Access (ZTNA) model across the connected platform architecture. Adoption of a ZTNA model ensures persistent earned trust. As a matter of standard security enforcement, no users, applications, or devices will be trusted or allowed onto the network until a series of authentication, authorization and device security verification checks are accomplished.

Secure Remote Access within a Smart Building

Remote access to building information and operational technologies is another unique aspect of commercial building networks. Due to the vast array of building systems with integrated remote monitoring/management platforms, the need to provide secure remote access to third-party vendors who support the building’s various HVAC, door controllers, IoT sensors, and surveillance cameras, etc., is at an all-time high. However, it’s been widely publicized throughout the media that several of the most severe data breaches over the past few years occurred due to lax security controls enforcement for third-party remote access into enterprise networks.

Secure remote access functionality is built directly into Fortinet’s NGFWs to minimize the risk of third-party remote access without limiting the inherent benefits. Additionally, remote access devices and users must also adhere to the ZTNA policy before gaining access to the building network. Therefore, no matter where users connect—wired Ethernet, Wi-Fi, or remote access VPN—security policies are unified and enforced consistently. This not only streamlines security policy management, but it also better ensures that there are no weaknesses along any network access entry points. 

Smart Building Security Benefits

Intelligent building solutions can produce tremendous economic and intrinsic value when cybersecurity is placed at the forefront. For buildings with existing technologies that include disparate networks and multiple internet connections, these systems can easily be migrated to the more resilient and secure connected platform. 

Additionally, it’s not uncommon for existing building technologies to run on their own internet connection for remote monitoring and management. Once migrated to the platform, which includes high-speed and fully redundant internet links, these dozens of internet connections and associated monthly bills can be eliminated, significantly lowering operational costs.

Perhaps the most significant benefit of all is that quantifying risk is now possible thanks to the ability to collect and analyze data sourced from the various network security tools deployed throughout the unified network. Since the platform is an end-to-end solution for a building or campus’s entire wired, wireless, and remote access needs, end-to-end observability and cybersecurity monitoring can become fully realized. 

Learn more about solving technology risks for intelligent building solutions in this paper produced by JLL in conjunction with Red Bison Technology Group and Fortinet.