Jan 31 2013

How important is data security when looking to the cloud?

When we meet and discuss the outline requirements of an asset owner or contractor about using our systems to support their
Plan-Build-Operate activities, we find that the majority of customers place a high value on matters relating to data security.
Sharing project information

By design, collaboration platforms bring together project teams from different locations and organisations to ensure they are working with the very latest information. Cloud computing presents a lower risk approach to collaborative working as the client does not need to let outside parties past their own company systems firewall.

With the project data being exchanged within a cloud environment, the responsibility for hosting, managing and insuring its security resides with the software vendor that the client selects. If the supporting software infrastructure is inadequate or unreliable, a failure, breach of security or loss of data not only reflects badly on the software provider, it significantly increases the risk of costly project delays to the client and the supply chain.

With risk factors in mind the thought process from a client when considering using a cloud collaboration platform typically includes questions such as:

  • Where is my project data stored?
  • Aside from the software vendor, who else is involved with hosting, managing and maintaining my data?
  • What is your system availability, can you provide verifiable performance reports?
  • When are updates and maintenance carried out?
  • What password or encryption measures are in place?
  • Is the software and infrastructure ISO or BS standard certified?
  • Who do you work with in my industry, who else uses the software?
  • Can I speak to your existing customers and ask them questions?

Such questions are especially relevant in the current business climate as clients look to reduce IT costs and improve efficiency by moving services to the cloud.

Throughout the last decade, due to demand from clients for increasingly sophisticated features, the original remit for a construction extranet to enable project teams to remotely view, share and edit AEC drawings and instruction has substantially evolved. The integration of cost, time and contractual transactions within the cloud application has meant that project control is now a more appropriate description of this cloud activity. And with the data consisting of time-critical, confidential and financial information, data security has never been more important.

Network servers and Earth globeTo ensure we meet our security obligation at CONJECT we’ve implemented stringent measures across our systems that provide a balance of convenience to our users and security to our clients. For instance, our systems are serviced with a global hosting infrastructure (called Attenda, CONJECT case study here), with inbuilt redundancy. Every physical component is replicated to ensure continued operation in the event of a component failure. Our entire application service (application, database, etc.) is fully managed, which means that the system is pro-actively monitored and maintained by site-based personnel 24 hours a day, 365 days a year, ensuring data is backed up and protected at all times throughout multiple data centres. Attenda services are certified to ISO /IEC 27001, ISO 9001 and they are a Microsoft Gold Partner.

As well as offering the option of SSL data encryption (the same capability provided with online banking and payment services) we have also chosen to embed an extra level of data security. Each client is provided with a separate “private” cloud within which their data is managed and protected. All authorised users access this database via a unique URL, chosen by each client, further reducing the likelihood of unwelcome visitors attempting to access the data via a multi-tenancy approach where the data and its structure is highly visible.

At the end of the build stage some of our clients like to take the project information offline so that they can share the complete archive of built asset information within their organisation for operational purposes.  The O&M manuals, Health & Safety files and As-built information contained within the archive are an essential reference & legal resource for asset owners. With the volume of data involved being measured by the gigabyte, this data needs to be transferred via portable media devices such as USB drives before being shipped to the client. The final delivery process where a courier or mail carrier is used represents a significant risk to our clients in that the disc could be lost or stolen and could be accessed by anyone with a computer USB port.

Istorage diskGenie 3

To mitigate this risk, whenever a data transfer takes place involving portable media, we use discs which feature military grade 256-bit encryption technology from Istorage. Every disc is protected with a unique pin code which we share with the recipient of the disc, meaning that in the event of the disc being lost or stolen, the chances of data recovery are negligible.

During recent years there have been several high profile examples where sensitive and valuable data has either been lost in transit or lost through carelessness. For instance, in 2011 a Canadian federal agency admitted that an employee had lost a USB disc containing the personal data of over 500,000 people who had taken out student loans over a 5 year period. The lost records included: names, date of births, social security numbers, addresses and bank balances. In addition to embarrassment the loss of data can lead to financial penalties. Only last October, Manchester Police were fined £120,000 by the Information Commissioners Office when a USB disc containing sensitive data was lost. Studies have shown that “more than 40 per cent of companies never recover from catastrophic data loss, and 90 per cent of companies that suffer a significant data loss go out of business within two years”.

With such risks in mind, we’re pleased to provide a “best of breed” solution to our clients and users.  Throughout the Plan-Build-Operate lifecycle our cloud operations are used by organisations that have significant demands pertaining to security. Clients of this nature include: global financial institutions, essential infrastructure providers, government authorities, utility companies and major manufacturers to whom we provide piece of mind by ensuring their data is safe and secure.


About the author

Michelle Mason

Michelle Mason leads the UK and MEAP Marketing team, with far too many years in B2B marketing to mention. A CONJECT newbie, Michelle is eagerly climbing a steep learning curve.

View my LinkedIn profile:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>