Traditionally, the construction network was simplistic, where it started with blueprints, spreadsheets, and word docs. Over time, the need for more efficient communication necessitated construction site networks, file sharing, and email, which led to changes in how companies in construction protected their network and data. Today, we’re seeing this transformation happen again as construction companies implement new technology, making it a challenge to protect data on the construction site.

For more information on the construction technology shift, and what to do, check out our Construction 101 whitepaper.

Four main technologies are reshaping the construction industry, each with security considerations to account for when rolling it out.

1. Construction ERP systems

Construction specific ERP systems have become more prevalent in recent years. ERP systems provide channels for collaboration as well as HR, vendor, and accounting management functions. Specific construction ERP systems also help with industry-specific challenges such as sub-contractor management, dispatch management, and jobsite timeclock tools. Solutions as Epicor, Maestro, Microsoft, and Penta have targeted the construction industry to provide relief for construction industry challenges.

What is overlooked?

Often overlooked is the delivery model for these applications. While companies such as Epicor still offer options for on-premise or self-hosted solutions, most offerings are now becoming cloud-based.  Software-as-a-service is becoming the desired solution for most construction companies since hosting, and on-premise solutions tend to be away from the actual construction site. This means that IT leaders need to reevaluate their security controls.  Traditional firewalls, site to site VPNs, and basic remote desktop connections will not suffice.  Most often, data from these cloud-based ERP solutions circumvent the corporate network altogether.

What is the solution?

When looking at construction ERP systems, consider the delivery method. If it is a SaaS-based solution, focus your efforts on endpoint protection. Endpoint detection and protection solutions will provide better ERP data security than traditional network-based approaches. 

 

2. Tool Management Software

Construction tool management solutions have made advances in how companies track and tools and equipment, scheduled maintenance, and reduce loss. Solutions such as Asset Guardian, IntelliTrack, Asset Panda, and ToolWatch Enterprise are reshaping the way organizations track and manage assets.  

What is overlooked?

These platforms need to be integrated, and they often are not. Many require hardware for scanning, which needs to integrate with phones, tablets, and endpoints, which creates security challenges because data is not collected via traditional methods (a PC).  So common AV solutions will not suffice.  Also, many require a wireless network, which creates an additional entry point for the corporate network. Finally, most of the tool management software providers integrate with ERP systems. For example, Asset Guardian combines with Microsoft dynamics. All of this means your construction data is collected in a new way and integrated with other new technologies.

What is the solution? 

If data collection requires a wireless network, manage the connections with a managed gateway solution. A managed gateway solution, such as a managed UTM or security device, will track these connections, data transfers, and unauthorized network access.  This is critical as the network is not confined to one corporate network, but multiple construction sites.

3. Construction CRM Software

Construction CRM software platforms have taken the sales process from a handshake and a word document to an integrated and efficient platform for a quote, order, and project management. Cosential, Buildertrend, and salesforce have seen significant construction industry growth by catering to the specific needs of construction industry segments, such as commercial, roofing, and remodeling customers.     

What is overlooked?

From a security perspective, CRM users are overlooked. The construction industry experiences a higher turnover than most organizations, and the procedures to lock out employees after termination doesn't happen as often as it should. With the right processes and procedures in place, a former employee could have access to your organization's customer list, pricing, and project database.

What is the solution? 

When looking at CRM software, make sure you have a strong security operations program that supports changes in the workforce. A robust security program will account for not just employees who are leaving but educate existing employees on best practices and procedures.

4. Building Information Modeling (BIM)

BIM is no longer a "new trend."  Over 80% of large construction companies use building information modeling for a model-based process that provides architecture, engineering, and construction professionals insight to help plan, design, and construct.

What is overlooked?

The third-party integration and coordination needed for BIM to work effectively.  The goal of BIM is to bring together different users, skills, and plans into one cohesive environment. But this coordination comes with partner and supplier security concerns.  Many organizations are unaware of their partner and supplier security standards. With BIM, if any of these are not buttoned up, the entire ecosystem is at risk.

What is the solution? 

Establish security standards for suppliers and partners. Ensure that your network takes security as seriously as you do. Security program operations should include processes to ensure supply chain risk management. NIST 800-161 provides excellent practices that can be adopted for construction organizations. 

 

It is essential to understand these technologies are not only shaping communications but data sharing and transfer. Each of these technologies touches on cloud environments, mobility, bring your own device, and data sharing. Because the way data is transferred and shared, traditional technologies, processes, and approaches to data and network security may not suffice.

For more information on the construction technology shift, and what you can do to protect your organization, check out our Construction 101 whitepaper.

 

Ready to get started?

Contact us to discuss your security needs.

Let's Talk