Cloud computing is on the rise, increasingly being adopted by many industries such as construction to enhance collaboration, productivity and agility.
“Cloud computing,” as defined by The National Institute of Standards and Technology (NIST), “is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” To simplify this statement, the cloud is computing, storage and data transmission available anywhere, anytime, on any device, in any capacity or location desired. In construction, access to office information and operations from a remote project site, provided by the cloud, is needed to make on-hand decisions and stay on schedule. Cloud solutions significantly improve project management across construction project locations. At the same time, cloud solutions can pose significant security risks if not managed correctly.
Company cloud policies and procedures need to be in place in order to protect data from being breached. No matter how large or small the company, the consequences of a data breach or cyber attack can be catastrophic. One of the biggest security threats to companies was CryptoLocker, a ransomware trojan that infects on-premise solutions and encrypts hard drives until the user pays a ransom to get it unencrypted. The Target data breach of 2013 ended up costing the company more than $100 million. This cyber attack stemmed from a security breach of a mechanical subcontractor on a construction site for Target. The subcontractor’s system was breached and the hackers were able to gain access to Target’s portal, jeopardizing all of Target customers’ data. This illustrates that companies need to take all data security seriously. Whether on-premise or in the cloud, companies should focus on securing data across operations, locations and workers.
Many builders don’t recognize the amount of confidential information they actually store, and the need to implement cyber security defenses to protect this sensitive data. The 2015 Construction Technology Report, powered by JBKnowledge, showed the severe lack in cloud security methods. More than 20 percent of the construction employees surveyed did not know if their companies had cloud security policies or procedures in place. No matter the number of cloud solutions employed, the report showed that policies and procedures to secure those solutions are not in place at construction companies.
Knowing the importance of implementing measures against cyber attacks and threats, what strategies can be put in place to combat them? Following is a good start to strengthening cyber security defenses.
- Implement cloud liability insurance. Cyber and privacy policies cover a business’ liability for a data breach in which a company’s personal information is exposed or stolen by a hacker or other criminal who has gained access to the firm’s electronic network.
- Hire a third party for audits and security. Get an expert to assess the company’s system’s security and install the appropriate network security software.
- Train employees. Companies should lead by example by setting up and communicating best practices and policies, enforcing safeguards and identifying suitable applications.
- Continuously update software. Make sure all software and operating systems are current. Check with vendors as well to make sure they’re enabling updates and aren’t using any unsupported systems.
To learn more about how construction companies are using and securing data in the cloud in 2016, request to download the 2016 JBKnowledge Construction Technology Report when it becomes available this fall.