—Secure web service for connections between servers and with mobile devices to mitigate unauthorized access, network eavesdropping, and other threats.
—Dedicated secure site so data is safeguarded from others.
—Notifications and audit trails that show who requests, accesses, and views information.
Viewpoint Construction Software
From Bruce Kenny, vice president of product development
Security and Data Privacy has always been a critical aspect of any IT solution. In the past we have relied, perhaps naively, on the physical security of our office buildings housing our On-Premises solutions. As the construction industry dramatically accelerates its adoption of technology—particularly mobile, SaaS (software as a service) and other hosted solutions—and increases its use of digital data in their day-to-day operations, the burden of responsibility for security and data privacy increasingly shifts from the company itself to their selected vendors. With these distributed and hosted solutions the company must not only ensure their internal practices and systems are secure, they must now ensure that the solutions and environments of their vendors are secure.
The construction industry is fortunate as we can learn quickly from many other industries that have already navigated through the data security and privacy challenges that mobile and hosted solutions deliver. Many industries have already made the transition from on-premises to hosted solutions, from paper-based to digital workflows, from centralized computing to highly distributed mobile and SaaS solutions. Industries such as Financial Services, Health Care and Manufacturing have been leveraging hosted and mobile solutions for over a decade and as use increased, they pushed their vendors for tighter controls and practices. We see this maturity from vendors in technology sectors such as CRM (Customer Relationship Management), Customer Service & Support, Marketing Automation, Financial Services and Health Care—all areas of business that have embraced very high security and privacy practices as a cornerstone of their offerings.
While a few high profile cases of data breaches have been reported over the last few years, the reality is that the vast majority of technology vendors (software, hardware and infrastructure providers) have invested in and created superior security and privacy protections than most of their customers. The services industry has responded with increased standards and certifications to ease the burden-of-proof on any single company.
Specifically around data security and privacy there are a number of standards and certifications that a company can rely upon to confirm that their solutions vendor has taken security and privacy seriously. Standards such as ISO 27001 and SOC-1/2/3 (Service Organization Controls) are in place to ensure vendors, particularity those that process and store sensitive data, have the controls and processes in place to protect the data assets they are entrusted with.
Security and Privacy must be part of every solution evaluation. For any hosted solution, confirm that the data is being encrypted during transmission, that personally identifiable information is obfuscated, and that the vendor’s data center partner has the necessary certifications—ISO and SOC-2 & SOC-3—in place. It is important to also look beyond the vendors core solution and confirm that any 3rd-party solutions— social plug-ins such as Facebook and Twitter—are being used correctly, as we must protect against any premeditated offensive attack but equally protect against the proper use and distribution of data by our own employees, who may unwitting be sharing data they should not.