Welcome to our Case Study series, where we dive into case studies of real-life, large-scale deployments of smart building technologies, supported by our Marketplace.
I emphasize âreal lifeâ because this isnât a marketing fluff story. We're here to share real lessons from leaders that have done the work to integrate smart building technology into their operations. I also emphasize âlarge scaleâ because we're not here to talk about pilot projects. We're here to talk about deeper commitments to changing how buildings are operated.
The first edition was a case study of the University of Iowaâs FDD-driven maintenance program. The second edition is the story of a 5-year effort at LONG Building Technologies to integrate fault detection and diagnostics, or FDD, into their service operations.Â
This is the story of how BGO enhanced cybersecurity and sped up remote operations with the SASE framework. As part of our Partner Program, we interviewed Ben Cooper (on the Nexus podcast) about the cybersecurity strategy implemented in over 60 BGO properties.Â
Enjoy!
Â
â
"Since 2021, cybercrime has increased by 10% and subsequently the estimated yearly loss from cybercrime is expected to be nearly $10 trillion in 2025. The average cost of a data breach is around 5 million dollars (USD)." --Ben Cooper of BGO
As the real estate industry, specifically commercial real estate, advances into a stage of network connectivity, cybersecurity practices become a critical component of building operations.
The operational technology (OT) team at BentallGreenOak (BGO) realized the significant risk occurring within building operations. With more and more connected devices collecting and sharing data and no standards or best practices in place, the operational technology was acting like an open door with all of that data ready to be siphoned. This posed a significant threat to not only the financial security of BGO, but also a threat to the company's reputation. In a competitive industry such as commercial real estate, a loss of reputation can be catastrophic.
BGO needed to implement a robust cybersecurity strategy to mitigate risk and meet two specific requirements:
In response to the security challenges, BGO devised a multifaceted solution. They wanted the building networks to follow industry best practices and they wanted to implement policies and procedures to apply to contracts with vendors and pass to other property teams.
For this strategy, BGO conducted comprehensive deep dives into the property networksâdesign, network topology, visualization, vulnerabilities, areas of concern, and an asset inventory of everything connected to those networks.
They implemented a software and hardware solution that Ben calls a cybersecurity platform. Itâs built based on theSecure Access Service Edge (SASE) framework, which combines network security and wide-area networking capabilities, providing comprehensive management, configuration, and security for remote users and devices. The SASE framework reduced the challenges with latency from traditional VPN remote connections. Additionally, BGO adopted a Zero Trust architecture, where trust is never assumed, and every user and device must be continuously authenticated and verified.
BGO employees are authenticated through Okta each time they log on or have been away from the network for an extended period of time. Vendors are given schedule-based access.
"Access is given on a need to know basis. Let's say I've got an operator that looks after two buildings. He only needs to know about those two buildings. I'm only going to give him access in the portal to those two buildings. But then we can get more granular than that. Let's say he or she only looks at the BAS system. We only give them access to that BAS system." --Ben Cooper
â
With the addition of the cybersecurity platform, BGO now has the ability to audit access so if anything were to go wrong, they would have the audit listings to investigate any suspicious activity.
The addition of a single box alleviates the need for different gateways from various vendors. Anything that is connected to a cloud instance, BGO can connect to it and through a secure source.
Operator adoption of the new system and process is approximately 80%. BGO has made it as easy as possible for operators to securely log into the platform from anywhere. Response from the operators has been very positive.
It is crucial to approach cybersecurity with a well-defined strategy and establish standards for expectations. This not only helps in the implementation process but also in maintaining a proactive security posture.
"Sit down with all areas of your business and come up with a strategy, especially your IT team. Find out what exactly it means for you to have a standardized building network. Does it mean you have to converge all your networks? Maybe not. Having that standard is the most important thing." --Ben Cooper
Before embarking on your cybersecurity initiative, it is imperative to conduct a thorough audit of existing technology and requirements. This due diligence phase ensures that the selected solution aligns with the property's specific needs.
"Let's say we have a BAS and a lighting system. Both are connected to the internet, but the BAS is giving out the most data. So we're going to protect the BAS as the first priority. Or do we do a soft convergence and try to bring everything as together as possible onto a switch and then put our platform on top of that?" --Ben Cooper
The cybersecurity landscape is constantly evolving. BGO recognized that the platform they implemented must also evolve continuously to adapt to emerging threats and technologies.
This is a never-ending project with a lot of continuous value.
Near the end of our interview, Ben shared an added benefit he sees from using the âcybersecurity platformâ he selected: He can easily add new technologies on top of it.Â
Securing the network layer already creates a low-friction method of onboarding new technology in the future, but BGOâs approach takes that to the next level. With the same technology product, they can add new data layer and application layer technologies without starting over from scratch.Â
Technologies with built in AI can monitor everything at once and report to your operators or security guards. Some use cases may be via CCTV, the detection of a weapon will alert 911 immediately. Also fire and smoke detection. AI modules can be quickly added to the network and used to detect emergencies before your building system.
â
"We are at the rate of incline for technology that in 5 years, who knows, there could be something even crazier that solves a whole whack of problems. We built ourselves this very nice future-proof platform that we are ready to deploy new technology with minimal lift." --Ben Cooper
â
The industry may move slow, but a lot of people are building infrastructures in order to deploy rapidly. That infrastructure completely changes the game for property technology.
Near the end of our interview, Ben shared an added benefit he sees from using the âcybersecurity platformâ he selected: He can easily add new technologies on top of it.Â
Securing the network layer already creates a low-friction method of onboarding new technology in the future, but BGOâs approach takes that to the next level. With the same technology product, they can add new data layer and application layer technologies without starting over from scratch.Â
Technologies with built in AI can monitor everything at once and report to your operators or security guards. Some use cases may be via CCTV, the detection of a weapon will alert 911 immediately. Also fire and smoke detection. AI modules can be quickly added to the network and used to detect emergencies before your building system.
â
"We are at the rate of incline for technology that in 5 years, who knows, there could be something even crazier that solves a whole whack of problems. We built ourselves this very nice future-proof platform that we are ready to deploy new technology with minimal lift." --Ben Cooper
â
The industry may move slow, but a lot of people are building infrastructures in order to deploy rapidly. That infrastructure completely changes the game for property technology.
Near the end of our interview, Ben shared an added benefit he sees from using the âcybersecurity platformâ he selected: He can easily add new technologies on top of it.Â
Securing the network layer already creates a low-friction method of onboarding new technology in the future, but BGOâs approach takes that to the next level. With the same technology product, they can add new data layer and application layer technologies without starting over from scratch.Â
Technologies with built in AI can monitor everything at once and report to your operators or security guards. Some use cases may be via CCTV, the detection of a weapon will alert 911 immediately. Also fire and smoke detection. AI modules can be quickly added to the network and used to detect emergencies before your building system.
â
"We are at the rate of incline for technology that in 5 years, who knows, there could be something even crazier that solves a whole whack of problems. We built ourselves this very nice future-proof platform that we are ready to deploy new technology with minimal lift." --Ben Cooper
â
The industry may move slow, but a lot of people are building infrastructures in order to deploy rapidly. That infrastructure completely changes the game for property technology.
Welcome to our Case Study series, where we dive into case studies of real-life, large-scale deployments of smart building technologies, supported by our Marketplace.
I emphasize âreal lifeâ because this isnât a marketing fluff story. We're here to share real lessons from leaders that have done the work to integrate smart building technology into their operations. I also emphasize âlarge scaleâ because we're not here to talk about pilot projects. We're here to talk about deeper commitments to changing how buildings are operated.
The first edition was a case study of the University of Iowaâs FDD-driven maintenance program. The second edition is the story of a 5-year effort at LONG Building Technologies to integrate fault detection and diagnostics, or FDD, into their service operations.Â
This is the story of how BGO enhanced cybersecurity and sped up remote operations with the SASE framework. As part of our Partner Program, we interviewed Ben Cooper (on the Nexus podcast) about the cybersecurity strategy implemented in over 60 BGO properties.Â
Enjoy!
Â
â
"Since 2021, cybercrime has increased by 10% and subsequently the estimated yearly loss from cybercrime is expected to be nearly $10 trillion in 2025. The average cost of a data breach is around 5 million dollars (USD)." --Ben Cooper of BGO
As the real estate industry, specifically commercial real estate, advances into a stage of network connectivity, cybersecurity practices become a critical component of building operations.
The operational technology (OT) team at BentallGreenOak (BGO) realized the significant risk occurring within building operations. With more and more connected devices collecting and sharing data and no standards or best practices in place, the operational technology was acting like an open door with all of that data ready to be siphoned. This posed a significant threat to not only the financial security of BGO, but also a threat to the company's reputation. In a competitive industry such as commercial real estate, a loss of reputation can be catastrophic.
BGO needed to implement a robust cybersecurity strategy to mitigate risk and meet two specific requirements:
In response to the security challenges, BGO devised a multifaceted solution. They wanted the building networks to follow industry best practices and they wanted to implement policies and procedures to apply to contracts with vendors and pass to other property teams.
For this strategy, BGO conducted comprehensive deep dives into the property networksâdesign, network topology, visualization, vulnerabilities, areas of concern, and an asset inventory of everything connected to those networks.
They implemented a software and hardware solution that Ben calls a cybersecurity platform. Itâs built based on theSecure Access Service Edge (SASE) framework, which combines network security and wide-area networking capabilities, providing comprehensive management, configuration, and security for remote users and devices. The SASE framework reduced the challenges with latency from traditional VPN remote connections. Additionally, BGO adopted a Zero Trust architecture, where trust is never assumed, and every user and device must be continuously authenticated and verified.
BGO employees are authenticated through Okta each time they log on or have been away from the network for an extended period of time. Vendors are given schedule-based access.
"Access is given on a need to know basis. Let's say I've got an operator that looks after two buildings. He only needs to know about those two buildings. I'm only going to give him access in the portal to those two buildings. But then we can get more granular than that. Let's say he or she only looks at the BAS system. We only give them access to that BAS system." --Ben Cooper
â
With the addition of the cybersecurity platform, BGO now has the ability to audit access so if anything were to go wrong, they would have the audit listings to investigate any suspicious activity.
The addition of a single box alleviates the need for different gateways from various vendors. Anything that is connected to a cloud instance, BGO can connect to it and through a secure source.
Operator adoption of the new system and process is approximately 80%. BGO has made it as easy as possible for operators to securely log into the platform from anywhere. Response from the operators has been very positive.
It is crucial to approach cybersecurity with a well-defined strategy and establish standards for expectations. This not only helps in the implementation process but also in maintaining a proactive security posture.
"Sit down with all areas of your business and come up with a strategy, especially your IT team. Find out what exactly it means for you to have a standardized building network. Does it mean you have to converge all your networks? Maybe not. Having that standard is the most important thing." --Ben Cooper
Before embarking on your cybersecurity initiative, it is imperative to conduct a thorough audit of existing technology and requirements. This due diligence phase ensures that the selected solution aligns with the property's specific needs.
"Let's say we have a BAS and a lighting system. Both are connected to the internet, but the BAS is giving out the most data. So we're going to protect the BAS as the first priority. Or do we do a soft convergence and try to bring everything as together as possible onto a switch and then put our platform on top of that?" --Ben Cooper
The cybersecurity landscape is constantly evolving. BGO recognized that the platform they implemented must also evolve continuously to adapt to emerging threats and technologies.
This is a never-ending project with a lot of continuous value.
Head over to Nexus Connect and see whatâs new in the community. Donât forget to check out the latest member-only events.
Go to Nexus ConnectJoin Nexus Pro and get full access including invite-only member gatherings, access to the community chatroom Nexus Connect, networking opportunities, and deep dive essays.
Sign Up