Page 26 - RC19 RealcommEDGE 2019 Fall Issue
P. 26

SPOTLIGHT: Cybersecurity










          VENDOR RISK MANAGEMENT IS KEY


          TO MITIGATING CYBERSECURITY RISK







                                         TOM SHIRCLIFF                     ROB MURCHISON
                                         Co-Founder                        Co-Founder
                                         Intelligent Buildings             Intelligent Buildings





          EFFECTIVE CYBERSECURITY MAY NOT be easy to           does not create an unacceptable potential for business
          implement, but you might agree by the end of this article   disruption or a negative impact on business performance.
          that it’s easy relative to the broader technology-related
          problem in commercial real estate (CRE). In other words:   Gartner intended this description for IT environments but
          cybersecurity is only a subset of the real problem.   our 15 years in the real estate technology space tells us
                                                               that this is even more applicable to real estate than it is to
          For many years, all industries have struggled with   IT-proper for the reasons outlined below.
          traditional enterprise cybersecurity risks and the
          consequences we read about in the headlines          In larger portfolios, there are three things that any real
          every day. As a result, there are many cybersecurity   estate professional knows about vendors—particularly
          solutions for traditional IT areas such as local area   building systems contractors:
          networking (LAN), remote access and information
          security (infosec) in general. Although commercial   1.  Fragmentation: There is tremendous fragmentation in
          real estate is late to the game in most IT solution    the number and type of contractors across the total
          implementations, we do have the advantage of being     building count.
          able to pick and choose what is right for our portfolios
          from established options.                            2.  Inconsistencies: The fragmentation creates indescrib-
                                                                 able inconsistencies for system setup and configura-
          If you have not already done so, in the near future, your   tion, data back-ups and remote access.
          real estate organization will either end up putting all
          building control systems on your existing enterprise   3.  Turnover: There is frequent turnover at all levels
          network or providing a stand-alone, remote access and   between contractors, building managers and
          LAN solution for those building systems. For the latter,   property managers.
          it requires a much more simplified solution that not only
          protects but is also cost-effective and easy to manage    Fragmentation, inconsistencies and turnover at scale cre-
          for the organization and the contractors using it. In short:   ate chaos. This chaos tells us the real problem is VRM and
          it needs to be an IT solution for a non-IT customer.   dealing with dozens or even hundreds of different contrac-
                                                               tors. They not only have (or need) remote access but also
          However, focusing on the remote access issue alone   manage onsite, complex, digital building systems such
          misses the real problem as it was dubbed in the first para-  as HVAC, elevator, lighting, parking and metering. These
          graph, which we call Vendor Risk Management (VRM).   systems in buildings provide critical functions affecting
          The 2019 Gartner Glossary states that VRM is: the    life safety, experience, productivity, core network integrity,
          process of ensuring that the use of service providers   regulatory compliance and insurance exposure.


          24
   21   22   23   24   25   26   27   28   29   30   31