Digital Fear: How Secure are Intelligent Building Systems?

January 11, 2022 by
Jan Brebaum

Our digital usage behaviour has never been so high. Digitalisation is constantly present in our everyday lives and simplifies our lives so that we have more time for the important things in life. Nevertheless, one side of digitalisation still seems like a black box to us: the security of our technologies and the data we entrust to them.    

 

Wir sind der Meinung, dass diese Sensibilität in Bezug auf ​  

Trotz großen Misstrauens, das uns Deutschen oft nachgesagt wird, legen viele Studien nahe, dass es trotz kritischer Fragen in der Bevölkerung eine große Begeisterung und eine hohe Akzeptanz für neue Technologien gibt (TAB: Hennen, 1994​  

Data Protection  

In order to guarantee the greatest possible security of user data, we have introduced comprehensive security measures. Thus, when opening doors or booking rooms or lockers, only technically necessary and security-relevant data is generated and stored in the background.   

 

"I think data protection is one of the most important issues of the 21st century. We need a Bill of Rights for the digital!"   

Tim Cook, CEO Apple, 2018    

  

Where is the collected data stored?   

Data from app users and end customers are hosted and processed in Germany. Sensorberg does not operate its own servers but uses an external hosting provider with servers in Germany.     

The data is stored as long as the user is listed in the Sensorberg system.  

If the user is deleted from the Sensorberg system (e.g. by an admin of the customer after termination of the contractual relationship), all his log data will also be deleted.    

 

Logging   

What is the purpose of logging in data protection?  

When one hears about logging of data, one becomes sceptical for the first time.    

However, logging according to the GDPR serves two main purposes: the detection of unauthorised access and the identification of gaps in data protection management.   

 

How is the data logged?   

All-access processes are logged in the back end, which ensures the traceability of the access. A log entry does not contain any personal data. These log entries are stored for possible prosecution and then irretrievably deleted.  

In addition, any changes to the data in the backend are recorded in an audit log. The IP address of the device that initiated the change is stored. These IP addresses are anonymised.     

 

ISO Certificate   

Every company that works with personal or confidential data should have an Information Security Management System (ISMS). This is a system of rules and procedures that ensures the security of stored and processed information. The ISO/IEC 27001 standard was created for the international standardisation of IT security.   

This ISO standard defines the goals of a stable ISMS and sets requirements for its implementation in a company. This includes the recording and evaluation of potential risks for relevant data, the introduction of processes that minimise the risks and limit the damage in the event of an incident. In addition, information security must be permanently reviewed so that adjustments can be made quickly if necessary.   

 

Failure Protection ​   

What happens in the event of a power failure? Can I still get into the building?  

The building's emergency power supply kicks in, so doors can still be opened. Retrofit hardware is battery-powered and is not affected by power outages.   

 

Internet Outage  

The Sensorberg solution also works offline at all important endpoints and is optimally protected against internet failures with the triple offline system. Every relevant component in the communication works without a network connection. This means that every building can be excellently secured with the Sensorberg solution:   

  

  1. Caching at the hubs, our IoT devices in the building.
  2. The entire backend can be displayed locally on the bridge  
  3. VConnection and control of the actuators via Bluetooth, so the mobile phone does not need an internet connection. 

  

Access rights are stored directly on the access hub (caching) and are kept up to date. In the event of a network failure, the last data set is still available. 

The entire Sensorberg backend system can also be installed locally on-site and is therefore independent of any internet connection.   

The telephone as a control medium does not need an internet connection to open. It communicates directly via Bluetooth.  

A certain scepticism about data protection is always good. However, it is also important to be informed and educated about what can happen to our data and how we can prevent it. Thanks to the GDPR, there are clear rules in the EU on how to deal with data. Sensorberg's information security system is certified according to ISO-27001 so that customers and partners can rely on confidential handling. Get advice from a Sensorberg professional to learn more about our solution and its security!