The construction industry is realizing that digital is not just good-to-have; it is essential. Over the last few years, digital has begun to make a difference. Today, 3600 cameras are considered must-haves and are speeding up progress documentation by 80 percent besides assisting in site surveillance and security. The use of drones went up by 239 percent in 2019 over 2018, improving waste monitoring and ensuring workers did not have to operate in potentially dangerous environments. Mobile technology, wearables, augmented reality, and even 3D printing are finding their way into the industry. Interestingly, a pre-COVID-19 report of the Associated General Contractors (AGC) of America said that 23 percent of construction contractors were using hybrid cloud, 20 percent were using cloud hosting for their servers and networks, and 10 percent were using cloud-based SaaS. The AGC of America 2020 report showed that mobile usage was continuing to drive the adoption of cloud. Now, cloud usage by the industry is about to get an enormous boost.
Thanks to the $1 trillion Infrastructure Bill passed by the US public sector, projects will use an increasing amount of cloud to bring down costs and synchronize equipment, labor, supply chains, and stakeholders. While the spending on roads, bridges, airports, public transit, ports, and waterways brought about by the infrastructure bill is a boon to the industry, it is about to throw up new challenges in data privacy and protection.
Data protection is tricky
Industries that have been traditional leaders in IT continue to increase their investments in data protection. This is a necessity. With remote working on the rise, 2021 is predicted to be a record-breaking year for data breaches and ransomware attacks. According to studies, the average cost of a data breach hit $4.24 million per incident in 2021, the highest in 17 years.
The construction industry is witnessing data proliferation at an unprecedented pace. Data is also being shared across varied entities and systems, increasing the threat landscape. With the rapid growth in cloud usage, the need for data protection cannot be underestimated. To secure its data, the construction industry will be required to make a quick cultural shift from being a generator and processor of data to also being a guardian of data. This includes developing policies, governance, and compliance processes in addition to putting security technology and training in place. Going forward, data protection should be at the heart of all digital strategy.
The problem of data protection is so acute that the US Infrastructure Bill includes nearly $2 billion for cybersecurity!
Data security is a complex science
New levels of sophistication are being introduced by artificial intelligence, deep learning, automation, behavioral analytics, zero trust models, and techniques such as hardware authentication and virtualized firewalls. Reaching decisions around data protection can be difficult and confusing. But, a good place to start are these four approaches:
Prevention is better than cure: Ensure that privacy and security are part of your cloud infrastructure and migration strategy. Use DataSecOps to make security and data governance part of your data operations. DataSecOps will democratize data usage by creating clear data owners. It will bring automation and testing to the forefront to eliminate manual bottlenecks. And it will make data accessible in a secure and convenient manner.
Trust no one: The remote work model has injected fresh threats to data protection. One remote work security report this year found that 68 percent of those surveyed feared data leaks from their end points, 59 percent were concerned about connecting with unmanaged devices, and 45 percent were anxious about maintaining regulatory compliance. The recommended approach to solve these threats is by using a cybersecurity mesh to build zero trust security. The cybersecurity mesh moves away from the pre-COVID perimeter-centric approach. It ensures that all data, devices, networks, and applications are accessed securely regardless of location and user type (human or machine). The technique assumes that all connections that access data are threats unless verified. Gartner predicts that “by 2025, cybersecurity mesh will support more than half of all IAM (Identity and Access Management) requests”.
Take responsibility for cloud security: Cloud (largely) centralizes enterprise data. Theoretically, this should make data security more manageable. Cloud makes it easier to monitor and detect threats, launch response solutions and contain intrusions. It is also easier to implement IAM using intelligent and dynamic authentication processes. But cloud providers have varied security capabilities, and they typically share security responsibilities with users. This means establishing and enforcing a consistent security policy across multiple cloud environments can be a challenge. In addition, techniques such as data classification, data masking/ encryption, and the least privilege model will need to be understood and deployed. Your business would do well to take responsibility for using the right methodology rather than leave it to the cloud provider.
Keep a hawk’s eye on your data: Data wants to be free. The more it is used, the higher its value. This means access to data will need to be provided across the organization and, perhaps, even outside to external partners. This is especially true in the vast and sprawling public sector construction ecosystem. To prevent leaks and damage due to unauthorized access, it is necessary to mask or encrypt the data while it travels across systems or is stored in cloud. Incidentally, 43% of cloud databases are currently unencrypted. You don’t want your organization to be part of that statistic. Further, techniques to protect data invariably place an extra burden on those who need to access it legitimately. For example, users may have to go through a 2-step authentication process or use only specific networks and devices to access the data or provide biometric authentication. Many organizations slacken their controls to reduce the inconvenience. You don’t want your organization to fall in this bucket, either.
As digital transformation changes the construction industry, the growing volumes of data will present a special challenge. Organizations will need to build specialized capabilities around data management and protection. Without this, digital transformation will be meaningless—and in several instances, even dangerous.