Be connected & yet safe

Smart buildings are IoT enabled and traditional building automation is also now IP enabled, internet connected and even run as SaaS in the cloud. Smart Buildings & workplaces are vulnerable to security issues of confidentiality, integrity and access.

Flamenco Tech with its deep expertise in ICT, IoT, Cloud, Security and smart building applications is best placed to help protect your Smart Building infrastructure and help you comply with your IT security best practices.

Alternate Text
Alternate Text

Typical Vulnerabilities

Smart building systems are complex and potential weaknesses include the following:

  • Firmware of the devices, gateways, related software and web services
  • Installing non-standard and integration of insecure devices i.e. CCTV equipment with factory supplied credentials or use of insecure protocols
  • Limited or no physical protection to device internals or wireless or wired networks
  • Poor cryptographic key management policies and procedures
  • Insufficient security for device discovery features
  • Poor security processes and misconfigurations (e.g. use of default passwords, repeating passwords across systems, devices exposed on the internet through UPnP, misconfigured remote.
  • Poor practices to update the software or firmware of IoT Devices / products or applying patches regularly
Alternate Text

Security Design and IT Approval Service

This includes re-architecting the smart building design, access controls and security posture to be in compliance with corporate IT Policies.

  • Establish a IoT Infrastructure Security framework
  • Identify the IoT devices / sensors supported interfaces, protocols and establish secured connectivity and communication architecture
  • Design in-line with Enterprise IT security / infosec team.
  • Prepare processes to ensure that security risks are managed from the start and continuously assessed during a lifecycle approach.
  • Establish activities to support the Security Design processes to manage security risks
  • Establish process and flow for point considerations at every phase to ensure that no decisions and approvals are made without security assessment
Alternate Text
Alternate Text

Infrastructure Security Audit Service

IoT Security Audit service covers the building automation infrastructure, systems, integration and operations.

  • Building– Define cyber security goals and standards for Building Infrastructure for independent building and connected buildings
  • Systems & Sub-Systems – Define cyber security foundations for Systems.
  • Integration Audit– Define security requirements that are to be followed while integrating more than one system and sub system.
  • Facilities Operation/Maintenance – Define process and methodology for managing and maintaining Facilities Management, secure system operation, configurations and secure access to systems
  • Define maintenance policy and process for keeping security up to date in systems and devices
  • Define methodology in-line with enterprise cyber security standards for identitymanagement, single sign-on, authentication, authorization and auditing vulnerability.
Alternate Text

IoT Security Risk Assessment Service

IoT Security Risk assessment covers risk identification and risk mitigation. We evaluate the following:

Alternate Text

IoT infrastructure architecture

Alternate Text

IoT Devices / sensors installation and connectivity

Alternate Text

IoT device / sensor firmware & Patches

Alternate Text

Access control & Permissions

Alternate Text

Maintenance activities

Security Posture Correction Service

Post risk assessment, our consultants can work with your IT & Security team to secure your smart building infrastructure. These will include:

  • Hardening IoT gateway platforms & other systems
  • Logging and auditing of IoT security events
  • Encryption, authentication and integrity protection for communications
  • Security response and patching processes
  • Configuration management
  • Network segmentation
  • Zero-trust configurations
Alternate Text