Consultancy

Be connected & yet safe

Smart buildings are IoT enabled and traditional building automation is also now IP enabled, internet connected and even run as SaaS in the cloud. Smart Buildings & workplaces are vulnerable to security issues of confidentiality, integrity and access.

Flamenco Tech with its deep expertise in ICT, IoT, Cloud, Security and smart building applications is best placed to help protect your Smart Building infrastructure and help you comply with your IT security best practices.

Typical Vulnerabilities

Smart building systems are complex and potential weaknesses include the following:

Firmware of the devices, gateways, related software and web services
Installing non-standard and integration of insecure devices i.e. CCTV equipment with factory supplied credentials or use of insecure protocols
Limited or no physical protection to device internals or wireless or wired networks
Poor cryptographic key management policies and procedures
Insufficient security for device discovery features
Poor security processes and misconfigurations (e.g. use of default passwords, repeating passwords across systems, devices exposed on the internet through UPnP, misconfigured remote.
Poor practices to update the software or firmware of IoT Devices / products or applying patches regularly

Security Design and IT Approval Service

This includes re-architecting the smart building design, access controls and security posture to be in compliance with corporate IT Policies.

Establish a IoT Infrastructure Security framework
Identify the IoT devices / sensors supported interfaces, protocols and establish secured connectivity and communication architecture
Design in-line with Enterprise IT security / infosec team.
Prepare processes to ensure that security risks are managed from the start and continuously assessed during a lifecycle approach.
Establish activities to support the Security Design processes to manage security risks
Establish process and flow for point considerations at every phase to ensure that no decisions and approvals are made without security assessment

Infrastructure Security Audit Service

IoT Security Audit service covers the building automation infrastructure, systems, integration and operations.

Building– Define cyber security goals and standards for Building Infrastructure for independent building and connected buildings
Systems & Sub-Systems – Define cyber security foundations for Systems.
Integration Audit– Define security requirements that are to be followed while integrating more than one system and sub system.
Facilities Operation/Maintenance – Define process and methodology for managing and maintaining Facilities Management, secure system operation, configurations and secure access to systems
Define maintenance policy and process for keeping security up to date in systems and devices
Define methodology in-line with enterprise cyber security standards for identitymanagement, single sign-on, authentication, authorization and auditing vulnerability.