As one of the most information-intensive industries, construction can reveal a lot about how mobility, cybersecurity and big data must work together seamlessly in a highly regulated environment. Because so many people are accessing enormous amounts of data from the ground up (literally), IT becomes a mission-critical way to ensure that people on the construction site can use and share tasks, data and communication in a timely and secure manner.

Thanks to the advent of cloud computing, new project management software and smart mobile device management, securing data in the field has never been more intuitive, especially as both small and massive projects rely on efficient mobile communication between job sites, customers and satellite offices.

For perspective, the construction industry nets approximately $10 trillion globally. Work sites, which can span large areas and require huge crews, are increasingly adopting new technology, like drones and robotics to achieve inspections and surveys quickly, especially since missed deadlines can mean major financial setbacks for all parties.

A 2016 PricewaterhouseCoopers report estimates the global use of mobile technology to be $127 billion. But the big question is, how will mobile data effectively be managed as new solutions are adopted, especially with increased concerns about information security?

Mobile Solutions: A Security Game Changer

Mike Keemle, solutions architect at OneNeck IT Solutions in Scottsdale, Arizona, said that the increased use of new and mobile technology is changing how IT is managed across industries.

“Mobile solutions provide the ability to access information and data at a moment’s notice. This allows organizations to be agile and increase productivity within their workforce,” he said. “This workplace paradigm also tends to be a selling point in attracting new employees with vital skill sets. It’s especially true for those younger members of the workforce who have grown up with the ability to instantly access data, from anywhere, at any time.”

And while the construction industry may be lagging compared to the speed at which other industries (like health care and media, for example) are adopting new technology, at least according to a McKinsey report, the changes do create new questions about how to effectively manage so much data on the latest mobile platforms.

Keemle said that mobile solutions are not just for accessing employee emails and calendars anymore. He noted that smartphones and tablets are being used to run point of sales (POS) systems and remotely control security and environmental systems.

As more employees use mobile devices in industries like construction, where timely access to this information is critical, IT managers face some new and challenging concerns about cybersecurity.

“Gone are the days when a strong network perimeter and a responsible workstation and server-patching policy/process were enough to keep the bad guys out,” Keemle said. “With mobility, employees routinely take laptops outside of the corporate stronghold for the purposes of working from home or other remote locations. Coupled with the use of other mobile devices, such as cell phones and tablets, these devices are all being used to access sensitive organizational data.”

For example, even if an organization’s policy allows only corporate devices on its network, it may not be able to enforce it or identify prohibited devices.

“There’s no doubt that mobile solutions present an entirely new opportunity for employees while also exposing an organization’s sensitive and business-critical data,” Keemle explained.

What to Consider Before Implementing a Mobile Solution

For the construction industry, mobility is, of course, mission critical, which means that securing data takes on a new focus – namely providing security on the go and at all stages of the work cycle. As such, IT professionals can help prevent problems before they happen.

Keemle said organizations need to ask a few important questions before implementing promising new mobile solutions.

First, to minimize the inherent threats presented by any new mobile solution, he said that organizations need to create policies outlining who, what, when, where and how employees can access the company’s network and data.

“Measures must be put in place to ensure that the organization can precisely identify who is accessing data, including the types of data, device(s) and access methods (e.g., remote access VPN, wireless or wired networks).” They should also develop and implement granular authentication and authorization methods to minimize the number of devices and users accessing data.

Second, Keemle said organizations must ensure that systems accessing networks are patched correctly. For example, remediation steps can be taken to protect any data.

“This remediation should allow for the organization to disable the device, or erase the data completely, in the event the device has been lost, stolen or compromised,” he said.

Third, a solution should be implemented that can restrict what applications are loaded or removed from the device.

“It should also include audit capability to provide visibility into the devices applications and services,” Keemle said. “This will require organizations to ensure resources are available and allocated to review the visibility.”

Overall, these resources can be managed internally or via an outside security offering. Three factors can help an organization identify the best option and determine whether or not to build an internal security plan or simply outsource it:

• Size: How many people will be accessing data and on what devices? What type of training will be needed to teach users about new protocol?
• Budget: How much time and money can and should be allocated to managing data, and should it be handled in house or by an outside vendor?
• Capacity: What new investments are anticipated, and to what extent can the current network handle the workload?

The Future of Mobile IT

As with all industries, construction professionals are looking for new ways to mitigate risk and maintain tight budgets. In the day to day, IT-managed technology can be a boon, even though the industry has been slow to embrace it. Fortunately, a big push is coming from project collaboration solutions – practical tools that help navigate all aspects of the process, be it project designs or even 2D and 3D files.

Add to this the increased interest in augmented and virtual reality technologies that can enhance collaboration among important stakeholders, and the industry will need to consider even newer ways to keep up in terms of security risks.

“When it comes to accessing data, some of the biggest challenges facing us today are the number and complexity of attacks on all types of mobile devices,” Keemle said. “While Windows devices used to be thought of as the primary target, malware and other attack mechanisms are now being written for IOS devices as well as Android and other mobile operating systems. While they are coming at a staggering pace, we continue to work within a budget, though the bad guys have almost limitless resources at their disposal.”

Any organization considering a mobile solution needs to consider how it will protect a data breach when (not if) it happens. This, coupled with having the highest visibility and broadest control over what and who has access to a network and the data contained within it, should ultimately dictate what type of solution works best.

As more solutions move to mobile platforms, IT managers need to increase data security overall, even questioning what devices are accessing information and when. A big part of the equation comes down to training users about what not to do. <

“Together these will ensure IT teams are prepared and ready to protect the company’s data, infrastructure and so much more,” Keemle said.

Check out the newly revised CompTIA Security+, which now covers device security.

Natalie Hope McDonald is a writer based in Philadelphia.