This article was originally published on Forbes.
The commercial real estate industry is inching closer to the finish line of an ongoing digital transformation, which has allowed investment management firms to uncover trends and make investment decisions by efficiently leveraging data. Unfortunately, the concurrent rise in cybersecurity concerns means that firms must now carefully evaluate how the cloud-based software they’ve adopted protects their data against ransomware attacks. Cybersecurity is no longer a box to check; it’s an imperative endeavor that protects sensitive information, which is often your competitive advantage. In this blog post, we’ll detail the robust framework modern investment management firms have adopted to protect their data at every touchpoint.
The Urgent Need for Increased Oversight Into Real Estate Data Security
As assets move from team to team throughout the asset lifecycle, data travels a similar path from system to system. To fortify their data against modern real estate data security threats, firms must take a holistic approach to ensuring its protection at all of these touchpoints. Without the appropriate precautions, your biggest asset could become a significant liability.
Understanding the Modern Real Estate Data Security Framework Leading Firms Follow
According to an Audit Analytics report from 2020, the average cost of a cyber breach for public companies was $116 million. New budgets and dedicated leadership, however, are only some of the provisions firms have put in place to defend their real estate data. Above all, auditing new and existing software platforms to confirm that they meet modern standards is key. This framework details how leading investment management teams evaluate enterprise software to ensure that it provides adequate real estate data security.
1. Visibility and Controlled Access
As a baseline real estate data security measure, enterprise software should ensure that users have full visibility into data, and that admins can control user access. Users with the right permissions should be able to easily access, manage and update data within the software. The platform should also eliminate the possibility of data loss by centrally managing content, security, policy and provisioning. The software must block search engines and web crawlers, making sensitive data visible only to users with access.
Granular access controls permit admins to enforce firm real estate data security regulations, even within third-party software. Designated administrators must have the ability to control which actions certain users can perform, as well as what data they can see. In the event that an employee leaves or changes roles, administrators should be able to immediately revoke or change their access. To protect user accounts from potential real estate cyber attacks, they should also be able to enforce password regulations, including single-sign on authentication.
2. Comprehensive Activity Tracking and Audit Log
Beyond preventing external access, real estate data security also encompasses user action monitoring. Comprehensive activity tracking and audit logs provide administrators and leadership with detailed information about how and when employees use platforms. This measure creates complete visibility into every action performed, resulting in full transparency.
3. Secure Data and Digital Content Services
Robust encryption is absolutely essential for best-in-class data security. All content and data must be encrypted when delivered to the platform, and when users access it. When data is in transit, it should be transported via HTTPS using transport layer security (TLS) 1.3. After delivery, it should be stored with AES-256 encryption at rest. To ensure that data remains sufficiently protected and available in the event of an outage or attack, systems should include multi-region redundancy and constant monitoring and threat detection.
4. Third-Party Verification and Compliance
For complete confidence in a platform’s real estate data security, you should always confirm that it carries rigorous third-party certifications. SOC 2 Type 2 certification under SSAE 16 has become the industry standard when it comes to delivering secure, resilient and highly available cloud-native applications and data services. CyberGRX Tier 1 Assessment protocols, as well as penetration and vulnerability tests, can also indicate how platforms measure up against industry standards.
5. Availability and Resilience
All systems in your tech stack must deliver secure, resilient and highly available services, ensuring you can access, update and leverage data under any circumstances. To accomplish this, the platform must utilize multiple data centers, including reliable power sources and backup systems. These software companies must also have robust disaster recovery and business continuity plans, which they should re-evaluate annually and present to you upon request. When using a cloud-based platform with leading investment management firms as clients, you can rest assured that you’re benefiting from the same security standards as industry leaders.
Conducting a Thorough, Purposeful Software Evaluation
Implementing the right software in your real estate investment management firm can drive bottom-line results, but is your firm prepared to properly evaluate their needs, goals and desired outcomes? Without first defining success, understanding how to evaluate potential solutions, or knowing how the platform will be adopted, buying software can be a disorganized process. Download our playbook to learn how you can evaluate potential solutions with a thoughtful, outcome-driven framework.