Encrypting traffic across the internet is a given, but the protection of media where project data is stored is also critical. Companies need to have encryption at rest to protect sensitive data, even when it isn’t in transit.

Investment in security across multiple customers:

When they reach scale, SaaS collaboration platform vendors can invest more in security than their individual customers can – and definitely more than the subcontractors who are sharing information with their customers.

SaaS vendors can and should work closely with their customers’ IT security teams to ensure that common threats are adequately addressed.

SaaS vendors have undergone security evaluations from multiple customers and have demonstrated their security capabilities multiple times. A collaboration service provider’s logos can provide additional assurance that it has met rigorous industry standards for security.

In summary, not all SaaS collaboration platforms are created equal. Companies seeking maximum security for their construction project information and processes in today’s environment should consider these three priorities in selecting a collaboration solution:

—Provide a neutral, common platform while allowing each organization on the project to control their own destiny for sharing information with the project team

—Implement higher security hurdles across the project community, including 2FA and SSO

—Assume that their collaboration systems are imperfect and therefore constantly add new protections while monitoring traffic, trends and activity for red flags.

Only the largest SaaS collaboration service providers are able to invest in R&D for both advanced, industry-specific functionality and security measures – both functional and procedural. At the same time, only the largest providers have the teams in place to monitor activity and support their customers in identifying and assessing security threats.

CMiC

From communictions maanger Nikol Paar:

CMiC has been in the construction business for over 40 years now, we've watched the construction industry change and adapt to trends and attacks, and due to this reason we feel confident in stating that clients, vendors, and the like, can feel safe that their data is secured in the cloud - the trend that attacks its attacker.

CMiC launched subsidiary HIKUU Construction Cloud for this very reason, to keep client information and data secure, and conveniently stored. The cloud acts as a shield of protection against cyber attacks. HIKUU uses the Amazon Web Service (AWS) cloud infrastructure, which offers world-class protection that has achieved ISO 27001 certification and has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). Clients can rest assured that today's progressive construction software companies are two steps ahead of cyber attackers and have the necessary tools in place to prevent cyber crime.
 

EarthCam
From Brian Cury, CEO & Founder:
 
An important note is that within your own organization, either purposefully or inadvertently, personnel may pose a larger threat to data security than any technology exploit ever could. Experience has shown that competitors will not shy away from utilizing traditional hacking techniques as well as social engineering of personnel to gain access to sensitive information. Choose your technology partners wisely, and always look closely at your servers and web logs; you might be surprised who is watching and waiting both inside and outside the firewall. 

In addition, EarthCam maintains its own dedicated server platforms and Enterprise-Class storage systems in private data centers, not “cloud” or “virtualized” environments shared with others.


FieldLens
From CEO Doug Chambers:

At FieldLens our primary concern as a communication platform is the security of the data we store for our users. There is certainly a difference in the level of security a SaaS provider offers versus email, for example.

Email routing is “store and forward”, with the data having the potential to be physically present on many third-party servers. This is especially true for a construction project team where several companies working together are usually using different email systems. This leaves information vulnerable to prying eyes and manipulation.

With first-in-class SaaS platforms like FieldLens, data is sent to the Platform with a secure connection, and once it’s there mobile clients have to go through the Platform code to access the database, just like the web. Every interaction with the database is governed by the Platform code.

Nobody has physical access to the servers with a SaaS platform, so attacking the system is much more difficult. Finally, information stored in the platform has an audit trail that cannot be modified, and this ensures the integrity of all stakeholder information.

Fluid Contract Manager
From Don Speedie, president:

As a provider for mobile, construction cloud services, this topic is near and dear to my heart. One of the companies we at Fluid CM are working with is a company called Proacteye which specializes in monitoring cloud based applications 24x7 and has personnel in place to review any alarms when they are raised. It is a good combination of monitoring technology combined with a human on the other end validating any issues as they arise.