Commercial Real Estate’s New Foundation: Cybersecurity And Data Protection
Mike is the Co-Founder and CEO of Dealpath, a cloud-based software platform for commercial real estate investment and development teams.
In the global real estate industry, the largest and oldest asset class in the world, investment decisions have always been and will always be driven by people with information. Today, investors and service providers have access and need to effectively utilize an ever-increasing amount of data to create and capture value in a complex and competitive marketplace.
Secure access to this information — particularly key, proprietary data — is the critical pathway to operate at scale with speed and precision. Yet with increasing and expanding use of data assets, there are corresponding data liabilities. This is the new balance sheet as the real estate business is digitized.
Firms are responding with dedicated leadership in data security empowered with budgets, new processes, controls and oversight. Cybersecurity and data protection have quickly become the foundation of building and protecting enterprise value in the commercial real estate industry. To be clear, expertly managing information security risks is now expected of institutional investors and fiduciaries. The stakes are high and require new and evolving skills that every boardroom now has its full attention on.
From global syndicates of organized crime with malicious interests to unknowing oversights and mistakes by busy or distracted co-workers, there is a wide range of exposure to protect against, all while the related systems and use cases are fluid. The following framework with five core elements are essential to have thoughtful coverage across platforms and tools that your firm deploys:
1. Visibility and controlled access: Your internal processes should allow users to easily access and manage data and share policies that effectively govern your data, all while minimizing the risk of data loss through full visibility and central management of content, security, policy and provisioning. Your accounts should be authenticated with single sign-on. In addition, customer administrators should have the ability to enforce the use of strong passwords by their user accounts and have granular access controls on the accounts with the ability to revoke access at any time. All search engines and web crawlers should be blocked from customer data.
2. Comprehensive activity tracking and audit log: Your systems should include the ability to record and maintain every action performed in a detailed and structured activity log, while archiving a complete history so that you have complete visibility into their activity for total transparency.
3. Secure data and digital content services: All content on your systems should be delivered and accessible exclusively with strong encryption. Data should be transported over HTTPS using transport layer security (TLS) 1.3 in transit and stored with AES-256 encryption at rest. All systems should have multi-region redundancy and be under constant monitoring and threat detection.
4. Third-party verification and compliance: You should require and ensure the systems you utilize have and maintain rigorous third-party certifications with annual audits, including: SOC 2 Type 2 certification under SSAE 16, CyberGRX Tier 1 Assessment protocols, and penetration and vulnerability tests.
5. Availability and resilience: Your systems should deliver a secure, resilient and highly available service at scale for the world’s largest and most sophisticated investment management firms. Your systems should also utilize multiple data centers with reliable power sources and backup systems to deliver redundancy and reliable availability along with robust disaster recovery and business continuity plans that are made available to review upon your request and tested annually.
Accessing and processing increasing amounts of data are critical for creating new opportunities and efficiencies in the commercial real estate business. In the modern age, data protection is as important as physical security, requiring proper due diligence for proptech systems when evaluating and utilizing them. Partners, investors and clients will migrate to firms whose data and systems are most trustworthy. Investing robustly in cybersecurity not only protects your data but also gives confidence to your partners and clients that their data is safe.
There’s an old saying that if you encounter a bear in the woods, you just need to be faster than the person who you’re with. Today, the digital bears clone themselves in real time, and the firm next to you is on an Olympic training regimen for data security. Don’t lose a step and get eaten alive.
Forbes Real Estate Council is an invitation-only community for executives in the real estate industry. Do I qualify?