How Does Newforma Konekt Manage Your Data Security?

The construction industry is finally catching up with digitization, and an increasing number of firms, organizations, and software platforms store their data on the cloud. Which is great!

But as for data security? It’s an understatement to say that the situation could be better. There have been many high-profile breaches in data security in the AEC industry in the past 12 months, including:

• The January 2023 data breach that cost Morgan Advanced Materials £12 million GBP
• The February 2023 Black & McDonald ransomware attack, which had implications for Canadian national security
• The May 2023 Vesuvius cyber incident, which eroded market confidence and resulted in a 3.5% drop in its share prices

In fact, leaving aside these three high-profile cases, as many as 45 percent of construction firms report significant leaks of internal information in 2020.

With the right protections in place, a cloud-based platform can actually be more secure than on-site servers and hard drives. They’re also much easier to manage than Virtual Private Networks (VPN), which is good news since remote work is the new standard – despite the grumbling of older generations – and isn’t going anywhere.

The importance of securing digital assets is crucial in the AEC industry; so how can you be sure your data is secure when you manage your projects with Newforma Konekt? Let’s talk about it.

ISO 27001 is an internationally recognized standard for an Information Security Management System (ISMS), and Newforma Konekt is the first issue-tracking platform to be ISO 27001 certified. This certification, which is used by every major software giant including Google, Apple, and Intel, proves that the Newforma Konekt platform, its software engineering processes, and its business operations all value international security standards.

So, what does Newforma Konekt’s ISO 27001 certification mean for clients?

• Peace of mind. You can rest assured knowing that Newforma Konekt has been audited and certified by an accredited certification body.
• Protection from third-party risks. Meeting the ISO 27001 standard helps keep your data secure and free from attack.
• Protection of your reputation. In the event of a breach, an ISO 27001-certified partner helps protect your organization.

* A word of warning: For a software platform to be truly secure, it’s vital that the organization itself is ISO 27001 certified, and not just the server where the software is hosted. Cybersecurity is like a chain – only as strong as the weakest link.

Some countries have data residency requirements: organizations have to host project data locally, especially in the public sector. So Newforma Konekt hosts your data in different jurisdictions to help you meet your data residency requirements. Our current data hosting regions include Canada, Europe, and the United States.

Choosing your data hosting location is simple when creating a new hub on Newforma Konekt:

Let’s dive deeper into how your data is stored. According to Cisco:

Figure 2 – A data center facility houses critical applications and data.

Newforma Konekt customer data is stored in Microsoft Azure data centers, which are ISO/IEC 27001 and SOC 2 Type 2 certified. These data centers have extensive layers of protection: access approval at the facility’s perimeter, inside the building, and on the data center floor.

But beyond physical security, Newforma Konekt also relies on Azure services that are also top-of-the-line cloud-based data management platforms, and are audited regularly to ensure that they always provide a secure development environment for users like Newforma Konekt.

Ok, we’re about to get really technical. Ready?

Data encryption converts electronic data into another form, which makes it difficult to be deciphered by unauthorized parties. It is essential that sensitive information is sent in an encrypted format through Transport Layer Security (TLS) secure protocol, which in the context of a web-based application is called HTTPS. For very sensitive information, it is also a good idea to make sure that the data that is stored at rest, which means, on the data servers’ storage, is encrypted.

Figure 3 – Encryption is vital for data protection both in transit and at rest.

Newforma Konekt uses 256-bit advanced encryption (AES-256) transmitted using Transport Layer Security (TLS) to protect your data while it is in transit, which is considered the gold standard in cloud security. Newforma Konekt also protects your stored information using at-rest encryption to ensure your archived data and backups are protected.

Your data is also protected by a robust backup policy with Microsoft Azure, and a recovery plan in case of natural disaster in the main servers’ location.

Authorization and access control is an important part of data security. We recommend that Newforma Konekt hub owners regularly review user roles to make sure that only authorized users continue to access your projects.

Newforma Konekt gives you the ability to fine-tune access control on the ‘Hub Settings’ page or the ‘Team and Users’ page. Here’s an overview of access rights at the hub and project level:

Figure 4 – Manage access control on both a hub and project level with Newforma Konekt.

Beyond that, with Newforma Konekt, users can leverage single sign-on (SSO), allowing them to rely on their own security policy for authentication, including things like generating and managing random and complex passwords, multifactor authentication, and identity monitoring.

Newforma Konekt’s developers and product management teams use secure coding practices in accordance with the OWASP standard, the internationally recognized leader in application security.

Figure 5 – Newforma Konekt operates a secure development environment in accordance with the OWASP standard.

In a secure development environment, separating the development and test activities from operational environments reduces the risks of inadvertent or unauthorized modifications to the operational system, which could compromise the system’s integrity or availability.

At Newforma Konekt, our development, testing, and production environments are separated. Quality Assurance is involved at each phase of the lifecycle. We regularly perform vulnerability scanning, as well as regression testing and penetration testing. Finally, all changes are peer-reviewed and logged prior to deployment into the production environment.

As well as the technical details, we focus on the human side of data security by building a strong security culture at Newforma Konekt. Our #SecurityCulture includes a comprehensive security policy, ongoing security awareness training, an internal InfoSec helpline, and a commitment to continual improvement.

The bottom line is, we care about security as much as our clients do, and we keep our software on the cutting edge of security standards. Do you have security concerns for your organization’s data? Do you have questions about how your organization’s data can be more securely managed? Feel free to reach out to our dedicated security team at security_konekt@newforma.com. Trust me, we love to talk shop about this kind of thing!