Construction Technology Survey Reveals Data Security Concerns

The third annual Construction Technology Survey from 2014 reveals how the use of cloud and mobile computing creates new demands on data security.

James M. Benham, President of JBKnowledge, shares his favorite quote from a client in the foreword to the survey: “I got into construction decades ago because you didn’t have to be a rocket scientist, only to find out that now, you have to be a rocket scientist to be in construction.” New technologies create new requirements, but also pose new threats.

Lacking cloud computing security policies

Since the Construction Technology Report survey was first conducted in 2012, the allowance of cloud-based software to be used for construction processes has doubled. Allowance does not necessarily mean adoption, as the authors remind.

According to the survey, these were the main types of software that were allowed in the cloud in 2014:

• Invitation to Bid/Plan Room – 78.3%
• Project Management – 65.6%
• Prequalification – 63.2%
• Project Scheduling – 58.1%
• Customer Relationship Management (CRM) – 51.4%
• Building Information Modeling (BIM) – 44.8%
• All – 42.4%
• Estimating – 40.2 %
• Accounting – 31.1%

Cloud security concerns call for security policies and procedures. Sixty-three percent of the construction professionals surveyed admitted that their company has no cloud security policies in place, or that they knew of no cloud security policies in place. Companies with more than 200 employees were more likely to answer “Yes” to cloud security policies being in place.

How do companies secure cloud data? Here are the results from the survey

• Employee Training – 33.8%
• We don’t have data in the cloud – 29.6%
• I don’t know – 25.6%
• Remote Wipe/Locate Mobile Device – 23.6%
• Two-Factor Authentication – 13.4%
• Cross-Platform Authentication – 11.1%
• Other – 4.3%

The human element is essential according to the respondents. It is also interesting that almost 30% did not know about the security arrangements. Security, technically speaking, should not be a concern of an individual user. Unfortunately most security problems stem from human behavior, and that’s why employee training is necessary.

Bring your own unsecure device

Mobile is a strategic priority for most construction professionals. Only 20.7% of the respondents said that mobile is not important (41.1% in 2012).

The use of mobile devices adds to the security concerns of construction professionals. In the 2014 survey, 72% said they use smartphones, 64% laptops, and 50% tablets for professional purposes. Of the smartphones 42%, laptops 27%, and tablets 49% were personal, not provided by the company.

The total number of devices in 2014 versus 2013 did not increase dramatically. The numbers suggest that more companies are providing hardware for work purposes, as personal devices used at work have declined in number.

Forty-nine percent of survey respondents said they used a personal laptop, smartphone or tablet for work purposes. To the question “Does your company secure personal devices used at work?” the respondents gave the following answers:

• Yes – 32.7%
• No – 39.8%
• I don’t use personal devices ad work – 27.5%

Companies don’t seem to be very keen on security when it comes to employee-owned devices. Hopefully these results are a wake-up call to those in charge.

The 2014 Construction Technology Survey was issued by JBKnowledge in conjunction with the Construction Financial Management Association and Texas A&M University Department of Construction Science. Over 1,000 construction professionals took part in the survey.

Download the report.