Introduction
Prism by Building EnginesTM is a building operations platform for Commercial Real Estate (CRE) Property Operations. In this technically focused white paper, we will discuss how Data Security is a principal concern of the platform and has been designed in at all steps of Prism development and deployment.
Security in Operations
Operational security is of paramount importance to Building Engines. We have a dedicated DevOps team working with development to ensure security in our deployed software platform. Our systems are hosted on the world-class Amazon Web Services (AWS) infrastructure and utilize the latest in packaging and distribution tools such as Docker, Kubernetes, and Amazon services including CloudWatch.
High Availability
The Prism platform is a highly available, scalable system deployed in the AWS environments. We maintain systems across Amazon Availability Zones to ensure high-availability and 99.9% uptime. Additionally, we maintain a Disaster Recovery (DR) site in geographically different zone to ensure rapid response to any data outage.
Data Segregation
The Prism platform, within AWS, operates with two distinct AWS accounts. This allows a separated development and staging region while allowing isolation of customer-facing production systems at an even higher level of security. All access to any AWS services by Building Engines operations or engineering teams takes place over encrypted connections and using Multi-Factor Authentication.
As a multi-tenant Software-as-a-Service (SaaS) offering, Prism maintains strict logical segregation of customer data and further identifies user access-levels within the segmented data.
Authentication and Authorization
Prism user accounts are associated to an individual email address. We support Single Sign On (SSO) accounts with external identity providers using the OpenID Connect protocol. This has been tested with clients utilizing infrastructures such as Office 365TM Active Directory, OktaTM, and idAnywhereTM. SSO is supported both for browsers as well as for Building Engines Prism mobile applications on Android and iOS.
Local Prism user accounts, not using SSO, have proper limitations for password complexity and short- term account lock-out in the case of repeated, failed logins. Within Prism, a rich set of permissions are maintained allowing an organization to enable users to access and update data as appropriate to their role in their organization.
Passwords maintained in Prism are stored in a hashed, irretrievable format. Once a login succeeds in Prism, an ephemeral token, using the JSON Web Token (JWT) standard, is used for API access.
Encryption at Rest
All data for Prism is encrypted-at-rest on AWS servers. The database is encrypted using the industry standard AES-256 algorithm with the key maintained in the AWS Key Management System (KMS). Keys are layered with a master key encrypting separate data keys for each database instance.
All non-database information is maintained in Amazon Scalable Storage Services (S3) similarly encrypted at rest using AES-256. This is a form of Transparent Data Encryption (TDE) with keys managed within the AWS infrastructure.
Encryption in Transit
All Prism services interactions are restricted to operate over SSL ensuring security during transmission to and from API consumers, mobile devices, and browsers. Building Engines SSL certificates receive high grades from tests executed by vendors such as Qualsys SSL Labs.
Prism Mobile Applications
The Prism platform boasts mobile applications, purpose built natively for Apple iOS and Android devices. Security carries forward to mobile in applications in several ways.
Encryption
Prism Mobile applications use native mobile storage and encryption to ensure data is encrypted at rest and in transfer. Prism utilizes data storage in a Realm database encrypted using AES-256 encryption. The user is maintained until the user has successfully authenticated with the Prism API server. In transit, as noted earlier, SSL is used exclusively.
Root/”Jail Break” Detection
Prism Mobile applications utilize tools to detect and cease operation on devices that have been “rooted” or otherwise broken. While this sort of detection can never be 100%, it is nevertheless another aspect of a layered defense of customer data on mobile devices.
Security in Development
To begin with, security is considered in the entire Software Development Lifecycle (SDLC) at Building Engines with enhancements made specifically for Prism development. Some examples of this security focus include:
- Peer Review
Every change made to Prism software is reviewed by at least one other engineer. Engineers are trained to specifically look for security related concerns. - Static Analysis
Prism is built with a Continuous Integration/Deployment (CI/CD) pipeline that executes static code analysis tools looking for common security concerns. - Open Source Software (OSS) Threat Analysis
Building engines wires into its CI/CD pipeline, a check against national vulnerability databases for OSS software. This check is done once per week at a minimum and patches are applied as needed. - Threat Modelling Analysis
Periodically and when new, major infrastructure or modules are created, software is reviewed by technical leaders and the Chief Architect for vulnerabilities using the Threat Model approach. - Third-Party Vulnerability Analysis/Penetration Test
On a minimally annual basis, in conjunction with Building Engines SOC2 status, an external penetration test and white/grey-box security review is performed.