Four walls, data, a roof: Data protection in the real estate industry
June 19, 2019 – Munich: Until a few weeks ago, more than 800 million digitized records containing confidential information were available without authentication on the website of a U.S. title insurance agency. These included Social Security numbers and account statements of customers as well as internal corporate documents. A fiasco, and an avoidable one at that. Not something that could happen in Europe—or could it?
“Real estate companies receive huge amounts of personal data—from tenants and prospective buyers, but also from tradesmen, suppliers, and of course their own employees,” said IT security expert Dr. Hubert Jäger from TÜV SÜD subsidiary Uniscon. “Obviously, this data needs to be adequately protected.” In facility management or when a building’s digital twin is to be put into the cloud, for example, data privacy requirements additionally have to be met. Smart companies, Jäger claims, focus on data security, though legal pitfalls may also arise here.
The challenge of data protection
“Ensuring adequate data protection, as the GDPR and other regulations require for processing of personal data, poses a real challenge for many real estate companies,” Jäger continued. “Any company that processes confidential data in its own data center, for example, has a duty to implement appropriate measures to prevent its staff from gaining access to sensitive information.”
Jäger pointed out that when using external cloud services it is even more difficult to guarantee adequate data privacy and comply with legal control obligations. “Many cloud providers rely on a combination of organizational and technical measures to prevent unauthorized access,” he said. “Particularly protective measures within the organization such as rights and role concepts can be circumvented relatively easily.” These services were therefore unable to provide the high level of security required by lawmakers for processing of such vulnerable data, he added.
Data protection through technology?
As an alternative, Jäger proposes services and infrastructures that protect confidential data using purely technical resources, because these cannot be easily circumvented: “Through a set of integrated technical measures, sealed infrastructures prevent any unauthorized data access—even by the operator of the infrastructure itself.”
This advanced zero trust technology would not only allow sensitive data to be transferred and stored securely, Jäger maintains, but would also protect it from both external and internal attacks during processing in the cloud. Furthermore, appropriate certification makes it easier for responsible parties to perform their control obligations. Sealed infrastructures thus create an ideal basis for all digital business models in which highly sensitive data is collected and processed.
Further information on the Sealed Platform and printable images are available on request from firstname.lastname@example.org.
Uniscon – a company of the TÜV SÜD Group
Uniscon GmbH is a company of the TÜV SÜD Group. As part of TÜV SÜD’s digitalization strategy, Uniscon offers high-security cloud applications and solutions for secure, legally compliant data traffic. TÜV SÜD is one of the world’s leading technical service providers with over 150 years of industry-specific experience and more than 24,000 employees at around 1,000 locations in 54 countries. Within this strong network, Uniscon is able to reliably implement large-scale international projects in the IoT and Industry 4.0 sectors with the Sealed Cloud and its products.
Further information on partners and products: www.uniscon.com
Kafka Communication GmbH & Co KG, Julia Fehrle
Auf der Eierwiese 1
82031 Grünwald (Germany)
Phone: +49 (0) 89 74747058-0
Fax: +49 (0) 89 74747058-20