An API (application programming interface) is a means of commuting between devices typically using moden web technologies such as JSON (JavaScript object notation) over http(s). This allows devices to share information using a common format for increased compatibility while maintaining flexibility.
The Digital Building API feature set allows you to offer up your building’s data using modern web technologies with tried and tested security all accessible at the click of a button. You control who has access when they have access down to the individual data point.
The Digital Building Platform is built on enterprise-grade hardware run on AWS infrastructure further adding to the robustness of the architecture and security of the data.
The Digital Building Platform allows the user full control over what data is shared down to the specific data point. Users of the API must be authenticated and can be restricted in time and physical IP address if required. All communication with the API is encrypted as is expected with modern web technologies. You are in full control of your data and to whom you provide access.
All data generated by the building is and remains the property of the building. Future Decisions and the Digital Building Platform is simply the data custodian securing, organising and optimising its storage and access. You have 24/7/365 access to all your data all of the time without restrictions.
Traditionally third-party contractors access building networks via 4G modems using VPN. Each contractor will
have their own setup, resulting in multiple non managed routes into the buildings control network which
means that your building network is now only as secure as each of the contractor's own office networks (over
which you have no control). Network security is not the core business goal of most contractors when compared
to the building's corporate network and managed IT and thus poses a significant risk.
The Future Decisions Building API does away with the need for 4G VPN access as all data points can be
extracted from the building to the Digital Building Platform without even opening up an incoming port in the
building's firewall. As our code does not require VPN or IP network access an attacker cannot gain a
foothold within the building network.
All data access can be done via the API and no third party should need to touch any building networks for
access. A secure layer of separation is ensured.
Modern BMS controllers have an increasing workload beyond their primary task of control. Such devices now
offer graphics, histories and an increasing expectation of connectivity for modern web applications.
Embedded devices are not well suited to providing web applications and less so when already stressed with
operational functions. The modern world of data centres exists for this exact reason: specialist computer
systems designed to handle multiple requests for large volumes of data in a secure manner.
Firstly only internal devices to the building should have contact with other controllers. Opening embedded
devices to the internet is not a good choice as the number of data requests both legitimate and illegitimate
can easily use up all the resources on the system producing similar results to that of a DDOS attack. Such
occurrences will cause the embedded devices to crash or reboot, losing data and taking down your control
system.
Supervisors are sometimes utilized to bridge the resource gap however these are typically the same or
similar software used in the embedded controller and thus the system is simply relying on the increase in
hardware performance to offset the issue however the code base is not suited to web technologies and still
presenting the BMS network to the internet. A poor choice when considering network security.
Allowing any ports to be opened for incoming connections from the internet to the device on a BMS network
poses a security risk to the building's network. BMS software is typically suited to control and is not
designed around security typically lagging in software updates and code review. Consider web servers such as
Apache and Nginx whose adoption are worldwide, open-source and used in banking to healthcare computer
systems with core IT teams ensuring their safety. BMS systems typically have no such openness or process and
procedures.
Future Decisions with the Digital Building Platform offers a means of extracting the data from BMS networks
with full FIREWALL security enabled (no open incoming ports) and then sorting and serving this data using
modern purpose-built IT infrastructure backed by AWS. All data to and from our infrastructure is encrypted.
If you have questions please get in touch via email or phone.
R120, LO24, Reading University
London Road, RG1 5AQ, UK