All (Io)Things Considered

With IoT (Internet of Things) devices rapidly being integrated into building operations, they are changing the way real estate is managed and expanding opportunities for obtaining data ripe for analytical use. At the same time, these devices are creating anxieties about exposing building and occupant data to security challenges and threats from cyber-predators. Meanwhile, the industry is taking a hard look at the pitfalls of the continued use of spreadsheets—still an industry standard—and at how commercial real estate has fared in the post-General Data Protection Regulations (GDPR) world. Here’s an update:

Cybersecurity Legislation Introduced

A bipartisan bill was introduced in Congress in March aimed at bringing security to the world of connected devices. The purpose of the Internet of Things Cybersecurity Improvement Act of 2019 is to bring legislative action to emerging IoT technology. It would require devices purchased by the U.S. government to meet certain minimum security requirements. The announcement of the bill noted that connected devices are expected to boom to 20.4 billion units by 2020 and that they offer various levels of security.

Sen. Mark V. Warner (D-VA), who introduced the legislation together with five other Members of Congress from both houses, said in a press release announcing the bill, “While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security.” Warner, vice chairman of the Senate Select Committee on Intelligence, went on to say, “This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices.”

Cybersecurity and the Private Sector

The U.S. government is by no means alone when it comes to its focus on IoT technology. Deloitte Center for Financial Services recently surveyed 500 global real estate investors to find out what’s on their minds. When it comes to technology, Deloitte’s 2019 Commercial Real Estate Services Outlook reported that, “More than a quarter of the respondents believe that CRE companies should prioritize the use of IoT technology in (re)designing buildings.” Respondents from China (48 percent) and Singapore (43 percent) place a greater emphasis on the use of IoT technology when compared to their counterparts in the United States (15 percent).

At the same time, the Deloitte report commented on the potential threat that lurks behind the IoT ecosystem. “The growing use of IoT technologies such as wearables and sensor-enabled building management systems could also broaden the attack surface of hackers, increasing access to sensitive data that can cause financial and reputational damage,” according to the report. Speaking to those surveyed, it noted that “Respondents consider damage to reputation (41 percent), financial theft/fraud (37 percent), and theft of personally identifiable information or PII (35 percent) as the top three impacts of cybersecurity breaches at CRE investee companies.”

Not surprisingly, knowing how to address the potential threats remains a challenge. The Deloitte report observed that many commercial real estate companies “seem to be struggling to find the right balance of investments and efforts to handle such cyberattacks. Nearly two-thirds of survey respondents are somewhat satisfied and only a quarter are very satisfied with companies’ current efforts.”

Spreadsheets Still Reign Supreme

While most commercial real estate firms appear to be upping their investments in integrated software solutions, spreadsheets—the industry standby—continue to be the technology of choice for many. According to The Innovation Opportunity in Commercial Real Estate, produced by Altus Group, 60 percent of executives surveyed for the report indicated their firms are utilizing spreadsheets as their primary tool for reporting, 51 percent are using them for valuation and cash flow analysis, and 45 percent for budgeting and forecasting. Other industry surveys provide a similar glimpse into the industry. The State of Real Estate Technology, produced last year by MRI Software, found that 42 percent of commercial and multifamily real estate firms still rely on spreadsheets and paper to manage their properties.

GDPR One Year Later

This month marks the one-year anniversary of the implementation of the GDPR. GDPR dictates how a company may use its clients’ personal data, and it applies to all people who live in the European Union (EU)—regardless of where the business is located and its data is processed. GDPR specifies that consumers must explicitly consent for their personal information to be processed and used by third parties; it entitles EU citizens the right to access their data and know how it is being used; and it also gives them the right to be forgotten—that is, to forbid third parties from processing the data. In short, if an organization does any business with the EU or with EU consumers, GDPR most likely applies. This includes any U.S. business that targets EU consumers including e-commerce companies; hotels, resorts and vacation rentals; and apartment communities with EU residents. It even includes associations like IREM itself, which has customers, students and members in EU countries. And yes, IREM has taken steps to ensure it is GDPR-compliant.