How ENTOUCH's IoT keeps buildings cool without sacrificing security | Crain's Dallas

How ENTOUCH's IoT keeps buildings cool without sacrificing security

From thermostats and lights to security and motion sensors, the Internet of Things has become omnipresent in today’s modern buildings, putting control at your fingertips.

IoT takes a once dumb device and makes it “smart” by connecting it to the Internet. But with every convenience comes greater potential risk as these IoT devices become gateways for hackers to infiltrate your business or personal life.

ENTOUCH, a Richardson-based company makes a network of smart devices that allow businesses to control temperature, lighting, security and access to buildings. The company uses cloud-based software and its own monitoring services to provide 24 hour access.

For example, the owner of a chain of restaurants could view the data for an entire portfolio of buildings and make adjustments as needed.

Frank Menocal, chief technical officer for ENTOUCH, said he’s excited about where IoT is going but it’s critical that businesses and individuals understand the security threats.

“You have to make sure that you introduce a product that has a very strong security focus,” Menocal said. “The last thing that you want to have happen ... is to open the door to a security vulnerability.”

Hacking into a building's thermostat might not seem like a huge threat, but in reality, IoT devices act as an entry point to the building’s entire network. The initial hack is not meant to disrupt the building’s systems but to launch attacks deeper into the network to get access to personal information. 
ENTOUCH takes these threats seriously and builds several safeguards into its devices. 

“When you start letting other devices communicate through your device out to the cloud, you’ve got to make sure you have strong security,” Menocal said. “You have to make sure communication is encrypted. Each side validates the data coming through so it’s only what’s expected.”

There’s also the potential for someone to physically walk up to an IoT device and try to reboot it with their own malicious software so they can access the network. ENTOUCH devices don’t autoload anything that’s plugged into their USB ports when they are deployed in the field.

But most businesses and homeowners aren’t being vigilant about IoT deployment because many of the devices are so easy to install, Menocal said.

“It’s plug and play for everything but when it comes to communication it shouldn’t be plug and play,” Menocal said. “That should be highly secure all of the time.”

Justin Shattuck, principal threat researcher and security evangelist for F5 Networks, said too many people have their head in the sand when it comes to the threat posed by IoT devices. The products are efficient and intuitive so people have been trained to set them up and get back to life. If a company has to ask whether it’s sensitive data is at risk because of IoT devices, it’s probably too late.

There needs to be more oversight of these IoT devices so manufacturers can be held accountable for breaches, he said.

“How do we minimize the impact?" Shattuck said. We haven't been successful in getting individuals on the hook for these problems.”

Wrangling big data

The more everyday items that get connected to networks, the more data there is to sift through. ENTOUCH is taking a holistic view of a building’s systems.

“We started off with devices in facilities that communicate back to the cloud and sent that back to our customers,” Menocal said. “Over the last year, we expanded that broader so we introduced a gateway device to collect data from other equipment that’s not ours to find relationships between data that wouldn’t have been possible before."

Examples include the use of motion sensors to determine whether a space is occupied or not, which then determines whether the light should be on or what temperature it should be. An unused conference room wouldn’t need to have as much air conditioning or heating, saving energy and money.

The advantage is that this system makes decisions locally using artificial intelligence rather than human intervention through the cloud. That means less communication between IoT devices to the cloud, which means fewer chances for intervention.

February 15, 2018 - 10:30am