A Defense-In-Depth Approach

Cloud services have brought in a new wave of technological evolution, from shaping our personal space for sharing data to transforming the business models of industries from all sectors of the market. Everything has been made more accessible and easier to connect. While the architecture, engineering, and construction (AEC) industry incorporate cloud-based systems and collaborative workspaces, exploring cloud-based BIM models would be the first step towards integrating cloud into the architecture, engineering, and construction. But with the pervasive cyber-attack-activities on almost every organizations in all areas of the economy, it is imperative that a well-structured framework in cyber-security be built in the AEC. This project advances a new framework with not only layers of encryption but also a unique model that is designed for the BIM applications in the cloud. The aim is that BIM applications in the cloud will withstand significant kind of attacks and create discombobulation to the hacker. The architecture of the security framework follows the defense in depth approach that is guided by Confidentiality, Integrity, and Availability for data protection. The framework includes the process of storage, compute and networking in the cloud services available. We are not just securing a perimeter or applying security controls to only one cloud service, but exhaustively and consistently protecting our data.