National and regional StreamBIM servers; from a data security perspective

A good cloud-based service must always balance between making the service as easy and convenient as possible for the customer, while maintaining strict standards for data security. As the construction industry is rapidly moving towards digital construction, building trust in the digital tools that are being used - and securing the underlying data - is paramount, even if the end-users may grumble a bit at some of the measures being an inconvenience in their daily use.

These security features are not the end-all of data security, though. We at Rendra put great weight on maintaining a high level of data security in every project being run in StreamBIM, and part of this is also having a focus on the wider context we operate in.

StreamBIMs regional servers

The primary reason for setting up regional servers is functional; to reduce latency, i.e. to improve performance, for our users and to comply with data-residency requirements. While the basic downloading of data depends more on your internet connection than distance, operations that entail data traffic going back and forth to the database, like advanced queries, will experience a performance hit when using a distant server. This is main reason for why we set up our Japan server as well as the newly established Australian server, which are now the primary servers for their respective national and regional areas.

However, closeness to a given market cannot be the only variable we consider when choosing new server locations. When securing our customers’ data, the framework surrounding the data storage is equally important.

The choice of the server provider

All the time we at Rendra don’t run our own server parks, we cooperate with trustworthy, well established third-party providers that we can rely on, as they will be the final, physical line of security for our customers’ data. This mostly means using servers run by well-known international providers, using first-rate data centres. One of the advantages of using this type of provider it that they have experience in providing a stable service, established security routines and they usually build and manage their own server parks. Choosing a provider with many international locations is also a convenience for our technical staff, as having coherent systems across our server locations makes our software and database maintenance easier and more predictable.

Data residency

A topic that is becoming more and more important for both our customers and their end-clients is data residency. Storing data in an unspecified offshore location may allow too many vectors of attack for unfriendly actors, especially during data transmission across continents. For sensitive projects of a national importance such as government and security installations, critical infrastructure, or projects of a central business importance like data centres and industrial facilities, having the possibility to keep one’s data close at hand is a consideration for end-clients when choosing a SaaS solution.

- ‘Here in Japan, we find that many of our customers’ end-clients - especially the large corporations - have very strict data security requirements. For us this means a steady flow of vetting procedures to allow the use of StreamBIM in certain projects, and data residency is one of the questions that crops up again and again. If we didn’t have a Japanese server, it could be rather difficult for our customers to gain the trust of many of their clients in a SaaS solution such as ours.’

- Jostein Edvardsen, Japan Country Manager

For StreamBIM, requirement for domestic data residency may mean having to set up a ‘private cloud’ on-prem server for a specific customer, or if we have several customers with these requirements, establish national servers for countries that are already served by a regional server.

An example in point would be the new Swedish StreamBIM server. Most Swedish projects still run on the main EU server and are well served there, but market requirements made having a domestic alternative a necessity, as many sensitive projects in Sweden require domestic data storage. Often, this server is also required to be domestically owned, even precluding the usually go-to international providers.

The importance of storing data in a politically stable location

Last, but not least, we always store our customers’ data in countries that have a stable political system and a well-established rule of law. Especially when serving several different markets on a regional server, we must store the data in a jurisdiction where our customers will have good legal rights, where there are clear cut rules on both data- and individual privacy, which again will be enforced by an independent judicial system. We are acutely aware that storing data in a place where the local government or other actors could extra-judicially access customer data would be ruinous for the trust that a cloud computing solution like StreamBIM requires.

To sum up;

We at Rendra work tirelessly to continuously improve StreamBIM and provide our customers with the data security they need. This work does not just focus on the software itself, but also on company-internal factors, like our attaining ISO 27001 certification. External factors, such as the location of our servers and the providers we choose to work with, is becoming ever more important for our customers and their end-clients, so StreamBIM in turn must always adapt to anticipate and meet their data security needs.