Podcast
40
min read
James Dice

🎧 #153: Case Study: Unpacking BGO's cybersecurity program

September 14, 2023
"The future proofing of our properties now, and the ability for us to move quickly on deploying technologies, having more control and management over those technologies, eliminating the mass amount of on-prem hardware, all of that kind of leads into a more efficient building, better performance, and leads into our company goals for ESG and sustainability as well.”
‍
—Ben Cooper

Welcome to Nexus, a newsletter and podcast for smart people applying smart building technology—hosted by James Dice. If you’re new to Nexus, you might want to start here.

The Nexus podcast (Apple | Spotify | YouTube | Other apps) is our chance to explore and learn with the brightest in our industry—together. The project is directly funded by listeners like you who have joined the Nexus Pro membership community.

You can join Nexus Pro to get a weekly-ish deep dive, access to the Nexus Vendor Landscape, and invites to exclusive events with a community of smart buildings nerds.

Episode 153 is a conversation with Ben Cooper from BGO (BentallGreenOak).

Summary

Episode 153 features Ben Cooper from BGO (BentallGreenOak) and is our third episode in the Case Study series looking at real-life, large-scale deployments of smart building technologies. These are not marketing fluff stories, these are lessons from leaders that others can put into use in their smart buildings programs. Ben talks about the asset type due diligence and rate of adoption for their new infrastructure platform, the overall efficiencies created, and the future proofing abilities with a cloud connection application layer. Enjoy!

Mentions and Links

  1. BGO (01:14)
  2. QuadReal (01:21)
  3. Target 2014 security breach (09:10)
  4. Nexus Labs (11:35)
  5. SASSY Framework (17:49)

You can find Ben on LinkedIn.

Highlights

Ben’s background (01:12)

More about BGO (02:35)

The importance of cybersecurity (04:18)

Rollout of infrastructure platform at BGO (14:47)

Adoption and success (28:07)

Advice for others (32:10)

Future proof with a cloud connection application layer (40:57)




Music credits: There Is A Reality by Common Tiger—licensed under an Music Vine Limited Pro Standard License ID: SS478748-15083.

Full transcript

Note: transcript was created using an imperfect machine learning tool and lightly edited by a human (so you can get the gist). Please forgive errors!

[00:00:00] James Dice: Hey friends, if you like the Nexus podcast, the best way to continue the learning is to join our community. There are three ways to do that. First, you can join the Nexus Pro Membership. It's our global community of smart building professionals. We have monthly events, paywall deep dive content, and a private chat room, and it's just 35 a month.

[00:00:23] Second, you can upgrade from the Pro Membership to our Courses offering. It's headlined by our flagship course, the smart building strategist. And we're building a catalog of courses taught by world leading experts on each topic under the smart buildings umbrella third. And finally, our marketplace is how we connect leading vendors with buyers, looking for their solutions.

[00:00:42] The links are below in the show notes, and now let's go on to the podcast.

[00:00:49] Welcome to the Nexus Podcast. I'm your host, James Dice. We're talking today to Ben Cooper from BGO. Welcome, Ben.

[00:00:57] Ben Cooper: Thank you. Thanks for having me, James. [00:01:00]

[00:01:00] James Dice: I'm excited to unpack a little bit about your cybersecurity program. Actually, a lot, a bit. We're going to go deep into it. Uh, can you first just introduce yourself, talk about your role and what you do?

[00:01:12] Ben Cooper: Yeah, Ben Cooper. So I started at BGO fairly recently last, uh, so January, 2022. So just over a year and a half before that, I was at QuadReal working in their, uh, modern workplace IT on the more on the IT side, but my background is in smart technology, uh, I started at. working on the integration side of things, doing residential luxury smart homes at first, which was very fun.

[00:01:37] And then transition to the world of, uh, commercial, the commercial side, which was a very interesting change in, uh, in dynamic. But yeah, all, all of that led to, led to here now where I manage the prop, our prop tech program at BGO.

[00:01:53] James Dice: What's the biggest difference between, uh, luxury home, uh, automation and smart, smart tech [00:02:00] versus the commercial space?

[00:02:01] Ben Cooper: Uh, it's usually the money. A lot of the, the luxury home owners go into it knowing they're, they're spending hundreds of thousands of dollars and some of the, some of the systems that they want are, oh, they're so elaborate. Oh, man. Yeah, it's, uh, the money part isn't really an issue, and then coming to the commercial side, where budgets and things are a lot more constrained, um, so you have to really think outside the box with your designs and, and the technology that you're pitching, so yeah, that, I'd say that, that'd be the biggest difference.

[00:02:35] James Dice: Yeah, totally. Okay, can you give us some background on BGO just so people know, you know, what type of buildings are we talking about? What type of investment approach does BGO take? Just give people an idea of sort of the context that we're about to unpack.

[00:02:50] Ben Cooper: Yeah, BGO started as Bentall and Bentall Kennedy.

[00:02:54] It was predominantly property management in in Canada and then merging of [00:03:00] Green Oak Realty in the U. S. made us Bentall Green Oak. So the U. S. side of, uh, our business is more on the asset ownership and management side, fund, the fund management. Um, and, uh, yeah, Canada is still very much property management based.

[00:03:16] So it makes, makes for a very interesting dynamic when we're trying to think of strategy around prop tech and in Canada, you're dealing with many different clients, different, uh, ownership groups that all might have their. Their own kind of strategy around PropTech. So it's a lot of facilitating those conversations directly and relationships directly with the, with those, uh, third party clients and trying to tie those in as well to our U.

[00:03:42] S. asset.

[00:03:43] James Dice: Yeah, totally. And so then in the U. S. assets, you guys are actually the ownership group. So it's a little bit more aligned, um, with, you know, the conversations with the owners. Yeah, exactly. Okay. Yeah. Some people don't realize that, um, there are actually companies out there that have [00:04:00] many different ownership situations.

[00:04:01] You guys sound like that's, that's something you have to deal with. It's not just one technology strategy. It's a technology strategy and different, um, different ownership structures. Yeah, exactly. So let's talk a little bit more about what you're, you're doing on a day to day basis. Can you just kind of talk about cybersecurity and sort of why it's important in the portfolio?

[00:04:24] Ben Cooper: Yeah, absolutely. I'd say that's probably the, the main focus. Uh, at least it's been since I started a year and a half ago. Um, and you know, within that time it's really grown. Our, our kind of strategy, the platforms that we've, uh, that we've implemented has really created this, this quite a robust, uh, cybersecurity stance for, for BGO and, and our properties, you know, why it's important, I really think from a general perspective, uh, If you look at the statistics on cybercrime, I believe it's in, since 2021, cybercrime has increased by 10 percent and, uh, [00:05:00] subsequently, like the estimated yearly loss from cybercrime by 2025, at least for the U.

[00:05:06] S., it's estimated to be, well, will be, uh, I think it's like 10 trillion. With the average cost of a data breach being 5 million. So right there shows the importance and especially as it relates to the commercial real estate industry, where we're seeing PropTech advance into, um, this stage of network connectivity.

[00:05:30] IOT devices, um, collecting data, sharing data, uh, with other systems, you know, without those, without having standards and best practices in place, you're basically just have an open door to all of this data ready to be siphoned. And, uh, you know, which, you know, also leads to, you know, a reputational Issue as well, reputational loss, uh, especially in a, a competitive industry like commercial real estate where, you know, uh, that reputational loss is, [00:06:00] uh, is, is a, is a killer for sure.

[00:06:02] James Dice: Absolutely. Yeah. Can you give, I don't think people, I mean, we've had different episodes on cybersecurity in the past, but can you give some examples of pe of the threats that, um, you know, happen to real estate managers and owners like B G O?

[00:06:19] Ben Cooper: Yeah, you know, it's probably pretty obvious, but how the network's designed is, is definitely going to be your, your biggest threat there tied into, you know, the lack of policies, procedures, and standards.

[00:06:31] If you don't have those in place and you don't have a button down secured network, you're really, you're really opening yourself up to a lot of potential issues and threats. And I think there's kind of a subset as well to, to that, and that's more on the vendor side. And I want to be careful because I don't, I'm not saying that vendors are inherently risky, but I think with how it ties in is that lack of policies and procedures and standards from your [00:07:00] corporation, if you're not passing those along to the vendors, or let's, you know, I guess, for example, let's say you're a property manager and you want to install a BAS at your property and you reach out to To BAS Vendor A.

[00:07:13] They come into your property, see that you're, uh, all the building systems are on separate networks. There's nothing, um, uh, there's no continuity there. There's nothing converged. Um, you know, they're, they're not going to go in and say, oh, I should move everything all onto one, one network, converge everything, you know, liability issues, obviously, but they're going to install, uh, their own network line.

[00:07:38] Uh, for their own system, and they're going to have full management and enact their, their own standards, which, you know, may or may not be in line with, uh, industry best practices. Uh, they're also going to install their own remote access system on top of that. So, there's a huge lack of, uh, oversight and verification if you don't have any of that.

[00:07:59] Uh, standard [00:08:00] in place. So that's really the mitigation from that is, you know, have those, create that strategy, your cybersecurity strategy for your company, just like your IT organization would, would do. Um, the same needs to be done on the OT operational technology side to really, yeah, again, for, for that risk mitigation.

[00:08:17] James Dice: Absolutely. And maybe for people that don't understand, what are the, um, because we have this audience as total beginners to total 20 year, 25 year experts, what are the biggest risks, um, for the property manager, property owner, um, when these things that you just named aren't happening up to standards?

[00:08:39] Ben Cooper: Without that oversight, you have no ability to audit or manage, um, how vendors are, are accessing your systems. You know, if they're using like a, like a, I guess it's probably archaic. It's definitely archaic now, but, uh, you know, port forwarding to, uh, to systems for remote access. Um, yeah, you just [00:09:00] have no oversight in, into how that's all being done.

[00:09:03] And ultimately, you know, if you look at a lot of the most famous. Breaches. Um, you know, let's say Target 2014, for example, where they got into an IOT device using stolen vendor credentials, you know, like if vendors are using common accounts for their access. Yeah, there's just no, there's no oversight into that.

[00:09:24] So you're really flying blind. Um, you know, and the risk to the property team is, you know, if someone breaches your, your, your network, you're looking at, yeah. You know, potential siphoning of data for your tenants, uh, or building systems. Um, you're looking at potential criminals accessing your, those actual core systems.

[00:09:46] And I mean, it's kind of possibilities endless what, what they want to do there, you know, turn off elevators, put inappropriate stuff on your digital, digital signage. I mean, it's the, you know, it's, there's a lot of, there's definitely a lot [00:10:00] of risk there. And, uh, To, to the property as a whole and then subsequently the property manager and the entity, the organization that's either owning or managing that property.

[00:10:11] Um, and I, like I mentioned before the reputational damage.

[00:10:15] James Dice: Yeah. I had someone yesterday, we were having a call with, uh, uh, another property owner and they, they were talking about the risk of someone taking IAQ data and like disputing, uh, Showing it to tenants and showing it to the public and saying like you've been lying about your IAQ data or whatever.

[00:10:32] It's not actually what you say it is or whatever, you know.

[00:10:35] Ben Cooper: Totally.

[00:10:35] James Dice: Because anybody can take any data point and take it out of context.

[00:10:38] Ben Cooper: Yeah, I mean, and then like tenant specific too. I mean, if you have tenants that are a little bit more in the public eye that have very sensitive data, like, you know, law firms.

[00:10:49] Investment like hedge funds, um, you know, that's a government corporation, like government entities. That's a lot of huge data that, uh, that, if that gets out into the public, that's [00:11:00] obviously terrible.

[00:11:02] James Dice: Right, right, right. Um, You know, it's a little bit difficult to like, have these sorts of conversations and sort of drive awareness around cybersecurity because it does seem to be this sort of like hush hush sort of topic.

[00:11:18] Um, there's a lot of consultants that are obviously experts in it and they talk about the threats, but they don't necessarily like really, Sort of demystify what we all need to do to make our buildings more secure. So can you talk about like how we sort of drive this conversation further, especially as, as a media company like Nexus?

[00:11:36] Ben Cooper: Yeah, no, absolutely. It's been kind of cool actually in the last year I've, I've noticed that the conversation around cybersecurity is, is growing quite organically and evolving where we're getting approached a lot. By proactively by our property teams and asset management teams to inquire about, you know, like, I want to get a new system set up in my property.

[00:11:59] I [00:12:00] want to make sure though, that I'm following all of the cybersecurity standards, whereas maybe before you would see kind of, uh, properties, maybe. Doing this all on their own and, um, and relying on information from vendors. They're actually seeing this, uh, uh, and being proactive about it. And it's hard to really put my finger on exactly why this, why this has evolved the way it has.

[00:12:24] And, you know, maybe it's because, uh, maybe it's because there's just more information out there in the public domain about, you know, the cybersecurity, like I mentioned. But it's definitely, it's definitely a momentum starter. And I think how we continue to, to further that conversation is to really bring it back to the monetary aspect and the value.

[00:12:45] I think now we're starting to see a lot more connection with ROI and cybersecurity than we have in the past. Before it was very ambiguous, you know, the, the value was, you limit your breaches and it's hard to put a number on that, [00:13:00] right? Where is now we can really say that, uh, let's, let's be proactive about our cybersecurity.

[00:13:08] Let's, we, we have standards in place. We have a strategy in place. Let's go into our, our buildings, assess our networks, converge our networks, and continue that process. And from the value standpoint, from network convergence, uh, you know, depend obviously. Depending on size, your square footage of your property, you're probably looking at between 100, 000 and 300, 000, probably on a conservative estimate there.

[00:13:35] But if you compare that against to that 5 million number, that estimate for an average data breach, you know, what, what is that? That's like. Two to six percent. Great ROI. Yeah. Yeah. Right. Like it makes total sense. It's peanuts comparatively to if you have this open door and then and then not to mention on top of that That's just five million dollars probably in litigation and you know lawyer [00:14:00] fees and all of that But you also have to add on top of that the the that reputational damage and that may even 3x that five million So, you know that that percentage could be Even more minute than the two to six percent.

[00:14:15] So

[00:14:16] James Dice: absolutely. And so you feel like, um, you know, the higher ups, the C suite, the, the business minded folks in the real estate world, they're starting to feel like there's value in investing in, in cybersecurity.

[00:14:27] Ben Cooper: Absolutely. Absolutely. Especially as they're seeing that increase of network connected IoT devices and systems.

[00:14:34] James Dice: Totally.

[00:14:34] Ben Cooper: And, and the, you know, ESG and sustainability data, like you mentioned with that, that IAQ example. I think people are starting to realize the threats and what that costs, what it could potentially look like.

[00:14:46] James Dice: Absolutely. All right, let's talk about BGO's approach. It seems like you guys are one of the leaders in my, in my perspective, in terms of just talking to you in the last couple conversations we've had, um, you guys seem to be very far down the [00:15:00] road.

[00:15:00] Whereas you talk to a lot of property managers, property owners, and it's kind of like, where do we begin kind of creating a strategy, not necessarily implementing it. So can you talk about sort of your overall approach and then we'll sort of dig into the different technology categories and things that you guys are thinking about at that network layer.

[00:15:17] Ben Cooper: Sure. Yeah, absolutely. Thank you for that. I'd like to think that we're kind of, uh, among those leaders, but, uh, you know, I think there's definitely still a lot of work that we need to do to get us to, to the point that we want to be at as, as an organization. But, you know, it, for us, it really started with the strategy and we wanted to kind of create a, uh, kind of a pillar approach to this.

[00:15:37] So having that strategy around. What we wanted our building networks to look like, uh, following industry best practices, collaboration with our I. T. colleagues, especially in cybersecurity and the network team and yeah, create those policies and procedures that we can bake into our contracts with our vendors and pass along to our property [00:16:00] teams so that they're aware they know what should be done.

[00:16:03] They understand why it should be done. And then from there, Uh, We moved into the task to assess our property networks. So something that is continuously ongoing, but going into our properties and doing a complete deep dive into the, how the network is designed. We'll either do it internally, or if it's a larger building, we'll use a third party vendor and, uh, and yeah, just collect.

[00:16:26] Every bit of information that we can from, you know, network topology, the visualization, like the actual map of it, vulnerabilities that exist on that network, areas of concern, um, a whole asset inventory of the devices attached to those networks. And then from there, we can create a really comprehensive remediation plan with, uh, again, with either our vendors or, or internally.

[00:16:49] But I guess if we're remediation We're going the vendor route, but yeah, we have that comprehensive path forward of what we need to do. And in tandem to that is the cyber security, making [00:17:00] sure that the cyber security standards are, um, are at a level that we're happy with. And we also have a cyber security platform that we've been working on building up and, uh, and adding more features and functionality to that we will also install on, on that network.

[00:17:16] James Dice: Got it. Got it. Um, and can you talk about more, more about the cyber security platform as you call it? What, what is that? And, um, is it software, hardware? And then how do you guys think about that? It sounds like it's a, a third party device or third party, um, technology that you guys are building and then deploying in your buildings.

[00:17:36] Ben Cooper: Yeah, so it's, uh, it's a little bit of both. It's a, it's a hardware device that plugs into, plugs into the network and there's a cloud component on it. So the overall platform is based more on the, the SASSY framework. So secure access service edge, which is the. Basically the amalgamation of, uh, VPN and SD WAN.

[00:17:58] So more [00:18:00] of a newer age VPN, if you will, with more functionality and utilizes, uh, like zero trust architecture as well. So what this does for us is, A, it allows us to, uh, deploy custom security policies. So, Basically a firewall. We like to have another hardware firewall as well on site just to have that extra clarity.

[00:18:21] I kind of view it as like a as a net. So you got your first net and some stuff might get through, but you got your second net to catch all the stragglers. So yeah, being able to deploy custom security policy is at a site level. So very granular that can be all managed and deployed on a cloud service. The next step to that is continuous threat detection so that we can be Thank you.

[00:18:42] Uh, proactive or even more reactionary to potential threats, um, coming into our property networks. We've just started utilizing vulnerability scanning, so there's a tool that, uh, on that platform where we can scan the property network from a device standpoint and see, [00:19:00] uh, any vulnerabilities existing with that device's, uh, like known exploits for that device's firmware or OS.

[00:19:06] Can also see if... People are using, uh, default passwords for any of the servers, um, you know, FTP servers we, we run into sometimes that, uh, that we have to remediate on. And then the, the last piece of that is the, uh, the remote access is the secure remote access. Um, so, you know, again, that zero trust architecture.

[00:19:27] So all of our BGO employees are, um, are authenticated through our Okta, um, and vendors are given schedule based access.

[00:19:37] James Dice: Got it. Got it. Okay. And, um, the part you, you, you began with, I think that gives people a good idea of what you're using this piece of technology for, the SASSY framework. Can you talk more about that and zero trust and sort of pretend you're explaining this to a third grader, right?

[00:19:57] Can you talk about like what that actually does? [00:20:00]

[00:20:00] Ben Cooper: Yeah, so, I mean, the, the, the SASSY framework essentially combines, like I was saying, the VPN and SD, uh, SD WAN capabilities through, like, a cloud based security function that also has that zero trust network access baked into it. So... Okay. I think the best way actually to describe it is the difference between the what your legacy VPN and the SASSY framework.

[00:20:26] And it really, to me, it really comes down to the speed. You know, VPNs inherently have latency issues where the, the SASSY model is. a lot quicker. Um, it solves a lot of those, those bandwidth issues for access, especially if you're accessing content rich applications, which, you know, that's pretty much a lot of BAS.

[00:20:46] Uh, there's a lot of graphics and, and content there. So it definitely provides our operators with a much more faster and seamless experience than your typical legacy VPN. So, I guess to, for your, for your viewers as well, just to, [00:21:00] um, further explain some of these terms that we've talked about with, with SASSY.

[00:21:04] So, mention Secure Access Service Edge, which implements SD WAN as well, Software Defined Wide Area Network, which is a virtual LAN that allows the transportation of services across broadband internet services and connects users directly to applications. So, Cloud based connection to applications. So where the SASSY framework comes into play here is, you know, I alluded to one of those features as increased bandwidth and lower latency for those remote, remote connections.

[00:21:38] The security side is definitely increased from your legacy VPN, but the whole framework does allow for much more. And that's the Connectivity of cloud based solutions to your, uh, to your edge device using edge computing to allow for that next level of application layer, which is, you know, kind of the next step for BGO.

[00:21:59] And that [00:22:00] strategy is looking at connecting, you know, building performance applications, AI running from cloud instance. So we can eliminate the, the on hardware on prem hardware. The other. Point of that is the zero trust architecture as well, which is super important, especially now with like, we're deploying to a wide range of properties.

[00:22:20] Like I think we've deployed this solution out to about 60, 60 properties and growing substantially. It feels like every week, but essentially the zero trust, what that, what that means is access is given on a need to know basis. So. If I, uh, I think the best way to describe this is to use an example. So, um, let's say I've got an operator that looks after two buildings.

[00:22:43] Well, he only needs to know about those two buildings, right? So I'm going to give him only access in the portal to those two buildings. Uh, pretty standard, but then we can even get a little more granular than that, and then the devices attached to those buildings. So let's say that he or she [00:23:00] only looks at the BAS system.

[00:23:02] CCTV, lighting, someone else. We only give them access to that BAS system. And let's get even more granular. That BAS system, in most cases, is going to have a web interface, right? Like an HTTP, HTTPS, uh, link that they use through like an IP address. But they'll also have a server on site. Well. I may not want to give him access necessarily to that server.

[00:23:26] He might not need it. He only needs access to the web interface to adjust values, um, temperature, whatever. But alternatively, on the flip side, the vendor, I can, I know that the vendor owns that server, and the vendor is going to need access to the, uh, the BAS web interface for troubleshooting, right? But we'll also need access to that server to be able to push, you know, Firmware updates, OS updates, right?

[00:23:52] So one piece of it is the very granular need to know basis for giving access, providing access. And then the [00:24:00] second part of it is the continuous authentication. So I mentioned that we, our operators are all authenticated through this platform via Okta. Um, And so that constant verification process, so anytime that they're, they log in and sometimes even when they're logged in and haven't been using it for a little bit, again, access authentication.

[00:24:22] And from the, the vendor side of it as well, we can also, if the vendor is using something like Okta or Azure or whatever, uh, we can also set up that same Authentication that MFA through that as well. On top of that, the, um, schedule based vendor access also allows us to kind of clamp down even more so on, on when vendors are given, when technicians are given access to those sites.

[00:24:48] So if they need to go on a site, uh, the site visit, or they need to log into a system to make an adjustment, um, we can give them like a, almost like a token access, like a, you know, four hour, six hour, eight [00:25:00] hour, nine hour. Token access, and then that expires. And if they want to come again, well, we need to give them another scheduled access.

[00:25:06] So it really helps to keep control and that ultimate management of our property networks, which obviously ties into the cybersecurity. And then the final part to that is a feature on that. With our platform is the ability to audit, uh, that access. So if anything were to go wrong, we would be able to look at the, at the audit listings and see who was the last person to sign in, um, and helps with, you know, investigation.

[00:25:32] Maybe, maybe the vendor. You know, got their password stolen at, you know, sitting on the dark web or something and, uh, and someone someone was able to break in. So it shows us as well the IP address that they that they used to sign in on like the their device IP address and the country of origin. So it really helps us to eliminate and be proactive with a lot of those threats.

[00:25:56] James Dice: Totally. One of the The features here that I think is [00:26:00] important. Um, is, you know, when we talk about smart building solutions, you know, we talk about, you know, building owner has the stack with device network, uh, data application layers and everything that sort of sits at the data and application layers, all of these different categories of technologies.

[00:26:17] Most of them have their own gateway in which they want to come put it on your network. So compucos? You're like how do you know this? Um, for you guys to control that and put it on one box, which is the same box you're talking about with the cyber security platform, the ability to not have all these different gateways on your network.

[00:26:35] Ben Cooper: Yeah, so you're talking about the application specific kind of kind of layer to that.

[00:26:40] James Dice: Yeah, I mean, like, um, if you think about the landscape of technologies, there's like a gateway for your IQ sensors and a gateway for your fall detection diagnostics and a gateway for this, that, and the other thing. Um, yeah.

[00:26:53] Ben Cooper: So, so yeah, so totally. So what this box does allow us to do is any Anything that's connected that's, that's in [00:27:00] a cloud instance, you know, there's AI tools that their GPUs are, are, you know, hosted in AWS, um, we can cloud connect, uh, to any application. So as long as the vendor has a cloud version of their, of their application, of their gateway, um, We can connect to it, no problem.

[00:27:19] And with, with the SASSY model, they're encrypted, secured tunnels that we can go worry free connecting to a cloud app and eliminate that on prem hardware, which definitely clutters up a lot of mechanical rooms. Uh, the number of times you've gone into a building probably and, uh, and, and looked at the network rack and seeing all of these unplugged boxes underneath on a shelf.

[00:27:42] Takes away all of that and, you know, kind of cleans things up, makes the network run more efficiently. Um, you know, energy reduction as well, obviously for, for the property, um, not having to power up all of these devices, some of which take a lot of energy usage.

[00:27:56] James Dice: Absolutely. Um, so tell me, I want to ask you just a [00:28:00] one quick question, more one more question around this project, but then just talk about kind of lessons learned for future buyers.

[00:28:07] But my last question is around the operators. And so it sounds like there was some. Change management that had to happen to allow them to, um, instead of just, you know. Logging in how they used to log in. They're having to go through these extra steps of authentication and they're having to use this different software application to access like the building automation system or access another, another, um, system on site.

[00:28:30] So can you talk about that process? Um, it sounds like there's been some change management that you guys have had to go through.

[00:28:36] Ben Cooper: Yeah, absolutely. The concept of adoption was, was very much top of mind with this. When you're installing an application or a system like this, where it's changing the, the way that historically operations have been remoting in for years and years and years, decades even, it, it's definitely a, a little bit of a, of a battle to, you know, frame the, the right conversations and to, you know, to [00:29:00] put the right values in front of them.

[00:29:01] And I think over time, it's been a very organic evolution and an adoption process where once the operators have, have gotten that, the hang of logging in and what that means, they, they know that they have to authenticate through Okta. Um, we've made it very, as easy as possible. You know, we've made it an Okta application for their mobile phones and also on web.

[00:29:22] So they, their Okta applications, they have their. tile, they click on it, it authenticates, boom, they're in. Um, and then they can click on any one of their, their devices to do their work. And so the response from the operators has actually been very, very positive. Our, the adoption rate of this platform is Probably around now, I think it's around 75, 80 percent, um, and it's still a very new platform, which I, I think, you know, that's a very strong, very strong adoption rate, um, and

[00:29:53] James Dice: that's huge.

[00:29:53] I mean, yeah, operators don't necessarily have great uptake historically for smart building solutions. [00:30:00]

[00:30:00] Ben Cooper: Yeah, for sure. It's nice to see that number for sure. It means that the, the training and the work that we've done is really kind of paying off and, um, they're understanding, you know, the value of having this.

[00:30:10] The sentiment, uh, at least what I've heard from our operations teams, is that the, The ease of access where they can access anywhere in the world securely, uh, you know, it's maybe one extra step than they used to have, one or two extra steps than they used to have, um, but the speed at which they can, they can access those applications and the speed at which the, the remote access works where, you know, historically legacy VPNs would, you know, lag and, you know, it would.

[00:30:37] Take like five minutes to change a, change one value where now it's so much quicker and the added value for being able to utilize it on a mobile phone. We have a lot of operators, uh, uh, in regions that, uh, they're the fleet operations. So they're constantly going around site to site to site. And in the event of an issue, they just open up their laptop, log in.

[00:30:59] Boom, [00:31:00] they can, it doesn't matter where they are, you know, they can be on the side of the road in their car and change values that, you know, needed or troubleshoot issues. So it's built a level of trust too with, uh, with PropCheck and our operations and really shown kind of our path forward, um, you know, showing those operations teams that, look, this is just the tip of the iceberg.

[00:31:20] We can get even crazier here. We can, you know, give you a, an AI tool for your, for your BAS to help to analyze. BAS data and write operational efficiencies. We can deploy a AI for CCTV, which will monitor all of your feeds and action on, um, action on certain use cases. The options are, are kind of endless at this point and really have, um, created this foundation for future proofing our, our buildings.

[00:31:47] So I, I can see that, uh, that adoption continuing and as, as we deploy. To, to more properties. And like I said, we're, we're kind of looking at more properties every week to, to deploy this too. So

[00:31:59] James Dice: totally, [00:32:00] totally. I want to, I want to get to the higher levels of the stack of the application layer in just a second on this, just deploying the actual cybersecurity platform itself.

[00:32:10] Can you talk about, um, and selfishly, we have a buyer guide coming up in October around, uh, the network layer and all the different technologies people could buy there. So this is a selfless question as I think about developing that, but also good for buyers to think about, um, what would you sort of tell other buyers in terms of lessons learned with deploying this, this offering?

[00:32:32] Ben Cooper: Yeah, I think sit down with all areas of your business and come up with a strategy, especially your, your IT team. Find out what exactly it means for you and to have a standardized building network. Does, does it necessarily mean you have to converge all your systems? Maybe not. Um, but having that standard and what you want to get out of this, I think is the most important thing.

[00:32:55] The next piece would be to understand the technology that you're implementing. [00:33:00] What are the criteria? What are the main? Focal points for for installing this because I think it's easy to say, Oh, we've got this cyber security device. It'll be we can roll it out to everywhere. Well, that's not true because in at least like with our business, we have.

[00:33:16] A whole whack of different asset types, pretty much every asset type. And for, you know, your industrial properties and your, uh, open air retail, those are often going to be triple net, right? So meaning that the, the tenants all have their own control of their own. their own stuff, their own systems. Um, so obviously that's not going to really be a use case there, right?

[00:33:39] That's, that's not going to really fit the criteria. You want to target assets that the property manages the network and has, uh, devices that are connected to the internet. So it all leads to a due diligence process. So after you have your strategy and your standards and procedures completely ironed out, you go into your due diligence, do your assessments, go to, go to the sites, [00:34:00] um, you know, make a template and, and just.

[00:34:03] Collect as much information as you can so that you're sure that when you get to site, you know that okay Like this network is completely separated I can't put this platform on on every single I can't put every single system behind this platform Because they're all on separate networks. There's only one there's only one Ethernet cable, right?

[00:34:23] So How, how do we best approach that? Do we do like more of a soft convergence, um, where we try to bring everything as together as possible onto a switch and then put our platform on top of that? Or do we, do we take one at the start and say, you know, we have a BAS and a lighting system. Both are connected to the internet, but the BAS is, um, giving out the most data, is collecting the most data, right?

[00:34:50] Is the most sensitive. So, we're going to protect the BAS as, as the first. That might not be the same case for, for every property, but, um, but, you know, you really have to do your due [00:35:00] diligence and plan that, plan that out first before you start looking at, um, at the technologies and then actually the physical deployment of, of that technology.

[00:35:09] There's, there's, I think the due diligence process is often understated when, when deploying cybersecurity.

[00:35:14] James Dice: So it sounds like there's it's basically a case by case basis on in terms of what you might do before you put in the cybersecurity platform and then also a case by case basis on what you might put on to it and connect to it.

[00:35:26] Is that right?

[00:35:27] Ben Cooper: Exactly.

[00:35:28] James Dice: Cool. Um, any, any gotchas that, um, future buyers might, uh, want to know about?

[00:35:34] Ben Cooper: No, I think, I think the biggest ones We're, we're definitely understanding the criteria, like I mentioned, um, you know, that, you know, industrial and, and open air, like retail, like that's, it's just not, that doesn't really work.

[00:35:48] Um, but I mean, in, in terms of gotchas, there wasn't really, there wasn't really anything. That really stands out to me. I think, you know, we did enough of the due diligence and [00:36:00] that strategy that we had a really good understanding. You know, there's definitely, there's always some kind of little hiccups here and there, but nothing from like a, like an actual like technology standpoint.

[00:36:13] Um, you know, the, the platform as well, it, you know, it's, Constantly evolving, adding more features and functionality. And so, you know, I guess it's, it's a continued approach to, to train and, and communicate the potentials that this box can, can do for us, the platform can do for us. So it's, it's an ongoing process.

[00:36:33] So even after, even after implementation, I mean, it's just, it's a never ending project, but, um, but has, you know, a lot of, a lot of good value.

[00:36:42] James Dice: Absolutely. And for anyone that's, um, interested in this from a buying standpoint, we're continuously connected with this layer, uh, network layer as we develop our, our buyer's guide to the network layer.

[00:36:55] What we're happy to connect you with the right people. Um, to help you out with what Ben's [00:37:00] talking about here. Let's talk about the higher layers of the stack. So we talked about application layer. We haven't really talked about the data layer much, but I'd love to hear how you're kind of thinking about layering new technologies onto this platform moving forward.

[00:37:12] So you mentioned, um, AI for security cameras. You mentioned, um, network monitoring software, I think you mentioned earlier. So how do you think, how do you think about how you might evaluate and then start to layer on, um, application layer technologies onto this?

[00:37:29] Ben Cooper: I think the prioritization is applications that reduce OPEX.

[00:37:34] So anytime that we can, especially in the, the, the, the industry and the climate, the way it is right now, I mean, anytime that we can reduce operating expenditures at properties is a huge win for us. Um, we're also, Very focused as a company on, on ESG and sustainability. Something that I believe that we lead in.

[00:37:52] And so, you know, those are big goals for us. Net zero is a big goal for us. So applications that involve [00:38:00] and solve those goals, uh, relate to those goals are definitely prioritized. So, you know, Definitely the, uh, AI, which is such a buzzword right now, but, um, you know, it has definitely a place in commercial real estate, specifically to, to BAS.

[00:38:15] You know, there's numerous companies out there that are, that are doing this. And, you know, I think it adds that efficiency level and building health and performance, which leads into ESG, which can also lead into OPEX savings as well, and, and energy. Energy costs, energy consumption, and then a little bit of a hidden gem as well for operating reduction of OpEx is AI for CCTV.

[00:38:40] Having a much more robust and platform to monitor your video feeds where like I think that's one area that's kind of taken a while to to catch up to technology and has really relied on. The kind of the human, uh, operational element. We're approaching a point where that image [00:39:00] of your typical security guard staring at a bunch of different screens and video feeds on a, on a monitor, like that's effectively kind of on the out, right?

[00:39:10] Because with AI technology, it can monitor everything at once. And action to your operator, your security guards on any issues, you know, some of the use cases for like, uh, weapon detection where it will dispatch 911 immediately so that your security guards aren't put in harm's way. They know about it, but they know that they're not gonna, you know, they're not going to walk into a dangerous situations.

[00:39:35] And so do they, um, fire. Detection, fire and smoke detection, where, you know, a lot of these AI modules I've seen can detect it even before your building system. Uh, and again, uh, dispatch to 911 and then also inform your, your, uh, security guards and your operations. So, there's a huge amount of potential savings there as, you know, security, [00:40:00] security contracts can be very expensive for physical security contracts, very expensive for properties.

[00:40:05] And so, you know, this kind of streamlines things and, uh, and allows that, you know, reduction to happen over time. So, those are definitely two that I'd say are at top of mind for, for me at least. But, you know, like I said, the options are also endless. When it comes to these technologies, and we're at that kind of rate of, of incline for, for technology evolution and prop tech that, you know, in five years, who knows, there could be another, something even crazier that comes out that solves a whole whack of problems.

[00:40:35] But the point is, is that we built ourselves this very nice future proof platform that whatever We're ready to deploy it and the, the uplift is, is going to be very minimal.

[00:40:48] James Dice: Absolutely. Yeah. And that's like the holy grail of what I think a lot of asset owners, asset managers have been, you know, building for a while, right?

[00:40:57] We, we, we say this industry moves slow, but we've [00:41:00] been, a lot of people have been building up these infrastructure layers for a while and to the point where they can start to deploy rapidly. And, and to that end, what is the value of being able to deploy these new applications to you? What is the value to you from being able to Do that from this sort of platform that you've already bought.

[00:41:17] You've bought this for other reasons, right? Remote access use cases, cybersecurity, um, you know, stabilization. What's the value of then being able to take that thing that you've already invested in? It's already paid for itself, like you said earlier. Now I can then just use that as the infrastructure to these other applications.

[00:41:35] Ben Cooper: I mean, it completely changes the game for us. I mean, yeah, like you mentioned, that wasn't the initial thought when we got into this platform. Um, you know, it was just security and remote access, but now it's evolved to this, um, to this application layer, the cloud, cloud connected application layer that, yeah, I mean, the, the value has, has increased.

[00:41:55] Kind of tenfold here, you know, the, the future proofing of, [00:42:00] of our properties now, and the ability for us to, to move quickly on, uh, on deploying technologies, having more control and management over those technologies, um, eliminating the mass amount of on prem hardware, all of that. That kind of leads into a more efficient building, better performance, um, and leads into our company goals for ESG and sustainability as well.

[00:42:25] It was a very welcomed surprise functionality, but it will continue to, to be kind of the backbone of our, of our PropTech.

[00:42:34] James Dice: Absolutely. And, and yeah, anyone that wants to sort of learn more about this category, reach out to us, uh, look it up on our website, the network layer, and, uh, we'll sort of connect you with the people you need to connect with.

[00:42:46] But Ben, thanks so much for coming on the show. I think this was awesome in terms of, um, uh, an asset owner, asset manager, that's sort of. Investing in the right ways and then looking to build on top of that with all the sexier stuff, right? That people [00:43:00] people talk about but I think a lot of people talk about the sexy stuff when skipping The basic infrastructure layers first.

[00:43:06] So I think it's a great example of a case study that people more people should follow So thanks for coming on the show Yeah,

[00:43:12] Ben Cooper: thanks. Uh, thanks for having me. Thanks, James.

[00:43:17] Rosy Khalife: Okay, friends, thank you for listening to this episode. As we continue to grow our global community of change makers, we need your help. For the next couple of months, we're challenging our listeners to share a link to their favorite Nexus episode on LinkedIn with a short post about why you listen. It would really, really help us out.

[00:43:34] Make sure to tag us in the post so we can see it. Have a good one.

Sign Up for Access or Log In to Continue Viewing

Sign Up for Access or Log In to Continue Viewing

"The future proofing of our properties now, and the ability for us to move quickly on deploying technologies, having more control and management over those technologies, eliminating the mass amount of on-prem hardware, all of that kind of leads into a more efficient building, better performance, and leads into our company goals for ESG and sustainability as well.”
‍
—Ben Cooper

Welcome to Nexus, a newsletter and podcast for smart people applying smart building technology—hosted by James Dice. If you’re new to Nexus, you might want to start here.

The Nexus podcast (Apple | Spotify | YouTube | Other apps) is our chance to explore and learn with the brightest in our industry—together. The project is directly funded by listeners like you who have joined the Nexus Pro membership community.

You can join Nexus Pro to get a weekly-ish deep dive, access to the Nexus Vendor Landscape, and invites to exclusive events with a community of smart buildings nerds.

Episode 153 is a conversation with Ben Cooper from BGO (BentallGreenOak).

Summary

Episode 153 features Ben Cooper from BGO (BentallGreenOak) and is our third episode in the Case Study series looking at real-life, large-scale deployments of smart building technologies. These are not marketing fluff stories, these are lessons from leaders that others can put into use in their smart buildings programs. Ben talks about the asset type due diligence and rate of adoption for their new infrastructure platform, the overall efficiencies created, and the future proofing abilities with a cloud connection application layer. Enjoy!

Mentions and Links

  1. BGO (01:14)
  2. QuadReal (01:21)
  3. Target 2014 security breach (09:10)
  4. Nexus Labs (11:35)
  5. SASSY Framework (17:49)

You can find Ben on LinkedIn.

Highlights

Ben’s background (01:12)

More about BGO (02:35)

The importance of cybersecurity (04:18)

Rollout of infrastructure platform at BGO (14:47)

Adoption and success (28:07)

Advice for others (32:10)

Future proof with a cloud connection application layer (40:57)




Music credits: There Is A Reality by Common Tiger—licensed under an Music Vine Limited Pro Standard License ID: SS478748-15083.

Full transcript

Note: transcript was created using an imperfect machine learning tool and lightly edited by a human (so you can get the gist). Please forgive errors!

[00:00:00] James Dice: Hey friends, if you like the Nexus podcast, the best way to continue the learning is to join our community. There are three ways to do that. First, you can join the Nexus Pro Membership. It's our global community of smart building professionals. We have monthly events, paywall deep dive content, and a private chat room, and it's just 35 a month.

[00:00:23] Second, you can upgrade from the Pro Membership to our Courses offering. It's headlined by our flagship course, the smart building strategist. And we're building a catalog of courses taught by world leading experts on each topic under the smart buildings umbrella third. And finally, our marketplace is how we connect leading vendors with buyers, looking for their solutions.

[00:00:42] The links are below in the show notes, and now let's go on to the podcast.

[00:00:49] Welcome to the Nexus Podcast. I'm your host, James Dice. We're talking today to Ben Cooper from BGO. Welcome, Ben.

[00:00:57] Ben Cooper: Thank you. Thanks for having me, James. [00:01:00]

[00:01:00] James Dice: I'm excited to unpack a little bit about your cybersecurity program. Actually, a lot, a bit. We're going to go deep into it. Uh, can you first just introduce yourself, talk about your role and what you do?

[00:01:12] Ben Cooper: Yeah, Ben Cooper. So I started at BGO fairly recently last, uh, so January, 2022. So just over a year and a half before that, I was at QuadReal working in their, uh, modern workplace IT on the more on the IT side, but my background is in smart technology, uh, I started at. working on the integration side of things, doing residential luxury smart homes at first, which was very fun.

[00:01:37] And then transition to the world of, uh, commercial, the commercial side, which was a very interesting change in, uh, in dynamic. But yeah, all, all of that led to, led to here now where I manage the prop, our prop tech program at BGO.

[00:01:53] James Dice: What's the biggest difference between, uh, luxury home, uh, automation and smart, smart tech [00:02:00] versus the commercial space?

[00:02:01] Ben Cooper: Uh, it's usually the money. A lot of the, the luxury home owners go into it knowing they're, they're spending hundreds of thousands of dollars and some of the, some of the systems that they want are, oh, they're so elaborate. Oh, man. Yeah, it's, uh, the money part isn't really an issue, and then coming to the commercial side, where budgets and things are a lot more constrained, um, so you have to really think outside the box with your designs and, and the technology that you're pitching, so yeah, that, I'd say that, that'd be the biggest difference.

[00:02:35] James Dice: Yeah, totally. Okay, can you give us some background on BGO just so people know, you know, what type of buildings are we talking about? What type of investment approach does BGO take? Just give people an idea of sort of the context that we're about to unpack.

[00:02:50] Ben Cooper: Yeah, BGO started as Bentall and Bentall Kennedy.

[00:02:54] It was predominantly property management in in Canada and then merging of [00:03:00] Green Oak Realty in the U. S. made us Bentall Green Oak. So the U. S. side of, uh, our business is more on the asset ownership and management side, fund, the fund management. Um, and, uh, yeah, Canada is still very much property management based.

[00:03:16] So it makes, makes for a very interesting dynamic when we're trying to think of strategy around prop tech and in Canada, you're dealing with many different clients, different, uh, ownership groups that all might have their. Their own kind of strategy around PropTech. So it's a lot of facilitating those conversations directly and relationships directly with the, with those, uh, third party clients and trying to tie those in as well to our U.

[00:03:42] S. asset.

[00:03:43] James Dice: Yeah, totally. And so then in the U. S. assets, you guys are actually the ownership group. So it's a little bit more aligned, um, with, you know, the conversations with the owners. Yeah, exactly. Okay. Yeah. Some people don't realize that, um, there are actually companies out there that have [00:04:00] many different ownership situations.

[00:04:01] You guys sound like that's, that's something you have to deal with. It's not just one technology strategy. It's a technology strategy and different, um, different ownership structures. Yeah, exactly. So let's talk a little bit more about what you're, you're doing on a day to day basis. Can you just kind of talk about cybersecurity and sort of why it's important in the portfolio?

[00:04:24] Ben Cooper: Yeah, absolutely. I'd say that's probably the, the main focus. Uh, at least it's been since I started a year and a half ago. Um, and you know, within that time it's really grown. Our, our kind of strategy, the platforms that we've, uh, that we've implemented has really created this, this quite a robust, uh, cybersecurity stance for, for BGO and, and our properties, you know, why it's important, I really think from a general perspective, uh, If you look at the statistics on cybercrime, I believe it's in, since 2021, cybercrime has increased by 10 percent and, uh, [00:05:00] subsequently, like the estimated yearly loss from cybercrime by 2025, at least for the U.

[00:05:06] S., it's estimated to be, well, will be, uh, I think it's like 10 trillion. With the average cost of a data breach being 5 million. So right there shows the importance and especially as it relates to the commercial real estate industry, where we're seeing PropTech advance into, um, this stage of network connectivity.

[00:05:30] IOT devices, um, collecting data, sharing data, uh, with other systems, you know, without those, without having standards and best practices in place, you're basically just have an open door to all of this data ready to be siphoned. And, uh, you know, which, you know, also leads to, you know, a reputational Issue as well, reputational loss, uh, especially in a, a competitive industry like commercial real estate where, you know, uh, that reputational loss is, [00:06:00] uh, is, is a, is a killer for sure.

[00:06:02] James Dice: Absolutely. Yeah. Can you give, I don't think people, I mean, we've had different episodes on cybersecurity in the past, but can you give some examples of pe of the threats that, um, you know, happen to real estate managers and owners like B G O?

[00:06:19] Ben Cooper: Yeah, you know, it's probably pretty obvious, but how the network's designed is, is definitely going to be your, your biggest threat there tied into, you know, the lack of policies, procedures, and standards.

[00:06:31] If you don't have those in place and you don't have a button down secured network, you're really, you're really opening yourself up to a lot of potential issues and threats. And I think there's kind of a subset as well to, to that, and that's more on the vendor side. And I want to be careful because I don't, I'm not saying that vendors are inherently risky, but I think with how it ties in is that lack of policies and procedures and standards from your [00:07:00] corporation, if you're not passing those along to the vendors, or let's, you know, I guess, for example, let's say you're a property manager and you want to install a BAS at your property and you reach out to To BAS Vendor A.

[00:07:13] They come into your property, see that you're, uh, all the building systems are on separate networks. There's nothing, um, uh, there's no continuity there. There's nothing converged. Um, you know, they're, they're not going to go in and say, oh, I should move everything all onto one, one network, converge everything, you know, liability issues, obviously, but they're going to install, uh, their own network line.

[00:07:38] Uh, for their own system, and they're going to have full management and enact their, their own standards, which, you know, may or may not be in line with, uh, industry best practices. Uh, they're also going to install their own remote access system on top of that. So, there's a huge lack of, uh, oversight and verification if you don't have any of that.

[00:07:59] Uh, standard [00:08:00] in place. So that's really the mitigation from that is, you know, have those, create that strategy, your cybersecurity strategy for your company, just like your IT organization would, would do. Um, the same needs to be done on the OT operational technology side to really, yeah, again, for, for that risk mitigation.

[00:08:17] James Dice: Absolutely. And maybe for people that don't understand, what are the, um, because we have this audience as total beginners to total 20 year, 25 year experts, what are the biggest risks, um, for the property manager, property owner, um, when these things that you just named aren't happening up to standards?

[00:08:39] Ben Cooper: Without that oversight, you have no ability to audit or manage, um, how vendors are, are accessing your systems. You know, if they're using like a, like a, I guess it's probably archaic. It's definitely archaic now, but, uh, you know, port forwarding to, uh, to systems for remote access. Um, yeah, you just [00:09:00] have no oversight in, into how that's all being done.

[00:09:03] And ultimately, you know, if you look at a lot of the most famous. Breaches. Um, you know, let's say Target 2014, for example, where they got into an IOT device using stolen vendor credentials, you know, like if vendors are using common accounts for their access. Yeah, there's just no, there's no oversight into that.

[00:09:24] So you're really flying blind. Um, you know, and the risk to the property team is, you know, if someone breaches your, your, your network, you're looking at, yeah. You know, potential siphoning of data for your tenants, uh, or building systems. Um, you're looking at potential criminals accessing your, those actual core systems.

[00:09:46] And I mean, it's kind of possibilities endless what, what they want to do there, you know, turn off elevators, put inappropriate stuff on your digital, digital signage. I mean, it's the, you know, it's, there's a lot of, there's definitely a lot [00:10:00] of risk there. And, uh, To, to the property as a whole and then subsequently the property manager and the entity, the organization that's either owning or managing that property.

[00:10:11] Um, and I, like I mentioned before the reputational damage.

[00:10:15] James Dice: Yeah. I had someone yesterday, we were having a call with, uh, uh, another property owner and they, they were talking about the risk of someone taking IAQ data and like disputing, uh, Showing it to tenants and showing it to the public and saying like you've been lying about your IAQ data or whatever.

[00:10:32] It's not actually what you say it is or whatever, you know.

[00:10:35] Ben Cooper: Totally.

[00:10:35] James Dice: Because anybody can take any data point and take it out of context.

[00:10:38] Ben Cooper: Yeah, I mean, and then like tenant specific too. I mean, if you have tenants that are a little bit more in the public eye that have very sensitive data, like, you know, law firms.

[00:10:49] Investment like hedge funds, um, you know, that's a government corporation, like government entities. That's a lot of huge data that, uh, that, if that gets out into the public, that's [00:11:00] obviously terrible.

[00:11:02] James Dice: Right, right, right. Um, You know, it's a little bit difficult to like, have these sorts of conversations and sort of drive awareness around cybersecurity because it does seem to be this sort of like hush hush sort of topic.

[00:11:18] Um, there's a lot of consultants that are obviously experts in it and they talk about the threats, but they don't necessarily like really, Sort of demystify what we all need to do to make our buildings more secure. So can you talk about like how we sort of drive this conversation further, especially as, as a media company like Nexus?

[00:11:36] Ben Cooper: Yeah, no, absolutely. It's been kind of cool actually in the last year I've, I've noticed that the conversation around cybersecurity is, is growing quite organically and evolving where we're getting approached a lot. By proactively by our property teams and asset management teams to inquire about, you know, like, I want to get a new system set up in my property.

[00:11:59] I [00:12:00] want to make sure though, that I'm following all of the cybersecurity standards, whereas maybe before you would see kind of, uh, properties, maybe. Doing this all on their own and, um, and relying on information from vendors. They're actually seeing this, uh, uh, and being proactive about it. And it's hard to really put my finger on exactly why this, why this has evolved the way it has.

[00:12:24] And, you know, maybe it's because, uh, maybe it's because there's just more information out there in the public domain about, you know, the cybersecurity, like I mentioned. But it's definitely, it's definitely a momentum starter. And I think how we continue to, to further that conversation is to really bring it back to the monetary aspect and the value.

[00:12:45] I think now we're starting to see a lot more connection with ROI and cybersecurity than we have in the past. Before it was very ambiguous, you know, the, the value was, you limit your breaches and it's hard to put a number on that, [00:13:00] right? Where is now we can really say that, uh, let's, let's be proactive about our cybersecurity.

[00:13:08] Let's, we, we have standards in place. We have a strategy in place. Let's go into our, our buildings, assess our networks, converge our networks, and continue that process. And from the value standpoint, from network convergence, uh, you know, depend obviously. Depending on size, your square footage of your property, you're probably looking at between 100, 000 and 300, 000, probably on a conservative estimate there.

[00:13:35] But if you compare that against to that 5 million number, that estimate for an average data breach, you know, what, what is that? That's like. Two to six percent. Great ROI. Yeah. Yeah. Right. Like it makes total sense. It's peanuts comparatively to if you have this open door and then and then not to mention on top of that That's just five million dollars probably in litigation and you know lawyer [00:14:00] fees and all of that But you also have to add on top of that the the that reputational damage and that may even 3x that five million So, you know that that percentage could be Even more minute than the two to six percent.

[00:14:15] So

[00:14:16] James Dice: absolutely. And so you feel like, um, you know, the higher ups, the C suite, the, the business minded folks in the real estate world, they're starting to feel like there's value in investing in, in cybersecurity.

[00:14:27] Ben Cooper: Absolutely. Absolutely. Especially as they're seeing that increase of network connected IoT devices and systems.

[00:14:34] James Dice: Totally.

[00:14:34] Ben Cooper: And, and the, you know, ESG and sustainability data, like you mentioned with that, that IAQ example. I think people are starting to realize the threats and what that costs, what it could potentially look like.

[00:14:46] James Dice: Absolutely. All right, let's talk about BGO's approach. It seems like you guys are one of the leaders in my, in my perspective, in terms of just talking to you in the last couple conversations we've had, um, you guys seem to be very far down the [00:15:00] road.

[00:15:00] Whereas you talk to a lot of property managers, property owners, and it's kind of like, where do we begin kind of creating a strategy, not necessarily implementing it. So can you talk about sort of your overall approach and then we'll sort of dig into the different technology categories and things that you guys are thinking about at that network layer.

[00:15:17] Ben Cooper: Sure. Yeah, absolutely. Thank you for that. I'd like to think that we're kind of, uh, among those leaders, but, uh, you know, I think there's definitely still a lot of work that we need to do to get us to, to the point that we want to be at as, as an organization. But, you know, it, for us, it really started with the strategy and we wanted to kind of create a, uh, kind of a pillar approach to this.

[00:15:37] So having that strategy around. What we wanted our building networks to look like, uh, following industry best practices, collaboration with our I. T. colleagues, especially in cybersecurity and the network team and yeah, create those policies and procedures that we can bake into our contracts with our vendors and pass along to our property [00:16:00] teams so that they're aware they know what should be done.

[00:16:03] They understand why it should be done. And then from there, Uh, We moved into the task to assess our property networks. So something that is continuously ongoing, but going into our properties and doing a complete deep dive into the, how the network is designed. We'll either do it internally, or if it's a larger building, we'll use a third party vendor and, uh, and yeah, just collect.

[00:16:26] Every bit of information that we can from, you know, network topology, the visualization, like the actual map of it, vulnerabilities that exist on that network, areas of concern, um, a whole asset inventory of the devices attached to those networks. And then from there, we can create a really comprehensive remediation plan with, uh, again, with either our vendors or, or internally.

[00:16:49] But I guess if we're remediation We're going the vendor route, but yeah, we have that comprehensive path forward of what we need to do. And in tandem to that is the cyber security, making [00:17:00] sure that the cyber security standards are, um, are at a level that we're happy with. And we also have a cyber security platform that we've been working on building up and, uh, and adding more features and functionality to that we will also install on, on that network.

[00:17:16] James Dice: Got it. Got it. Um, and can you talk about more, more about the cyber security platform as you call it? What, what is that? And, um, is it software, hardware? And then how do you guys think about that? It sounds like it's a, a third party device or third party, um, technology that you guys are building and then deploying in your buildings.

[00:17:36] Ben Cooper: Yeah, so it's, uh, it's a little bit of both. It's a, it's a hardware device that plugs into, plugs into the network and there's a cloud component on it. So the overall platform is based more on the, the SASSY framework. So secure access service edge, which is the. Basically the amalgamation of, uh, VPN and SD WAN.

[00:17:58] So more [00:18:00] of a newer age VPN, if you will, with more functionality and utilizes, uh, like zero trust architecture as well. So what this does for us is, A, it allows us to, uh, deploy custom security policies. So, Basically a firewall. We like to have another hardware firewall as well on site just to have that extra clarity.

[00:18:21] I kind of view it as like a as a net. So you got your first net and some stuff might get through, but you got your second net to catch all the stragglers. So yeah, being able to deploy custom security policy is at a site level. So very granular that can be all managed and deployed on a cloud service. The next step to that is continuous threat detection so that we can be Thank you.

[00:18:42] Uh, proactive or even more reactionary to potential threats, um, coming into our property networks. We've just started utilizing vulnerability scanning, so there's a tool that, uh, on that platform where we can scan the property network from a device standpoint and see, [00:19:00] uh, any vulnerabilities existing with that device's, uh, like known exploits for that device's firmware or OS.

[00:19:06] Can also see if... People are using, uh, default passwords for any of the servers, um, you know, FTP servers we, we run into sometimes that, uh, that we have to remediate on. And then the, the last piece of that is the, uh, the remote access is the secure remote access. Um, so, you know, again, that zero trust architecture.

[00:19:27] So all of our BGO employees are, um, are authenticated through our Okta, um, and vendors are given schedule based access.

[00:19:37] James Dice: Got it. Got it. Okay. And, um, the part you, you, you began with, I think that gives people a good idea of what you're using this piece of technology for, the SASSY framework. Can you talk more about that and zero trust and sort of pretend you're explaining this to a third grader, right?

[00:19:57] Can you talk about like what that actually does? [00:20:00]

[00:20:00] Ben Cooper: Yeah, so, I mean, the, the, the SASSY framework essentially combines, like I was saying, the VPN and SD, uh, SD WAN capabilities through, like, a cloud based security function that also has that zero trust network access baked into it. So... Okay. I think the best way actually to describe it is the difference between the what your legacy VPN and the SASSY framework.

[00:20:26] And it really, to me, it really comes down to the speed. You know, VPNs inherently have latency issues where the, the SASSY model is. a lot quicker. Um, it solves a lot of those, those bandwidth issues for access, especially if you're accessing content rich applications, which, you know, that's pretty much a lot of BAS.

[00:20:46] Uh, there's a lot of graphics and, and content there. So it definitely provides our operators with a much more faster and seamless experience than your typical legacy VPN. So, I guess to, for your, for your viewers as well, just to, [00:21:00] um, further explain some of these terms that we've talked about with, with SASSY.

[00:21:04] So, mention Secure Access Service Edge, which implements SD WAN as well, Software Defined Wide Area Network, which is a virtual LAN that allows the transportation of services across broadband internet services and connects users directly to applications. So, Cloud based connection to applications. So where the SASSY framework comes into play here is, you know, I alluded to one of those features as increased bandwidth and lower latency for those remote, remote connections.

[00:21:38] The security side is definitely increased from your legacy VPN, but the whole framework does allow for much more. And that's the Connectivity of cloud based solutions to your, uh, to your edge device using edge computing to allow for that next level of application layer, which is, you know, kind of the next step for BGO.

[00:21:59] And that [00:22:00] strategy is looking at connecting, you know, building performance applications, AI running from cloud instance. So we can eliminate the, the on hardware on prem hardware. The other. Point of that is the zero trust architecture as well, which is super important, especially now with like, we're deploying to a wide range of properties.

[00:22:20] Like I think we've deployed this solution out to about 60, 60 properties and growing substantially. It feels like every week, but essentially the zero trust, what that, what that means is access is given on a need to know basis. So. If I, uh, I think the best way to describe this is to use an example. So, um, let's say I've got an operator that looks after two buildings.

[00:22:43] Well, he only needs to know about those two buildings, right? So I'm going to give him only access in the portal to those two buildings. Uh, pretty standard, but then we can even get a little more granular than that, and then the devices attached to those buildings. So let's say that he or she [00:23:00] only looks at the BAS system.

[00:23:02] CCTV, lighting, someone else. We only give them access to that BAS system. And let's get even more granular. That BAS system, in most cases, is going to have a web interface, right? Like an HTTP, HTTPS, uh, link that they use through like an IP address. But they'll also have a server on site. Well. I may not want to give him access necessarily to that server.

[00:23:26] He might not need it. He only needs access to the web interface to adjust values, um, temperature, whatever. But alternatively, on the flip side, the vendor, I can, I know that the vendor owns that server, and the vendor is going to need access to the, uh, the BAS web interface for troubleshooting, right? But we'll also need access to that server to be able to push, you know, Firmware updates, OS updates, right?

[00:23:52] So one piece of it is the very granular need to know basis for giving access, providing access. And then the [00:24:00] second part of it is the continuous authentication. So I mentioned that we, our operators are all authenticated through this platform via Okta. Um, And so that constant verification process, so anytime that they're, they log in and sometimes even when they're logged in and haven't been using it for a little bit, again, access authentication.

[00:24:22] And from the, the vendor side of it as well, we can also, if the vendor is using something like Okta or Azure or whatever, uh, we can also set up that same Authentication that MFA through that as well. On top of that, the, um, schedule based vendor access also allows us to kind of clamp down even more so on, on when vendors are given, when technicians are given access to those sites.

[00:24:48] So if they need to go on a site, uh, the site visit, or they need to log into a system to make an adjustment, um, we can give them like a, almost like a token access, like a, you know, four hour, six hour, eight [00:25:00] hour, nine hour. Token access, and then that expires. And if they want to come again, well, we need to give them another scheduled access.

[00:25:06] So it really helps to keep control and that ultimate management of our property networks, which obviously ties into the cybersecurity. And then the final part to that is a feature on that. With our platform is the ability to audit, uh, that access. So if anything were to go wrong, we would be able to look at the, at the audit listings and see who was the last person to sign in, um, and helps with, you know, investigation.

[00:25:32] Maybe, maybe the vendor. You know, got their password stolen at, you know, sitting on the dark web or something and, uh, and someone someone was able to break in. So it shows us as well the IP address that they that they used to sign in on like the their device IP address and the country of origin. So it really helps us to eliminate and be proactive with a lot of those threats.

[00:25:56] James Dice: Totally. One of the The features here that I think is [00:26:00] important. Um, is, you know, when we talk about smart building solutions, you know, we talk about, you know, building owner has the stack with device network, uh, data application layers and everything that sort of sits at the data and application layers, all of these different categories of technologies.

[00:26:17] Most of them have their own gateway in which they want to come put it on your network. So compucos? You're like how do you know this? Um, for you guys to control that and put it on one box, which is the same box you're talking about with the cyber security platform, the ability to not have all these different gateways on your network.

[00:26:35] Ben Cooper: Yeah, so you're talking about the application specific kind of kind of layer to that.

[00:26:40] James Dice: Yeah, I mean, like, um, if you think about the landscape of technologies, there's like a gateway for your IQ sensors and a gateway for your fall detection diagnostics and a gateway for this, that, and the other thing. Um, yeah.

[00:26:53] Ben Cooper: So, so yeah, so totally. So what this box does allow us to do is any Anything that's connected that's, that's in [00:27:00] a cloud instance, you know, there's AI tools that their GPUs are, are, you know, hosted in AWS, um, we can cloud connect, uh, to any application. So as long as the vendor has a cloud version of their, of their application, of their gateway, um, We can connect to it, no problem.

[00:27:19] And with, with the SASSY model, they're encrypted, secured tunnels that we can go worry free connecting to a cloud app and eliminate that on prem hardware, which definitely clutters up a lot of mechanical rooms. Uh, the number of times you've gone into a building probably and, uh, and, and looked at the network rack and seeing all of these unplugged boxes underneath on a shelf.

[00:27:42] Takes away all of that and, you know, kind of cleans things up, makes the network run more efficiently. Um, you know, energy reduction as well, obviously for, for the property, um, not having to power up all of these devices, some of which take a lot of energy usage.

[00:27:56] James Dice: Absolutely. Um, so tell me, I want to ask you just a [00:28:00] one quick question, more one more question around this project, but then just talk about kind of lessons learned for future buyers.

[00:28:07] But my last question is around the operators. And so it sounds like there was some. Change management that had to happen to allow them to, um, instead of just, you know. Logging in how they used to log in. They're having to go through these extra steps of authentication and they're having to use this different software application to access like the building automation system or access another, another, um, system on site.

[00:28:30] So can you talk about that process? Um, it sounds like there's been some change management that you guys have had to go through.

[00:28:36] Ben Cooper: Yeah, absolutely. The concept of adoption was, was very much top of mind with this. When you're installing an application or a system like this, where it's changing the, the way that historically operations have been remoting in for years and years and years, decades even, it, it's definitely a, a little bit of a, of a battle to, you know, frame the, the right conversations and to, you know, to [00:29:00] put the right values in front of them.

[00:29:01] And I think over time, it's been a very organic evolution and an adoption process where once the operators have, have gotten that, the hang of logging in and what that means, they, they know that they have to authenticate through Okta. Um, we've made it very, as easy as possible. You know, we've made it an Okta application for their mobile phones and also on web.

[00:29:22] So they, their Okta applications, they have their. tile, they click on it, it authenticates, boom, they're in. Um, and then they can click on any one of their, their devices to do their work. And so the response from the operators has actually been very, very positive. Our, the adoption rate of this platform is Probably around now, I think it's around 75, 80 percent, um, and it's still a very new platform, which I, I think, you know, that's a very strong, very strong adoption rate, um, and

[00:29:53] James Dice: that's huge.

[00:29:53] I mean, yeah, operators don't necessarily have great uptake historically for smart building solutions. [00:30:00]

[00:30:00] Ben Cooper: Yeah, for sure. It's nice to see that number for sure. It means that the, the training and the work that we've done is really kind of paying off and, um, they're understanding, you know, the value of having this.

[00:30:10] The sentiment, uh, at least what I've heard from our operations teams, is that the, The ease of access where they can access anywhere in the world securely, uh, you know, it's maybe one extra step than they used to have, one or two extra steps than they used to have, um, but the speed at which they can, they can access those applications and the speed at which the, the remote access works where, you know, historically legacy VPNs would, you know, lag and, you know, it would.

[00:30:37] Take like five minutes to change a, change one value where now it's so much quicker and the added value for being able to utilize it on a mobile phone. We have a lot of operators, uh, uh, in regions that, uh, they're the fleet operations. So they're constantly going around site to site to site. And in the event of an issue, they just open up their laptop, log in.

[00:30:59] Boom, [00:31:00] they can, it doesn't matter where they are, you know, they can be on the side of the road in their car and change values that, you know, needed or troubleshoot issues. So it's built a level of trust too with, uh, with PropCheck and our operations and really shown kind of our path forward, um, you know, showing those operations teams that, look, this is just the tip of the iceberg.

[00:31:20] We can get even crazier here. We can, you know, give you a, an AI tool for your, for your BAS to help to analyze. BAS data and write operational efficiencies. We can deploy a AI for CCTV, which will monitor all of your feeds and action on, um, action on certain use cases. The options are, are kind of endless at this point and really have, um, created this foundation for future proofing our, our buildings.

[00:31:47] So I, I can see that, uh, that adoption continuing and as, as we deploy. To, to more properties. And like I said, we're, we're kind of looking at more properties every week to, to deploy this too. So

[00:31:59] James Dice: totally, [00:32:00] totally. I want to, I want to get to the higher levels of the stack of the application layer in just a second on this, just deploying the actual cybersecurity platform itself.

[00:32:10] Can you talk about, um, and selfishly, we have a buyer guide coming up in October around, uh, the network layer and all the different technologies people could buy there. So this is a selfless question as I think about developing that, but also good for buyers to think about, um, what would you sort of tell other buyers in terms of lessons learned with deploying this, this offering?

[00:32:32] Ben Cooper: Yeah, I think sit down with all areas of your business and come up with a strategy, especially your, your IT team. Find out what exactly it means for you and to have a standardized building network. Does, does it necessarily mean you have to converge all your systems? Maybe not. Um, but having that standard and what you want to get out of this, I think is the most important thing.

[00:32:55] The next piece would be to understand the technology that you're implementing. [00:33:00] What are the criteria? What are the main? Focal points for for installing this because I think it's easy to say, Oh, we've got this cyber security device. It'll be we can roll it out to everywhere. Well, that's not true because in at least like with our business, we have.

[00:33:16] A whole whack of different asset types, pretty much every asset type. And for, you know, your industrial properties and your, uh, open air retail, those are often going to be triple net, right? So meaning that the, the tenants all have their own control of their own. their own stuff, their own systems. Um, so obviously that's not going to really be a use case there, right?

[00:33:39] That's, that's not going to really fit the criteria. You want to target assets that the property manages the network and has, uh, devices that are connected to the internet. So it all leads to a due diligence process. So after you have your strategy and your standards and procedures completely ironed out, you go into your due diligence, do your assessments, go to, go to the sites, [00:34:00] um, you know, make a template and, and just.

[00:34:03] Collect as much information as you can so that you're sure that when you get to site, you know that okay Like this network is completely separated I can't put this platform on on every single I can't put every single system behind this platform Because they're all on separate networks. There's only one there's only one Ethernet cable, right?

[00:34:23] So How, how do we best approach that? Do we do like more of a soft convergence, um, where we try to bring everything as together as possible onto a switch and then put our platform on top of that? Or do we, do we take one at the start and say, you know, we have a BAS and a lighting system. Both are connected to the internet, but the BAS is, um, giving out the most data, is collecting the most data, right?

[00:34:50] Is the most sensitive. So, we're going to protect the BAS as, as the first. That might not be the same case for, for every property, but, um, but, you know, you really have to do your due [00:35:00] diligence and plan that, plan that out first before you start looking at, um, at the technologies and then actually the physical deployment of, of that technology.

[00:35:09] There's, there's, I think the due diligence process is often understated when, when deploying cybersecurity.

[00:35:14] James Dice: So it sounds like there's it's basically a case by case basis on in terms of what you might do before you put in the cybersecurity platform and then also a case by case basis on what you might put on to it and connect to it.

[00:35:26] Is that right?

[00:35:27] Ben Cooper: Exactly.

[00:35:28] James Dice: Cool. Um, any, any gotchas that, um, future buyers might, uh, want to know about?

[00:35:34] Ben Cooper: No, I think, I think the biggest ones We're, we're definitely understanding the criteria, like I mentioned, um, you know, that, you know, industrial and, and open air, like retail, like that's, it's just not, that doesn't really work.

[00:35:48] Um, but I mean, in, in terms of gotchas, there wasn't really, there wasn't really anything. That really stands out to me. I think, you know, we did enough of the due diligence and [00:36:00] that strategy that we had a really good understanding. You know, there's definitely, there's always some kind of little hiccups here and there, but nothing from like a, like an actual like technology standpoint.

[00:36:13] Um, you know, the, the platform as well, it, you know, it's, Constantly evolving, adding more features and functionality. And so, you know, I guess it's, it's a continued approach to, to train and, and communicate the potentials that this box can, can do for us, the platform can do for us. So it's, it's an ongoing process.

[00:36:33] So even after, even after implementation, I mean, it's just, it's a never ending project, but, um, but has, you know, a lot of, a lot of good value.

[00:36:42] James Dice: Absolutely. And for anyone that's, um, interested in this from a buying standpoint, we're continuously connected with this layer, uh, network layer as we develop our, our buyer's guide to the network layer.

[00:36:55] What we're happy to connect you with the right people. Um, to help you out with what Ben's [00:37:00] talking about here. Let's talk about the higher layers of the stack. So we talked about application layer. We haven't really talked about the data layer much, but I'd love to hear how you're kind of thinking about layering new technologies onto this platform moving forward.

[00:37:12] So you mentioned, um, AI for security cameras. You mentioned, um, network monitoring software, I think you mentioned earlier. So how do you think, how do you think about how you might evaluate and then start to layer on, um, application layer technologies onto this?

[00:37:29] Ben Cooper: I think the prioritization is applications that reduce OPEX.

[00:37:34] So anytime that we can, especially in the, the, the, the industry and the climate, the way it is right now, I mean, anytime that we can reduce operating expenditures at properties is a huge win for us. Um, we're also, Very focused as a company on, on ESG and sustainability. Something that I believe that we lead in.

[00:37:52] And so, you know, those are big goals for us. Net zero is a big goal for us. So applications that involve [00:38:00] and solve those goals, uh, relate to those goals are definitely prioritized. So, you know, Definitely the, uh, AI, which is such a buzzword right now, but, um, you know, it has definitely a place in commercial real estate, specifically to, to BAS.

[00:38:15] You know, there's numerous companies out there that are, that are doing this. And, you know, I think it adds that efficiency level and building health and performance, which leads into ESG, which can also lead into OPEX savings as well, and, and energy. Energy costs, energy consumption, and then a little bit of a hidden gem as well for operating reduction of OpEx is AI for CCTV.

[00:38:40] Having a much more robust and platform to monitor your video feeds where like I think that's one area that's kind of taken a while to to catch up to technology and has really relied on. The kind of the human, uh, operational element. We're approaching a point where that image [00:39:00] of your typical security guard staring at a bunch of different screens and video feeds on a, on a monitor, like that's effectively kind of on the out, right?

[00:39:10] Because with AI technology, it can monitor everything at once. And action to your operator, your security guards on any issues, you know, some of the use cases for like, uh, weapon detection where it will dispatch 911 immediately so that your security guards aren't put in harm's way. They know about it, but they know that they're not gonna, you know, they're not going to walk into a dangerous situations.

[00:39:35] And so do they, um, fire. Detection, fire and smoke detection, where, you know, a lot of these AI modules I've seen can detect it even before your building system. Uh, and again, uh, dispatch to 911 and then also inform your, your, uh, security guards and your operations. So, there's a huge amount of potential savings there as, you know, security, [00:40:00] security contracts can be very expensive for physical security contracts, very expensive for properties.

[00:40:05] And so, you know, this kind of streamlines things and, uh, and allows that, you know, reduction to happen over time. So, those are definitely two that I'd say are at top of mind for, for me at least. But, you know, like I said, the options are also endless. When it comes to these technologies, and we're at that kind of rate of, of incline for, for technology evolution and prop tech that, you know, in five years, who knows, there could be another, something even crazier that comes out that solves a whole whack of problems.

[00:40:35] But the point is, is that we built ourselves this very nice future proof platform that whatever We're ready to deploy it and the, the uplift is, is going to be very minimal.

[00:40:48] James Dice: Absolutely. Yeah. And that's like the holy grail of what I think a lot of asset owners, asset managers have been, you know, building for a while, right?

[00:40:57] We, we, we say this industry moves slow, but we've [00:41:00] been, a lot of people have been building up these infrastructure layers for a while and to the point where they can start to deploy rapidly. And, and to that end, what is the value of being able to deploy these new applications to you? What is the value to you from being able to Do that from this sort of platform that you've already bought.

[00:41:17] You've bought this for other reasons, right? Remote access use cases, cybersecurity, um, you know, stabilization. What's the value of then being able to take that thing that you've already invested in? It's already paid for itself, like you said earlier. Now I can then just use that as the infrastructure to these other applications.

[00:41:35] Ben Cooper: I mean, it completely changes the game for us. I mean, yeah, like you mentioned, that wasn't the initial thought when we got into this platform. Um, you know, it was just security and remote access, but now it's evolved to this, um, to this application layer, the cloud, cloud connected application layer that, yeah, I mean, the, the value has, has increased.

[00:41:55] Kind of tenfold here, you know, the, the future proofing of, [00:42:00] of our properties now, and the ability for us to, to move quickly on, uh, on deploying technologies, having more control and management over those technologies, um, eliminating the mass amount of on prem hardware, all of that. That kind of leads into a more efficient building, better performance, um, and leads into our company goals for ESG and sustainability as well.

[00:42:25] It was a very welcomed surprise functionality, but it will continue to, to be kind of the backbone of our, of our PropTech.

[00:42:34] James Dice: Absolutely. And, and yeah, anyone that wants to sort of learn more about this category, reach out to us, uh, look it up on our website, the network layer, and, uh, we'll sort of connect you with the people you need to connect with.

[00:42:46] But Ben, thanks so much for coming on the show. I think this was awesome in terms of, um, uh, an asset owner, asset manager, that's sort of. Investing in the right ways and then looking to build on top of that with all the sexier stuff, right? That people [00:43:00] people talk about but I think a lot of people talk about the sexy stuff when skipping The basic infrastructure layers first.

[00:43:06] So I think it's a great example of a case study that people more people should follow So thanks for coming on the show Yeah,

[00:43:12] Ben Cooper: thanks. Uh, thanks for having me. Thanks, James.

[00:43:17] Rosy Khalife: Okay, friends, thank you for listening to this episode. As we continue to grow our global community of change makers, we need your help. For the next couple of months, we're challenging our listeners to share a link to their favorite Nexus episode on LinkedIn with a short post about why you listen. It would really, really help us out.

[00:43:34] Make sure to tag us in the post so we can see it. Have a good one.

⭐️ Pro Article

Sign Up for Access or Log In to View

⭐️ Pro Article

Sign Up for Access or Log In to View

Are you interested in joining us at NexusCon 2025? Register now so you don’t miss out!

Join Today

Are you a Nexus Pro member yet? Join now to get access to our community of 600+ members.

Join Today

Have you taken our Smart Building Strategist Course yet? Sign up to get access to our courses platform.

Enroll Now

Get the renowned Nexus Newsletter

Access the Nexus Community

Head over to Nexus Connect and see what’s new in the community. Don’t forget to check out the latest member-only events.

Go to Nexus Connect

Upgrade to Nexus Pro

Join Nexus Pro and get full access including invite-only member gatherings, access to the community chatroom Nexus Connect, networking opportunities, and deep dive essays.

Sign Up