Kilroy sought a solution that would allow them to uniformly provision, authenticate, manage, and audit who has access to all of their buildings through a secure, remote access portal. Kilroy selected Neeve Remote Access, a secure access portal that enables IT teams to reduce the cost and cybersecurity risks of maintaining smart buildings by providing vendors and technicians with secure, auditable, time-bound remote access to building networks and devices. With Neeve, Kilroy was able to streamline third-party user access across their portfolio while ensuring security, auditability, and governance. Using Secure Edge secure tunnels, Kilroy also removed individual servers from buildings and moved to a centralized server that both reduces costs and improves updates and operations across the portfolio.
Kilroy needed a solution that would enhance security, visibility, and governance while simplifying the management of third-party remote access and reducing operational costs and inefficiencies. They sought to either buy or build a unified data platform that would allow them to uniformly authenticate, manage, and audit who had access to building networks, connected devices, and software applications. Ultimately, Kilroy wanted to maintain centralized ownership and control over their systems to improve standardization and visibility, ensuring their technology strategy enabled them to deliver an improved tenant experience above all else.
A detailed solutions analysis considered re-building infrastructure from the ground up based on existing corporate WAN. However, this implied a high capital investment, hiring a full-time team, and an extensive time frame.
Neeve Remote Access allowed Kilroy to avoid the costly and time-consuming network re-engineering involved with an in-house custom-built solution. And because annual fees for network infrastructure are a budget line item when infrastructure is offered as a managed service, Neeve enabled Kilroy to avoid unforeseen technology costs and IT resources.
With secure remote access in place, Kilroy began to take advantage of the secure tunnels provided by Secure Edge to consolidate control servers. Instead of one access control server per site connected to all the panels, they connected panels through secure tunnels to a centralized server. Connected via iNodes on-site and virtual iNode at the server, the centralized approach can pull licensing and certification from each site and push updates to settings or access control lists. This reduced equipment sprawl and management, reduced truck rolls for updating settings and made it easy to, for example, remove across sites.
The Secure Access Service Edge (SASE) platform performs the following functions Kilroy’s office properties:
Secures building systems from internal and external cyber threats
• Industry-standard and best practices for cybersecurity
• Zero-trust network architecture
• Next-generation OT firewall with custom security policies
• Continuous Threat Detection
• Remote management of security patch delivery
Simplifies secure digital access to building systems
• Secure, agentless cloud-based remote access
• Book-ended architecture with end-to-end and device-to-private cloud encryption
• Granular policies for remote access to building systems
• Multi-factor authentication and Single Sign-on support
• Secure proxies for RDP, VNC, SSH and HTTP/HTTPS device endpoints
• Secure connections to on-prem systems through native applications on your computer from anywhere
Streamlines operations while improving technical support
• Supports multiple network architecture & works with existing infrastructure
• Device discovery
• Cloud-based user and network management
• User audit and access logs
Kilroy has deployed Neeve Remote Access in over 100 buildings being served by hundreds of vendors and has been thrilled with the outcome. Buildings are not only more secure and more unified than ever, but also far more cost-effective to manage.
With Neeve Secure Edge as its standard OT services edge, Kilroy has realized substantial savings in capex from converging to one platform and moving some servers to the cloud, from material reductions in opex from reduced vendor fees due to secure remote access, and from and a reduction in the manpower required to manage portfolio wide by centralizing operations using the platform’s cloud portals. On top of that Kilroy is more agile and responsive than ever to tenant needs with the ability to adjust building systems anywhere from one central team.
Neeve streamlines day-to-day tasks for the Kilroy engineering team while providing a dashboard of activities across all properties.
Top line benefits that other OT leaders should take note of include:
VISIBILITY
All building systems are viewed in a single pane of glass to standardize, monitor, and consolidate vendor activity.
SECURITY
Improved controls, such as policy implementation, session duration tracking, and the removal of default accounts.
SCALE
Hundreds of vendors now have convenient agentless 24/7 access, with uniform application of policy controls.
INSIGHT
Facilitates the inventory, data audit, and analysis of all assets, and detects legacy systems that require updating
Kilroy has begun an evaluation of their SASE platform’s capabilities to host containerized OT applications without the need for additional hardware.
- Instant identification of OT assets and security vulnerabilities of OT applications in the building to reduce both exposure and the costs of monitoring.
Once the edge applications complete testing, Kilroy will evaluate locations and timing to deploy the applications from the platform vendor’s Applications Marketplace into production as on-prem or cloud-based containers.
- To inventory and identify vulnerabilities across the OT footprint.
Applications from the vendor marketplace enable secure, streamlined deployment:
- Prequalified and tested
- One-click provisioning
The edge element of the SASE platform would also become the Edge Cloud to perform the following functions for Kilroy properties:
- Cloud-managed run-time environment for smart building applications
- Cloud-based container orchestration
- One-click application deployment and onboarding
The Edge Cloud operations inherit all the cybersecurity and remote access practices automatically for comprehensive
- Application monitoring
- Data security
- Governance