Amid a rise in cyber threats targeting building control systems, Albireo Energy on Monday launched what it calls a secure, fully managed cloud service designed to host and protect data from building automation systems and energy power management systems.

The company’s Private Cloud Services, or PCS, removes the need for heavy capital expense, complexity or risk in deploying traditional on-premise servers, the independent building controls and energy services provider said in a release. 

Three out of four companies have building management systems vulnerable to hacking or cyberattack, according to research released in June by Claroty, a cyber-physical systems protection company. 

The report studied over 467,000 building management systems across 500 organizations. Within those organizations, 2% of devices essential to business operations were operating at the highest level of risk exposure, the firm said. The high exposure level of these devices provides malicious cyber actors with easily accessible entry points that “leave the door open to costly and potentially dangerous disruptions,” Claroty said at the time. 

This combination of risk factors is concerning due to the widespread reliance on these systems to operate HVAC, lighting, energy, security and other systems in commercial real estate. These systems were previously operated independently by facilities management staff, but are now more commonly connected and integrated using advanced building automation and management systems, according to Claroty.

Cyberattacks on these systems have skyrocketed in recent years, requiring facility managers to work with IT specialists to help protect their organizations’ infrastructure, according to Sean Tufts, field chief technology officer at Claroty. 

PCS aims to address these risks by separating operational technology from core informational technology by transferring building automation and energy power management system data to a cybersecure, SOC 2 Type 2-certified cloud platform that the firm hosts and maintains. By segmenting building systems off the main network, these systems can still connect to the main network to send alerts and operate other functions, but access points are minimized, according to Troy Cruzen, virtual chief information security officer at Fortified Health Security. This means that if a hacker enters through a building system, like HVAC, they’re still largely cut off from the main network, he said.

“PCS removes the tension between IT and building management by safeguarding building systems from enterprise network vulnerabilities while maintaining seamless connectivity for facility managers,” Kevin Baxter, president of Albireo Energy, said in a statement. “It delivers what both have been asking for — a fully managed alternative to on-premise, capital intensive servers with end-to-end protection and performance unmatched in the BAS industry.”

The service is technology-flexible, the company says. It integrates with all major BAS and EPMS technologies, and with its existing services, including its Critical Alarm Messenger and fault detection and diagnostics software. That provides a unified cybersecure environment that facility managers can use to monitor, analyze and act on building performance data, the company said. 

Albireo Energy Managed Services Center, which provides 24/7 monitoring and engineering support, will manage the service to maintain technical expertise across major OEM products and Albireo’s own services, the company said.