Access Management (sometimes called rights management, or identity management) is focused on granting authorized users the right to access your software while preventing non-authorized users from getting access to your data. The core challenge companies face when setting up access management is to protect confidentiality and integrity while ensuring availability of information to the authorized user.
There is a fine line between burying information underneath numerous layers of bureaucracy and giving non-authorized users access to protected information. If there are too many hurdles, users might not adopt the technology as it is not easily available for the practical use. If all users can access any data across projects, the data might not be secure enough.
Every company has to decide for itself through how many hoops the user needs to jump to gain access to the data. Regulatory requirements oftentimes request your company to be far enough on the left side of the scale to ensure data security. The goal should be to be as close to the left of the scale without the sacrifice of usage or non-acceptance of the technology.
The problems that construction companies encounter without the right balance between the two extremes can be fatal. Problems may include data loss, data theft, loss of competitive advantage, loss of reputation, time loss, overhead, and inefficient operations. With the increasing amount of online espionage and cybercrime that we see in the industry every year, it is critical to find the right balance.
It is more important than ever to implement the right processes and software access levels by choosing software providers that can comply with the way your company works.
The top mistakes that we see with construction software management are:
- Allowing too much access. Each and every user should be securely provisioned, assigned privileges according to their role or function and given access on a “need to know” basis. Problems occur frequently because the implemented software can’t provide the perfect access levels needed.
- Not updating access rights when someone leaves the company. When someone leaves the company their account must be disabled. Make sure the software you are using provides the permission levels needed to manage access from the top without big time delays.
- Shared user accounts and emailed credentials. Having one account per user is critical. Sharing a user account also means sharing the user’s “accountability”. In case something goes wrong, you will not be able to identify who messed up. Once the audit trail is broken, users can do whatever they want. Actions are not recorded by each individual user. It’s important that software does not force your team to share accounts due to pricing structures.
We’ve worked with hundreds of General Contractors, Specialty Contractors, and Owners to help with the setup of construction software to make it work best for their organizational requirements. As we see an increasing amount of construction technology entering the job site, the concerns of getting the right access management across multiple solutions are justified. Thorough access management is a key ingredient to successful software implementation. If done right, your team can:
- Meet regulatory compliance and owner requirements.
- Give everyone the right level of access to get the job done without the overhead.
- Maintain a good standing with your clients by ensuring that information is kept confidential.
- Ensure that no unqualified/untrained member can mess up with your data.
- Easily revoke access in the case of team structures change.
- Trace any changes in the system to investigate abuse (audit trails).
To ensure a successful outcome, we found the following steps to be critical before implementing software. Delaying these decisions to “sometimes” (aka never), may lead to costly changes if your chosen software might not have the necessary access management flexibility. Here are some important things you want to think about during the different software lifecycle stages:
- Ensure solid use case evaluation across your organization and work with the software provider to understand how much access (area/licenses/storage) is needed for a successful rollout.
- Important: License sharing should be avoided as this causes product problems in software.
- Decide if new login credentials will be created or existing login methods exist (such as Autodesk, Google, or any other Single Sign-on login button). The fewer passwords your team has to remember, the better!
- This helps to make software access easier and more secure.
- Grant access to software based on positions and roles. Hardly one person knows all the roles in the organization and who needs which type of access. It is important that your software can assign regional managers who can take this responsibility on themselves.
- Specify the restrictions of the use of the software (e.g. amount of storage, sub-accounts, Square Foot, etc.) for each user.
- Specify which areas of the software can be accessed and which cannot (e.g. a regional manager should have access only to a specific set of projects in your portfolio).
- Put the business in charge of software access management. One of the biggest roadblocks to success access management is the dependence on IT to do everything. Giving the right management rights to specific regional managers, and even the projects themselves, can reduce roadblocks and allow for efficiency.
- Receive and evaluate access requests from users. Implement a clear process on how to gain access to your software.
- Remove access when people change roles, or resign. It’s important to have a clear plan for this process as changes in roles can occur quickly and access has to be removed fast.
- Revisit access management settings at least once every quarter to ensure everything is up to date and only the people who need access, have access.
Here is how we decided to put these learnings into practice: The HoloBuilder Multi-Tier Management Dashboard
While each construction company is different and each software need poses a different opportunity for specialization, there is a common pattern that can be found amongst successful software implementation. At HoloBuilder we have worked with over 450 construction companies over the years and found the following access rights structure to be a good representation to guarantee a successful implementation of construction software across your organization.
Essentially, we have taken the blueprint of construction companies management hierarchies and built a software access management hierarchy that matches it:
- Enterprise Admin: The owner of the Enterprise Account
- Enterprise Viewer: Can view the organization with their projects, but cannot edit anything (for C-Suite access)
- Group Manager: Responsible for a groupset of construction projects.
- Project Manager: Owner of a specific construction project.
- Project Admin: Can manage the construction project, invite editors and viewers.
- Project Editor: Can contribute, modify and annotate the project.
- Project Viewer: Can view the project.
When co-developing the access management structure with our customers we learned that flexible administration was needed. It allows admins to add and remove users with all needed permission levels to projects. In addition, we ensured that admins can:
- Define user and access permissions with ease on a project and company level.
- Add and remove members of your project team in no time.
- Secure data by assigning only specific and required access permissions to stakeholders.
- Give your company and regional management a high-level overview of projects and responsible people.
This innovative approach empowers the field to take administration into their own hands to reduce bottlenecks. With the various permission levels, the management of project access happens dynamically. Teams can invite as many stakeholders as they need and assigning them the appropriate level of permissions. This philosophy reduced headache for your IT team as they can outsource much of the administrative tasks while still having all the power in their hands. As mentioned above, the people that are closest to the job can best decide who should have the proper permissions.
Clear and efficient visualization is core to keep an overview
Along with the access management permissions, we developed an Enterprise Dashboard to make the company and project administration intuitive and enjoyable. During the development of the dashboard we followed three core principles:
- Informative overview and management of projects
Once the amount of projects in your HoloBuilder platform grows, keeping a high-level understanding of progress is critical. That’s why the heart of our enterprise dashboard is an overview of all active projects.
- Fast team management on enterprise and project level
Whether you want to understand who is on your job, remove users, or add users, the enterprise dashboard is the one stop shop to manage all your access.
- Easy management of your Enterprise Subscription in a centralized location
Do you want to know how much Square Footage for virtual HoloBuilder projects you have purchased and how much you are using? Or understand which one of your Regional Managers or customers are consuming most of your Square Footage? No problem, now you can break down your subscription usage and allocate it accordingly to regional managers with the click of a button.These principles become especially important as the number of HoloBuilder projects in your organization grows because you want to keep an overview of which projects are currently going on, who is involved and how much space they require in your account.With this in mind, you can start setting up your user access management aligned with your company structure and enable your organization to roll out HoloBuilder to their projects with ease. It will provide your entire company with access to exactly the information they need. Finally, you enable all stakeholders, especially people in charge of multiple projects, to make more informed decisions.
. . .
How do you set-up your teams for success? Tell us your story via email to firstname.lastname@example.org. We are looking forward to hearing from you. Thank you 🙂