Blog

    How Trigrr delivers cybersecurity at every layer

    Build to protect

    Recent cyberattacks on major UK retailers such as M&S and The Co-operative Group have propelled cybersecurity into the spotlight. And with the rise of connectivity in commercial real estate, cybersecurity is a business-critical priority.

    At Trigrr, our goal is clear: to lead on cybersecurity in the built environment. Whether you’re a landlord, asset manager or facility manager, one question should be in front of mind: “Are my smart building operating systems truly secure?”

    To understand how Trigrr stays ahead of cyber threats, we spoke to Christophe Penninckx, Trigrr’s CTO, about how security is embedded into the heart of its platform - from architecture to culture.

    What does “Secure by design” mean at Trigrr?

    “Secure by design is like an onion: our solution is the centre of the onion - surrounded by multiple layers of safety, designed to stop any attacks before they ever reach the core,” Christophe Penninckx, CTO, Trigrr

    Cybersecurity isn’t a patch or a plugin at Trigrr. It’s a principle that runs through every layer of the system. From how permissions are handled to how communication flows, security is built in from the ground up. Christophe highlights the key pillars of Trigrr’s Secure by design approach:

    • Systematic encryption - all data is encrypted in transit and at rest. Trigrr never uses unsecured communication channels
    • Multi-layered defence - our platform is wrapped in layers of validation, encryption, authentication and firewalls, all providing defence.
    • Annual penetration testing - we regularly bring in independent security experts to conduct full penetration tests and identify vulnerabilities.
    • Web application firewall - our external defence filters out malicious activity, from brute-force attempts to injection attacks, before it reaches the core system.
    • Real-time and historical monitoring - every user and system action is tracked and logged to support instant detection and forensic insight.

    What security measures protect client data?

    “Our data model is designed to enforce least privilege by default. That means our platform knows who can do what AND blocks everything else,” explains Christophe. Trigrr’s architecture allows fine-grained control over access rights and data visibility. Clients retain full control over their portfolios while minimising risk at every touchpoint, benefitting from:

    • Granular data segmentation
    • Systematic access logging
    • Fully encrypted data storage
    • Secure backups with fast recovery options

    Trigrr achieved a high score from WiredScore - what contributed to that success?

    Trigrr scored an impressive 72 points in WiredScore’s SmartScore assessment, including full marks in cybersecurity policy implementation. The SmartScore framework assessment is scored on security foundations and product capability. Trigrr performed strongly in both areas.

    “We scored well due to our highly scalable data model and architecture. Evaluators recognise it as a crucial enabler of our “least privilege” model, which ensures individuals only access what they are authorised to see,” explains Christophe.

    Trigrr’s architecture allows intelligent filtering of user actions. This built-in control mechanism not only enhances security, it also creates operational confidence for clients managing large and complex estates.

    Are APIs usually considered a weak link in smart building platforms?

    “Not in our case - we apply the same multi-layered protection to our APIs as we do to the platform itself,” says Christophe. Platforms often ask clients to ‘open up’ their building technology to allow communication, but this creates vulnerabilities. “We don’t do that,” Christophe adds. “Trigrr speaks natively with devices, including their authentication protocols. We preserve the existing security structure instead of undermining it.”

    What if a third-party app connected to Trigrr is compromised?

    “It would be blocked by our firewalls before it could cause harm. But ultimately, clients need to configure access properly. Giving third-party apps admin rights introduces unnecessary risk, that’s why training and awareness are so important,” warns Christophe.

    Is Trigrr on track to achieve the ISO 27001 accreditation?

    Trigrr is preparing for ISO 27001 certification by late 2025. Not just aligning to global standards, but proactively building systems and processes that exceed them:

    • Team-wide cybersecurity training - security is now part of our team’s daily mindset. We’ve introduced dedicated training and awareness initiatives to ensure that cybersecurity best practices are embedded across the business.
    • Response planning - we’ve developed and tested incident response plans for the most likely scenarios, including data centre outages, system failures and client complaints, so we can act swiftly and decisively when it matters most.
    • Infrastructure enhancements - we’ve introduced a web application firewall and expanded monitoring as part of the ISO 27001 readiness programme.

    Through these efforts, Trigrr has built a culture of security that supports every client.

    “Many building teams have lost oversight of their systems due to years of complexity and siloed upgrades.”

    What advice would you give to people concerned about cybersecurity in the built environment?

    “Start with awareness. Cyberattacks don’t just happen to big companies - they can happen to any building, at any time,” warns Chistophe. “Many building teams have lost oversight of their systems due to years of complexity and siloed upgrades.”

    That’s why consultancy firms and master system integrators encourage consolidating operations into one central building operating system, such as Trigrr, which ensures visibility, control and consistency across the board.

    Buildings are no longer isolated systems. They share data with the wider world and must be secured like any corporate data centre.
    It’s not just about prevention - it’s about planning. Trigrr prepares for potential incidents on the backend, including full data centre recovery within an hour. But clients also need to plan for the “What if?”

    “It’s not exciting, but it’s essential. Being proactive is always better than reacting too late.”

    Ready to secure your building automation systems?

    Trigrr isn’t just responding to cybersecurity challenges… it’s defining how secure smart building platforms should operate. From Secure by design architecture to native device integration, penetration testing and ISO-level preparedness, Trigrr gives clients total confidence in an increasingly connected world.

    Want to learn more about Trigrr’s smart building operating system and how it supports your compliance and operational goals? Get in touch with our team.