Using Homey PRO at an office space

Hi,
So, I´ve started a process putting Homey PRO to an office space to give me energy consumption insight based on occupancy. This is to showcase where money could be saved on standby coffee machines, TVs, unused desks, etc.

The process with the IT department is a pain and they´re asking what platform and how secure Homey is.
What is the best answer for this?

I understand that homey don´t use Microsoft Azure, Amazon or Google platform, It´s Homey´s own platform?
Can I guarantee that Homey don´t let anyone inside through the office WIFI to access files in our workspaces for example?

Please help me make a case where it´s relatively safe to put Homey PRO.

“Nobody knows”

Homey mostly runs local, but it does require a cloud connection to Athom’s servers which are hosted on Amazon’s AWS.

No, you can’t give that guarantee, because Homey (AFAIK) has never been pen tested.

Homey is also a black box, you can’t harden it.

Why you need a Homey for this?

Thanks Robert for fast reply.
So basically it´s not worse then connecting your phone or computer to the company WIFI?

I´ve seen the UK PSTI STATEMENT OF COMPLIANCE which gives them something.

Is there really a need to connect Homey to the office network? Are the coffee machines connected to the office network, and if so how are they secured? Can you connect Homey to the office network via a firewall?

Why not?
It´s relatively easy to plug&play.
Where´s a more commercial option is harder to implement.

Do you have other suggestions?

Not really; but what you think will be the function of Homey to support this? It does not do anything by itself to help you achieve your goals.

It does not measure energy consumption, it does not know who is in the office. To achieve your goals you need a lot of other devices (to start and when you have the devices it will not be done).

Nonsense! From a security point the IT department will not allow to bring your own device and connect it to the WiFi network. Only devices managed by the IT department are allowed. That’s why you have business PC’s and phones. And guest networks. And an IT department.

Yes, I have the Shelly and Aqara devices connected to Homey. From Homey I´m sending the data to my MariaDB via API HTTPS post…

Homey could then also execute the flows if we want to turn of the lights or whatever we want to do with it.

Soo… We could do a pilot on the guest network right?

I would say yes, better to ask IT.

But IT approved to attach all those other devices on the network?

Yes, but it is better to stay friends with IT, not fight them. And when they notice your security awareness, you have them in your pocket. You might even ask them how you can secure your devices against all those guest devices😉

I would hope the IT department would be smart enough to use other vlans for this kind of thing anyway.

They are already approved as part of the BMS.

Maybe put Homey also in the BMS VLAN and secure it with the companies firewall?

It all depends on how many Homeys, Homeybridges and devices are involved, where they are located, which protocols are involved and which communication paths are required. For example I can imagine that Z-wave devices are not interesting for the IT-department. (As long as these devices are not a threat for the IT-infrastructure).