As more and more software is deployed on the cloud, many might question how secure these cloud-based applications really are compared with traditional on-premise software. To some, “the cloud” sounds like data is magically jettisoned to some nebulous place in the atmosphere—and all that data is now floating out there (securely, somehow) in the sky.
In actuality, the biggest difference in cloud computing is the physical location of servers. You still control access to all your data. You still control who has access and at what permission level. You still control what applications to use. And so on.
But, let’s face it: You can’t see your servers, so it feels unsafe. However, the reality is quite different.
Dassault Systèmes SOLIDWORKS has placed security at the heart of its application development process whether for desktop or applications on the cloud-based the 3DEXPERIENCE® platform. Let’s take a look at some of the safeguards that have been put in place to keep you and your valuable IP safe.
Data Protection on the Platform
Safeguarding data is essential to ensuring availability, integrity, and confidentiality of the 3DEXPERIENCE platform. Dassault Systèmes SOLIDWORKS deploys industry best practices for authentication, access control, encryption, injection detection and prevention, auditing, and server hardening. Standards include MITRE’s Common Weakness Enumeration (CWE™) and many approaches refined by the Open Web Application Security Project (OWASP).
Secure and More Inclusive Design Reviews
You can safely conduct real-time digital mock-up reviews accessible to everyone on your team, including those without CAD knowledge, which enables all non-engineers, such as marketing, sales, and management to easily participate in the product development cycle. No more managing tons of project emails and attachments, which can potentially open the door to serious security issues or expose IP to hackers.
Disagreements among co-workers, managers, or clients are readily resolved by reviewing communication threads within the project community from a single secure platform. This makes it easy to solve differing recollections over what was communicated—or not communicated—in the past without the frustration of digging through countless emails. More importantly, you always have full control over who sees what data and when so valuable IP is always protected.
Authentication
3DPassport provides authentication and authorization services while supporting two-factor authentication and single sign-on (SSO) capabilities within the 3DEXPERIENCE platform. Users are fully authenticated and assigned specific licenses and policies. Events and actions remain traceable. Certificates are managed by a certificate authority and key stores. A strong password policy and sound user policy for access control lists serve to protect the 3DEXPERIENCE platform against brute force, privilege escalations, and session hijacking.
Confidentiality and Integrity
Access to data is restricted via access lists. Only the authorized roles, organizations, or collaborative spaces can access data stored in the 3DEXPERIENCE platform. Authorization is implemented through business logic and database layers to ensure data integrity and strict confidentiality throughout the data lifecycle.
Encryption
Primary defenses are implemented to prevent attacks and control access. Robust encryption algorithms protect data in transit and strong access controls ensure data is stored securely (see Confidentiality and Integrity, above). File transfers on the cloud are secured via HTTPS/TLS.
Injection, Scripting, and Parser Hardening
The 3DEXPERIENCE platform was designed to be resilient to attacks like SQL, Parameter, Commands, and OS Injections. Protective measures employ several layers to guard against cross-site scripting (XSS). XML parsers are hardened using best practices to prevent XXE attacks. The software architecture embeds input validation and the use of a parameterized interface is encouraged and monitored for compliance.
Convenience and Security
Dassault Systèmes SOLIDWORKS leverages industry-leading practices and is actively involved with the OWASP as a part of continuous efforts to minimize risk and protect customer data. Our security programs put particular emphasis on the secure software development life cycle (SDLC) approach used to build the 3DEXPERIENCE platform and applications.
Originally posted in the SOLIDWORKS Blog.