Dassault Syst\u00e8mes SOLIDWORKS has placed security at the heart of its application development process whether for desktop or applications on the cloud-based the 3D<\/strong>EXPERIENCE\u00ae platform. Let\u2019s take a look at some of the safeguards that have been put in place to keep you and your valuable IP safe.<\/p>\n\n\n\n Data Protection on the Platform<\/strong><\/p>\n\n\n\n Safeguarding data is essential to ensuring availability, integrity, and confidentiality of the 3D<\/strong>EXPERIENCE platform. Dassault Syst\u00e8mes SOLIDWORKS deploys industry best practices for authentication, access control, encryption, injection detection and prevention, auditing, and server hardening. Standards include MITRE\u2019s Common Weakness Enumeration (CWE™) and many approaches refined by the Open Web Application Security Project (OWASP<\/a>).<\/p>\n\n\n\n Secure and More Inclusive Design Reviews<\/strong><\/p>\n\n\n\n You can safely conduct real-time digital mock-up reviews accessible to everyone on your team, including those without CAD knowledge, which enables all non-engineers, such as marketing, sales, and management to easily participate in the product development cycle. No more managing tons of project emails and attachments, which can potentially open the door to serious security issues or expose IP to hackers.<\/p>\n\n\n\n Disagreements among co-workers, managers, or clients are readily resolved by reviewing communication threads within the project community from a single secure platform. This makes it easy to solve differing recollections over what was communicated\u2014or not communicated\u2014in the past without the frustration of digging through countless emails. More importantly, you always have full control over who sees what data and when so valuable IP is always protected.<\/p>\n\n\n\n Authentication<\/strong><\/p>\n\n\n\n 3D<\/strong>Passport provides authentication and authorization services while supporting two-factor authentication and single sign-on (SSO) capabilities within the 3D<\/strong>EXPERIENCE platform. Users are fully authenticated and assigned specific licenses and policies. Events and actions remain traceable. Certificates are managed by a certificate authority and key stores. A strong password policy and sound user policy for access control lists serve to protect the 3D<\/strong>EXPERIENCE platform against brute force, privilege escalations, and session hijacking.<\/p>\n\n\n\n Confidentiality and Integrity<\/strong><\/p>\n\n\n\n Access to data is restricted via access lists. Only the authorized roles, organizations, or collaborative spaces can access data stored in the 3D<\/strong>EXPERIENCE platform. Authorization is implemented through business logic and database layers to ensure data integrity and strict confidentiality throughout the data lifecycle.<\/p>\n\n\n\n Encryption<\/strong><\/p>\n\n\n\n Primary defenses are implemented to prevent attacks and control access. Robust encryption algorithms protect data in transit and strong access controls ensure data is stored securely (see Confidentiality and Integrity, above). File transfers on the cloud are secured via HTTPS\/TLS.<\/p>\n\n\n\n Injection, Scripting, and Parser Hardening<\/strong><\/p>\n\n\n\n The 3D<\/strong>EXPERIENCE platform was designed to be resilient to attacks like SQL, Parameter, Commands, and OS Injections. Protective measures employ several layers to guard against cross-site scripting (XSS). XML parsers are hardened using best practices to prevent XXE attacks. The software architecture embeds input validation and the use of a parameterized interface is encouraged and monitored for compliance.<\/p>\n\n\n\n Convenience and<\/em> Security<\/strong><\/p>\n\n\n\n Dassault Syst\u00e8mes SOLIDWORKS leverages industry-leading practices and is actively involved with the OWASP as a part of continuous efforts to minimize risk and protect customer data. Our security programs put particular emphasis on the secure software development life cycle (SDLC) approach used to build the 3D<\/strong>EXPERIENCE platform and applications.<\/p>\n\n\n\n![\"\"](\"https:\/\/blogs.solidworks.com\/solidworksblog\/wp-content\/uploads\/sites\/2\/2015\/03\/cloudguy2.png\")
<\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/blogs.solidworks.com\/solidworksblog\/wp-content\/uploads\/sites\/2\/2020\/07\/AdobeStock_216253518-800x472-1.jpg\")
<\/figure><\/div>\n\n\n\n