How to Improve on Traditional CAD Security with Onshape

By John Rousseau / May 6, 2015
I can’t store my CAD data in the cloud – it’s not secure.
I’m safer keeping my data on my desktop. How can Onshape secure my data better than I can?

I’ve heard these types of questions and concerns since I started developing software for cloud deployment in 2008. They arise out of very valid concerns about what the cloud really is. The marketing hype from companies selling cloud products certainly doesn’t help clarify things.

In addition to the superior collaboration and sharing features compared to traditional CAD systems, Onshape’s cloud platform enables you to improve on the security of your CAD data. We go to great lengths to protect your intellectual property (IP), far above what most traditional CAD users do today.

Keeping your data on a desktop machine in a physically secure room with no network connection, no other users, and no other software (except a traditional CAD package) would be very secure. However, it’s also not very realistic, and it’s not the way most CAD users work today.

Desktops today are used not only to run CAD packages, but also to read email and browse the web. Today’s designers share numerous, uncontrolled copies of CAD data with other designers, manufacturers, and part suppliers. Workstations are used by multiple employees and contractors. Laptops travel with us wherever we go, frequently connecting to insecure networks. All are avenues for viruses, network attacks, data loss and theft of IP.

What if you could start from scratch and design a system where all authorized users could create and view CAD data without having a local copy of it? Such a system could enable:

  1. You to securely share and unshare your data.
  2. Everyone working with the data to always have the right version.
  3. The servers that allowed you to store and work on your data to do nothing else and the software on these machines would be installed and configured automatically, the exact same way every time.
  4. Your servers to be in secure facilities around the globe with multiple levels of physical access control, armed guards, and a guarantee that your machines would never leave these facilities.

You get all of these security measures with Onshape.

Because we are protecting the IP of all of our users in a single cloud service, we can afford to invest heavily in security technology, penetration testing and employee training. We follow industry best practices for encrypting data, patching software, managing security keys and configuring access controls. We have a team of software engineers that have designed Onshape to be secure from the start. We encrypt all data between your browser or mobile device and our servers. Your CAD data is also stored in an encrypted format. We control all network access to the computers that make up our service.

SECURITY IS NOT "SET AND FORGET"

The reality is that buying a single product or service does not make you secure. One careless employee can undo the best of systems. Security is not “set and forget” either. It’s an expensive arms race that requires vigilance and an ongoing investment in training and technology. Onshape can and does make this investment because protecting your IP is our business.

Using Onshape actually allows you to substantially improve the security of your CAD data, but keeping your data safe requires your participation. Protecting traditional CAD data means good backups, virus protection, physical control of your stored data and diligence with sharing your data. Onshape takes care of all of that for you. With Onshape, your main responsibility is to protect your login credentials. To help you with this, we offer “two factor authentication” or 2FA, via a One Time Password (OTP).

2FA

In addition to your username and password, you can install an app on your mobile device that will generate a random code every 30 seconds. We will ask you for this code when you login. Even if someone were able to discover your username and password, they would not be able to login to Onshape without the ever-changing code. For machines that you trust, you can optionally request that we not ask you for your 2FA code for 30 days. If you ever lose control of your login or password, just contact support and we can issue new ones on the spot.

ULTIMATE CONTROL OVER YOUR CAD DATA

Security is all about control. You want to control who sees your data and personal information. You want to control who can change, delete and redistribute this information as well. Onshape gives you the ultimate control. Do you want to get a bid from three manufacturers on your design? Share a view-and-comment-only copy of your document with them. Select a manufacturer and give them edit access to collaborate with you on making your design ready to manufacture. Unshare the document from the other manufacturers. This level of control is not possible with traditional CAD systems.

How secure is Onshape? Compared to both traditional CAD systems and other cloud services, Onshape is very secure. No computer system is totally secure, but by designing for security from the beginning, continually monitoring for attacks and adapting to evolving threats, Onshape provides exceptionally strong protection for your IP. As an additional measure, Onshape contracts with a third-party security testing service that continually tries to hack into a ghost version of our service and then reports what they find. In fact, these security researchers are paid by the exploits they discover, so they try really hard to find vulnerabilities. We take this feedback and fix our production servers before exploits happen.

We care deeply about keeping your data secure. Our success ultimately depends on your willingness to trust us with your intellectual property – so that you can focus on building great products.

To learn more, read about our security policies and procedures and feel free to share your questions and concerns at security[at]onshape.com.

Security_Blog_image

Topics: Industry Perspectives, Engineering Executives