Infrastructure & Certifications
Onshape is built upon the Amazon Web Services (AWS) Elastic Compute Cloud (EC2) Infrastructure as a Service (IaaS) cloud platform. AWS EC2 was chosen as the ideal technology to provide a modern, secure CAD service. AWS provides world-class computing infrastructure that includes globally-distributed, physically secure data centers with redundant power, cooling and networking. AWS has achieved multiple US and global security and quality certifications including ISO 9001, ISO 27001, SOC-2 Type II, FIPS 140-2 and NIST 800-53. The Onshape service itself has completed the certification process for SOC-2 Type II certification. In addition, Onshape uses AWS Virtual Private Cloud (VPC) technology to isolate and secure network traffic in and out of the service. Rules used for VPC configuration are defined in code, peer-reviewed and deployed via automation.
Onshape’s highly available, distributed database architecture stores all design data in modern NoSQL databases. These databases use geographically distributed servers with multiple replicas for high availability and are backed up every 3 hours for disaster recovery. Backups are restored every 3 weeks and every model is automatically checked for integrity against new versions of Onshape software. This also validates that functionality introduced in new releases does not break existing models.
Access & Audit Trail
Onshape is accessed through standard web browsers such as Chrome, Firefox and Safari on desktops / laptops and through fully-functional apps (not just viewers) on iOS and Android mobile devices. Operating systems are irrelevant: Windows, MacOS, Linux and Chrome OS provide the same design experience and work equally well. CAD data never leaves the secure cloud environment unless permission to export has been explicitly granted by the data’s owner. Everyone working on a project is always collaborating on the latest design. All data access is recorded in a permanent audit trail. Multiple users can securely collaborate on the same design simultaneously from any location that has internet access.
All access from client machines and devices to Onshape’s servers is secured by TLSv1.2 encryption that favors strong cipher suites such as AES-GCM and disallows weaker ones. Design data is encrypted at rest. All databases are configured with encrypted filesystems that use the AES-256 encryption standard in XTS mode with keys managed by the AWS Key Management System (KMS). KMS utilizes hardware security modules to protect the security of the encryption keys. Onshape’s servers are deployed and configured completely by automation and are frequently replaced, sometimes multiple times a day. Onshape’s servers never run anything but Onshape software so there is no possibility of exploits due to web browser or email client activity.
Onshape uses strong authentication systems for establishing user identity and allows the use of Two-Factor Authentication (2FA) via a Time-based One-Time Password (TOTP) to protect account access even if the username and password are leaked. All passwords are stored in hashed, salted form using the PBKDF2 key derivation functions so that compromise of the Onshape password database would not expose the stored passwords to offline attacks without extremely large computational effort. Online attacks are prevented by throttling invalid login attempts. In Onshape, CAD document access is controlled by granular read, write, copy, comment, link, delete and reshare permissions that provide design owners with tools to balance security and design workflow requirements. These permissions can be changed at any time to expand or remove access to the design data. All data access and permission changes are recorded in a permanent audit trail.
Onshape provides transparency into service problems through an online status page. The modern database architecture allows customers to recover accidentally or intentionally deleted data. Data loss through crashes or user error, common with file-based CAD systems, is almost entirely eliminated.
Customer Data Protection
Onshape takes the security and privacy of customer data very seriously. Onshape employees do not have the ability to view any customer data unless it has been explicitly shared with Onshape Support. In addition, Onshape Operations personnel can access the server environment only via a VPN requiring authentication which includes a password, an encrypted public / private key pair, a generated shared secret and 2FA.
Third Party Validation
Onshape has contracted with Synack, a highly-respected security firm that provides continuous penetration testing and vulnerability management. Security researchers from around the globe employ state-of-the-art tools and technologies to discover exploits in the Onshape CAD service as well as other systems that support the platform. Testing coverage includes APIs, DNS management and targeted internet-facing hosts. Synack researchers are paid by the number and severity of real vulnerabilities discovered, so there is a financial motivation to be aggressive and creative in their testing. Synack has recorded thousands of hours of penetration testing against the Onshape service. Discovered vulnerabilities are immediately reported to the Onshape Security Team which triages and mitigates any issues. Onshape’s deployment automation is able to rapidly deploy patched software. In some cases, vulnerabilities have been resolved for all Onshape users in a matter of hours.
In addition, all Onshape servers run software agents that provide an Intrusion Detection System (IDS). This IDS monitors every operating system kernel call and provides:
- File Integrity Monitoring (FIM)
- Network ingress and egress monitoring
- Privilege escalation monitoring
- AWS configuration change monitoring
- Real-time alerting of severity 1 issues to the Onshape Security Team