Minute Read: 5 minutes

CAD and EDRM – A challenge but a must for digital process chains

Computer-aided Design (CAD) and Computer-aided Manufacturing (CAM) is a technology concerned with the use of digital computers to perform certain functions in design and production.

Depending on the particular customer group, there are differences in the way the product cycle is activated. In some cases, the design functions are performed by the customer, and the product is manufactured by a different firm.

In other cases, design and manufacturing are done by the same firm. In both these cases, the product cycle begins with a concept that is then cultivated, refined, analyzed, improved, and translated into a plan for product development.

The plan is documented by a set of engineering drawings that show how the product is made and has a set of specifications citing its performance.

Then it moves on to production, testing, and delivery. In each of these activities, CAD and automated drafting are utilized in the conceptualization, design, and documentation of the product.

These CAD data which are engineering plans and design drawings are highly sensitive intellectual property that is most likely to fall prey to hackers who use them for personal gain.

In all these design-related industries, such design data have to be shared with manufacturers outside the firm. In this context, it is very critical to protect these sensitive data stored in digital format, both inside and outside the organization.

Cyber threats in the design and manufacturing industry

Intellectual property theft is considered the number one cyber threat facing the manufacturing industry. The operational technology (OT) network which was previously isolated, is now connected to the Information Technology (IT) network.

This introduces various security challenges such as support for old equipment, software updates, and patching. Moreover, cyber threats have evolved from targeting just computers, networks, and power grids to the manufacturing industry because of a lack of proper investment in security solutions.

The need for transferring data and information between the OT and IT networks as well as sharing information with select external partners, suppliers, or vendors have all resulted in taking proper measures for securing data.

In the manufacturing industry, attackers gain unauthorized access to sensitive information systems like product data management systems or to the data itself (CAD, CAM files).

Other threats include data manipulation where digital documents could be altered without stealing the data and using it for ransom purposes.

Attackers can also change part dimensions in the CAD files or manufacturing process parameters such as speed and temperature in CNC programs resulting in physical damages to manufacturing machines, poor product quality, and operator injury.  Poor security configurations can also lead to unintended leakage of proprietary information.

Malicious CAD files can be used for industrial espionage. Some hackers have found ways to steal IP and confidential information from infected computers.

They not only receive the design and product information contained in these files but also email communication stored in the PST files of such infected computers.

Poor security configurations are another reason for hackers to access the systems, proprietary design documents are exposed to the internet and lead to data leakage.

how threats can figure into the IT, OT and IP convergence

Image source: Securing Smart Factories: Threats to Manufacturing Environments in the Era of Industry 4.0

Protecting IP in the manufacturing digital process

Before even attempting to protect IP, it is imperative to understand what is the intellectual property or sensitive data that needs to be protected in the manufacturing process, how it is used, who has access to it, is it distributed and if so, to whom is it distributed. All of these help to determine how the IP needs to be protected and who should have access to it.

Cybersecurity involves two areas – one is preventing external attacks and the other is safeguarding from internal attacks. External attacks involve protecting from network intrusions and involve making use of technical safeguards. It is essential to store IP on a system that uses adaptive authentication with risk analysis, or two-factor authentication.

Internal protection generally involves creating solid policies and procedures for handling intellectual property and usage by employees, contractors, suppliers, and vendors. Well-written non-disclosure agreements, employment agreements, licenses, the sales contract can help in this area.

For both these areas to work together, functional roles, ownership, and access to IP have to be properly defined. A holistic in-depth defense approach for protecting IP is needed in the manufacturing industry.

Data Loss Prevention(DLP) and Enterprise Digital Rights Management(EDRM) – Which is best for protecting data in Digital Process?

With data breaches on the rise and many regulation compliances are in force, data protection in the manufacturing digital process assumes a high priority. While both DLP and EDRM are Data-Centric Security Solutions, there are basic differences between the two with EDRM having an edge over DLP.

ALSO READ: Six Reasons why Enterprise Digital Rights Management (EDRM) Matters  for Data-Centric Security

Data Loss Prevention (DLP) :

A Data Loss Prevention (DLP) tool ensures that sensitive or critical business information does not move out of the corporate network or to a user without proper access.

DLP uses classification to control the flow of unstructured data. It protects static data that is stored on desktop, or server, or cloud and that which is not accessed too often.

It also protects data that is frequently updated by multiple users within a network and also data that is transferred outside the network.

Traditional DLP solutions can only help to understand what data is leaving the organization and can decide whether it can leave or not. Moreover, it does not tell what happens to the data once it leaves the organization or is distributed.

Once the data is outside the system, nothing can prevent it from being distributed to another unauthorized user.

While DLP tools are very powerful and can classify, monitor, and block, the data may be transferred anywhere outside the system. DLP uses strong encryption technologies but an application-agnostic tool is required to decrypt.

Enterprise Digital Rights Management (EDRM):

Enterprise Digital Rights Management (EDRM) solution on the other hand protects the files and travels with the file wherever it is transported and data access is controlled even if it is no longer in the network.

EDRM encrypts the file and not just the storage and assumes that any environment is not safe. That is why EDRM is superior to DLP because in a collaboration environment it is not possible to control the environment of the partner.

ALSO READ: Why Enterprise Digital Rights Management (EDRM) has an edge over Data Loss Prevention (DLP)?

Moreover, one cannot assume that the partner or vendor, or supplier environment is safe. EDRM is not only about strong encryption but it also has two important features that make it a preferred solution for digital process data safety.

  1. Access control – Access control in EDRM has data usage or user privilege control inside the application. This is a powerful yet technically complex feature. This feature makes Microsoft EDRM more superior compared to other similar products in the market. Microsoft EDRM provides a good user experience while hiding the complexity.
  2. Usage control – Usage control in Microsoft EDRM makes the entire security process very robust. This ensures that only the authenticated user can access the file anytime, anywhere. Other than the authorized user, no one can access the data out of the secured environment that is the application itself.

HALOCAD and EDRM:

HALOCAD is the Microsoft Information Protection (MIP) for CAD. It extends the data protection provided by Microsoft Information Protection beyond the organization’s IT perimeter.

The protected files can only be opened and modified by authorized users and it protects sensitive CAD files throughout the design lifecycle. It applies all MIP sensitivity labels automatically and without user engagement.

To know more about how SECUDE can help in protecting your IP data in the digital process, email us at

Comments are closed.