How to Secure your Design IP in your PLM environment
Why go after expensive solutions when you can leverage your existing investment in Microsoft
When IP theft is rampant, why turn a blind eye?
The loss of data in any form is detrimental to an organization’s growth. However, the loss of IP in the form of CAD files perhaps is tantamount to ringing the death knell.
In the world of manufacturing and high-tech companies the most critical IP, such as details of either mature products or yet-to-be patented prototypes, is represented as constructional drawings typically stored as CAD files.
Research and product design departments, today, rely heavily on Computer Aided Design (CAD) software that handle not only component and product design, but the entire Product Lifecycle Management (PLM) from Concept to Design and from Prototype to Manufacture.
These applications store and transact vast amounts of design-critical IP. Manufacturing companies across all industries – high-tech, automotive, aerospace, heavy engineering and others, have long realized that the success of their business revolves around benchmarking and innovative design.
However, most designers and manufacturers are unaware of a hidden danger – that IP could leak due to uncontrolled user downloads. Thus, with digital transformation, solutions that monitor and block such critical IP leaks from CAD software and PLM applications become imperative.
Consider, for example, the case of Apple losing its IP. Global IT media were galore of the story of how factory workers pilfered and released yet-to-market iPhone designs into the Dark Web.
What makes the stories interesting is Apple’s approach. It worked on reducing the number of ‘security staff’ and was, instead, focusing on addressing the leakage of CAD drawings and schematics.
In as to why the design of such highly priced (and prized) phones is being leaked into the black market is anybody’s guess. It is interesting to note that over two years ago, an Apple executive had revealed that more leaks happen from inside Apple headquarters in Cupertino, California than from the supply chain (vendors)!
Or even Tesla. The well-known Tesla data theft story brings into fore a vital point – the real and present danger of malicious insiders.
A Digital Guardian article published a little over a year ago states Tesla CEO Elon Musk as having addressed employees stating that the malicious insider had created fake usernames to modify proprietary Manufacturing Operating System’s (MOS) source code.
Having done this successfully, he also exported Gigabyte sized files – highly sensitive photographs and videos – and shared them with unknown third parties.
The global aircraft manufacturer, Boeing, had successfully implemented an insider threat mitigation program.
In 2009, a former Boeing Co. engineer of Asian origin was sentenced to more than 15 years in prison for hoarding sensitive information about the US space shuttle program that he intended to share with his homeland. Since 2014, the organization has had in place a corporate-wide insider threat program.
While educational programs and landscape-level security are fine, it is prudent to ensure the protection of every fine-grained CAD file.
Existing CAD file security solutions
Design-intensive organizations leverage many types of security solutions to lessen, if not eradicate, loss of design data. This multiplicity of solutions is deemed necessary due to the diversity of sharing systems, file formats, devices and locations.
Listed here are key security solutions that are largely in use:
Security on the move
Securing email files. Most file sharing happens over emails. Thus, there are many encryption software that permits users to encrypt files when attached to emails.
This system is based on trust and a common system between the communicators (sender and receiver) to automate the processes of authentication and file decryption.
Controlling access to files shared on the network. Setting up access controls based on public directories in networks that are shared by different users and groups internally is considered the most common way to collaborate in a secure manner.
Access controls ensure the right access to the right set of users. However, this depends on the network share management efficacy that often depends on the efficiency of the users and group directory services.
Secure File Transfer Protocol (SFTP). SFTP depends on maintaining access control lists and password-based authentication paradigms to ensure secure access to authorized internal and external users to remotely access files.
Mobile Device Management (MDM). Dependent on client or profile services active on mobile devices, such as smartphones, notebooks and laptops, necessitates mobile security standards and container to be managed centrally.
While files can be secured in a container, the control only pertains to files held in the MDM container, but MDM systems have varying data wiping features.
Enterprise Content Management. Enterprise Content Management enables search, access and governance services to files disseminated within the enterprise’s file storage organization.
While most ECM applications are for internal use, some solutions, such as File Sync and Share (EFSS) encompass these services over cloud-based storage and remote access for both internal and external users.
Digital Rights Management (DRM). Digital Rights Management provides organizations the means to apply search, access, management, entitlement and other controls to files that are accessed, shared and used across the organization and outside.
This service can also be encompassed within ECM applications or as a separate service that complements file services and ECMs. DRM services can also be facilitated outside an organization, complementing EFSS.
File application invoked encryption. Applications from Microsoft, Adobe and others have file protection built into the services (application license). The user would have to invoke this feature and by leveraging a passcode from the application.
The code is shared with the recipient which will allow the recipient, within or outside the organization, using the like application, to open the file. However, this has a formidable risk factor – the passcode type, sharing, management and recovery.
A comprehensive suite?
Do the above set of security solutions complete the security paradigm of securing CAD files – even if traditional IT methods, such as firewalls, were included?
Indeed, there are many products that promise to secure CAD files shared in worldwide process chains – many using proprietary encryption.
It is often through the smallest and, often, seemingly unobvious gaps that the most vital data leak.
Typically, in product engineering and manufacturing companies, the greatest threat may not be outside, but internally. Or users outside the landscape, such as vendors or material providers, with access to data inside.
How does an organization protect its vital design drawings from being stolen and misused?
While the chief designer or the head of the engineering department may ponder of such questions, the CTO and the CFO would be pondering over a parallel issue.
If there were a product that assures lifecycle-long protection, what would the costs be? Would it incur a substantial procurement cost?
What if the answer to this question was ‘No’?
HALOCAD provides end-to-end protection of CAD files by seamlessly applying security templates on the CAD files at the moment of its creation. At the time of file creation, the user’s valid credentials will invoke labels that will be applied to the newly created CAD file. Protected files can only be opened and modified by authorized users and thus, protection continues to remain even when the file is accessed by multiple users. The user’s rights are governed by pre-established policies.
While this may seem like every other Digital Rights Management solution, the key difference – indeed the solution’s USP – is that it helps users to seamlessly leverage the organization’s investment in Microsoft Information Protection (MIP).
Extending your investments in Microsoft to protect your CAD files
HALOCAD enables CAD applications to use Microsoft Information Protection (MIP) directly. In doing so, HALOCAD enables encryption of CAD files including MIP label handling and privilege enforcement. CAD users will not notice any difference in the handling of CAD files as the application of MIP labels happens silently and automatically in the background. Thus, HALOCAD provides end-to-end protection of CAD files by seamlessly applying MIP templates on the CAD files during its creation.
At the time of file creation, the user’s valid credentials will invoke MIP labels from Azure, which can be applied to the newly created CAD file.
Protected files can only be opened and modified by authorized users and thus, protection continues to remain even when the file is accessed by multiple users. The user’s rights are governed by pre-established policies.
For more information on how you can protect CAD files, visit www.secude.com/halocad/
Comments are closed.