Not all Clouds Are the Same

The other day, while the dense, grey clouds were dumping enough snow in Boston to push the winter snowfall over the “100th inch” mark, I was relaxing on the beach in Miami looking at the fluffy, soft clouds scattered across the blue sky, and reflecting on one of the cruel realities of life, – not all the clouds are the same. This is especially true when it comes to the clouds you are using for your business and product development process.

cloudguy1Every day, cloud-based services are playing bigger and more important role in our personal and work lives.  Cloud offerings are becoming so much more than just renting and accessing hardware, owned by someone else, while you provide, install and manage the software. Today, ‘The Cloud’ is the whole, inclusive experience of using Software as a Service (SaaS), to enable your business and product development process.  The cloud experience requires that any software or applications used in the SaaS environment must be designed and developed with this in mind – developed for being deployed and used in the cloud environment.

Being safe in the cloud is a combination of many aspects of your overall cloud experience and includes infrastructure security, software architecture, user and access management capabilities, collaboration workflows, etc. All of these components must work in synch in order to give you a secure solution, and more importantly, peace of mind.

Different cloud providers deploy different security strategies. One of the leading security concepts relies on the fact that several independent mechanisms are put in place in order to mitigate any single risk. An unlikely failure to block the malevolent action will therefore not result in a threat but will be subsequently blocked by a different mechanism. This approach provides the ‘Security in Depth’ aspect of a cloud environment.

In order to be protected from Internet attacks, Cloud providers should deploy several security layers to ensure that only intended traffic and activities are actually let through and processed. All incoming Internet traffic is filtered by independent mechanisms ensuring reliability and lack of vulnerability cascading. Moreover, the internet-scale hosting environment should be resistant to Distributed Denial of Service attacks.cloudguy2

There also could be attempts to intercept your communication and steal your data while in transit. Encryption and secure communication channels between the cloud environment and the customer’s device should be used, to ensure the confidentiality and integrity of the transferred data.

These and many more security measure aligned with industry standards and best practices — such as ISO 2700x standards, NIST 800 series, OWASP methodologies, CobIT framework, etc. —  should be in place in order for your cloud to be secure and protected from the outside attacks.  There has been a lot of work in recent years to condense these security concerns and protocols into a global standard, but it is still work in progress.

But what about security that can only be achieved by specific architecture and capabilities of the application deployed on the cloud? Consider the following:

  • On your cloud, can other users see you?
  • When you store your data, where is it?
  • Can it be accessed by other users and companies?
  • What about “external” people on your team?
  • It is hard to imagine any product being developed today without collaboration between different teams – internal and often external such as your customers, suppliers, etc.
  • How safe is your cloud?

To truly counter threats of hacking, the security countermeasures must be at the heart of the application (application design and capabilities, and development processes) hosted on the cloud itself. For example, here at Dassault Systèmes the R&D Organization uses the Open Web Application Security Project standard (OWASP), MITRE CWE (Common Weakness Enumeration), etc. as a starting point of our extensive security efforts.

This all starts with your log-in. While your user name and password are critical, there is so much more that protects you. Users should be fully authenticated to be able to access the cloud, but also assigned specific product licenses and policies. Dassault Systèmes 3DEXPERIENCE® Platform capability gives you the power to decide and manage who has these licenses. There is a strong password policy and strong user policy for access control lists in order to protect the 3DEXPERIENCE cloud against brute force, privilege escalations, and session hijacking. The way you log-in to the platform matters.

What about your data on the cloud? Each customer accessing the 3DEXPERIENCE cloud works on an instance that is independent from the other cloud systems. Such an approach protects from cross-customer data access. This compartmentalization is also hardcoded at the application level. Besides that, you also control the access to your data by explicitly specifying which user has access to what data. Again there are multiple layers of protection behind this simple capability as access is restricted via access lists to only the exact combination of multiple parameters such as the user name, roles, organizations, and/or collaborative spaces, etc.

What about collaboration? As part of collaborative product development we often invite “external” people (customers, partners, suppliers, etc.) to join our product development efforts. While your own employees might/should have access to all of your IP and data, this is often not the case for external people, especially if there are concurrent projects going on with competing customers. The 3DEXPERIENCE cloud gives you the power to clearly flag external users thus applying yet another layer of access control to your cloud environment and data, and raising awareness among internal users about possible risks.

blog3-new.png

All of these mechanisms are implemented in the application business logic and the database to help ensure data integrity and strict confidentiality throughout your product development.

The 3DEXPERIENCE platform uses strong universal best practices for authentication, access control, encryption, injection detection and prevention, auditing and server hardening, as part of the effort to protect the confidentiality, integrity, and availability of data.

No – Not all the clouds are the same. We not only deploy the latest cloud security measures of our cloud infrastructure and protocols, but we also develop our own products with security and safety as one of the highest requirements. With peace of mind, 3DEXPERIENCE cloud-based applications are the right choice for product developers like you.

Read analyst firm, IDC’s, perspective on addressing the cloud security dilemma. http://www.solidworks.com/sw/products/3dexperience/idc-product-development-cloud-form.htm

Read more about how Dassault Systèmes provides security in the cloud: http://www.3ds.com/products-services/catia/resources/whitepaper-cloud-security/

You can aldo learn more about SOLIDWORKS 3DEXPERIENCE solutions on the SOLIDWORKS website: http://www.solidworks.com/sw/products/3dexperience/solidworks-3dexperience-overview.htm

 

Milos Zupanski

Milos Zupanski

Milos is a Senior Product Portfolio Manager at SolidWorks
Milos Zupanski

Latest posts by Milos Zupanski (see all)