CAD Manager-Drawing Security1 May, 2005 By: Robert Green
Protect your data
It Sounds Simple Enough: Secure your CAD data so your company won't lose valuable intellectual property. In recent years, collaborative software platforms running on wide-area networks and the Internet have conspired to make CAD security devilishly complicated. The fact is our work products are becoming more digital and there's increasing pressure to share data. However, as data is exposed, we find ourselves one file copy away from losing control. How do we deal with these vexing problems? This month I'll pass along some useful ideas for protecting your data and working with your management to devise a comprehensive security strategy without breaking your budget.
Understand the RiskBefore CAD, the design process consisted of thought being captured on paper. These paper drawings contained the minimum information required to permit construction or fabrication of the design. Drawings were then released as print sets. The print sets we transmitted facilitated construction, yet divulged precious little about design decisions.
Three steps to drawing Security
In today's digital domain, however, software is becoming much better at capturing the thought that goes into designs. We now have software that performs kinematics constraint modeling, tolerancing analysis, computations, visualization and more. The amount of information captured in digital design files is a treasure chest of analytical information that makes yesterday's prints seem primitive by comparison.
Though we've always faced the security risk of a paper drawing falling into a competitor's hands, the risk associated with losing a complete digital design database is chilling. If your management doesn't understand how much more information is at risk in electronic design environments, it's in need of a serious wake-up call, and you must deliver it.
Steps to SecurityDespite the infinite number of scenarios your company could confront in terms of software, networks and collaborative partners, I've found that securing CAD data can always be described in a simple three-step process. Use these as guiding principles to secure your data, and you'll make good decisions.
Step 1. Secure What You HaveNetwork. The first step to protecting your design data is starting safe network practices to make sure that only trusted staff members can access it in the first place. If you haven't already done so, ensure that all design files are in directories that can be viewed only by those who actually need to access the files. I've seen many firms place CAD files on public drives that are viewable by everyone, although only project team members can edit the files. Remember that any time a file is viewable, the file can be copied, e-mailed and otherwise compromised.
FTP. If you use FTP (file transfer protocol) servers to share files with outside customers, consultants and suppliers, make sure that you use the same network controls for any shared folders. Too often I see companies with good control over their central network allow their FTP servers to become a big jumbled mess of uncontrolled files. Also be sure to implement careful password control for anyone who uses your FTP site (don't allow anonymous logins) and require that users change their passwords regularly. FTP sites are a great low-cost way to move files back and forth as long as they are controlled.
EDM. If you use an EDM (electronic document management) system, examine it carefully to make sure users can't copy files out of the system. Most of the EDM systems I've worked with have some sort of back door to copy files out of the system and, shockingly, these back doors seem to be open by default. Just because you're using an EDM system, you can't assume that the system is secure. Take some time to audit your EDM software to be sure it doesn't harbor any unknown security breaches.
The reason I fixate on stopping unauthorized viewing of files from network and EDM/FTP servers is precisely because files can be illegally copied so easily. Unauthorized copying can, at best, result in parallel copies or loss of revision control. At worst, unauthorized copying permits outright theft of information. Users may whine about strict password controls or tighter restrictions, but you must stand your ground to protect company data. If all else fails, get your network support people involved and make sure that management understands how crucial it is to have a secure network environment. Make no mistake—if you allow people inside the company to make unauthorized copies, you'll never gain control.
Step 2. Limit What You ShareNow that you've tightened the screws on your network security, you must take steps to limit the amount of data that leaves your company when you transmit files to customers, vendors and suppliers. Find a way to provide customers and vendors with the data they need without giving away substantial amounts of intellectual property. One way to deal with this issue is to hop on the industry bandwagon of drawing publishing via use of an intermediate data format such as Autodesk's DWF, Adobe's PDF and SolidWorks' eDrawings. These formats convey the digital equivalent of a blueline drawing while removing the real design data. Each format has strengths and weaknesses. For more information, see this month's feature article, "Essential Guide to 2D CAD Publishing."
Adobe PDF is almost universally recognized, and just about everyone has the free viewer. PDF is one of the most common file types, but has no more flexibility than a printed sheet. What you see is what you get with basic Acrobat ($299), and nothing more unless you upgrade to the Professional version that, at $495, may pose a substantial cost barrier. For details on the latest version of Adobe Acrobat 7 Professional, see Cadalyst's review in the March 2005 issue or online at http://management.cadalyst.com/0305acrobat/. This new version offers many more tools for designers. www.adobe.com
Autodesk DWF. This Autodesk-centric format is ubiquitous across Autodesk's product offerings and is key in Autodesk's strategy to give users secure publishing capability. DWF lets users toggle layers on and off, zoom and pan. It's also intelligent enough to comprehend AutoCAD features such as sheet sets, fonts and the like. DWF is much more functional for encoding AutoCAD files at a lower price point than PDF—the full-featured DWF Composer module costs $199. The only negative associated with DWF that it's not well known in the non-engineering world and government agencies. www.autodesk.com
SolidWorks eDrawing is similar to Autodesk's DWF but tailored to the SolidWorks CAD environment. In later releases, eDrawings also supports the DWG file format, which makes eDrawings a logical choice for mixed SolidWorks and AutoCAD environments. www.solidworks.com
All of these formats convey the visual information your customers and suppliers need, but don't divulge the complex data that facilitated the design. The publishing utility you choose depends on the software you use and on the willingness of your customers and vendors to collaborate. Unless you have a compelling reason to do otherwise, I highly recommend using one of these neutral publishing formats to limit your information liability. Do not send your full CAD data set unless it's absolutely necessary.
When transmitting information you can gain an additional layer of security by using ZIP files. I'd wager that 99% of you have created ZIP files, but are you aware that password security can be encoded into ZIPs? By encoding drawing submittals into a password-protected ZIP, you know that the recipient of your files (via e-mail or FTP site) must follow password protocols.
Step 3. Legal ContractsThough contractual agreements with your customers and suppliers can't stop someone from illegally copying a file, they can give your company legal recourse to punish anyone who does so. Good legal and contractual support signals everyone that you're serious about protecting your intellectual property. Consider how you'll exchange information during a project and convey that information to project management and legal team to confirm that contractual protection is in place.
A good contract requires the signer to agree to, at a minimum, the following components:
Nondisclosure. The recipient will not copy or disclose the information you send them.
Password security. The recipient will keep all passwords secure and follow all procedures regarding access to your FTP and EDM systems.
Disposal. The recipient will discard all digital information when it's no longer needed.
Copyrights. The recipient will not reuse any portions of your digital work product in any future projects without your express written consent.
You'll need to fill in the appropriate file types, password procedures, FTP/EDM parameters and the like to make sure the contract is specific enough to have teeth. If in doubt, hire a lawyer to help you refine your contract language. You don't need to become a lawyer, but you do need to pay attention to the details.
No Magic BulletThere's no one way to protect your CAD information from digital plunder. However, companies who follow these basic steps reduce their risks substantially. CAD files, like accounting data, must be viewed as highly valued assets that must be protected. If you don't have security in place to protect your CAD data, talk to management now about implementing something before it's too late.
Robert Green performs CAD programming and consulting throughout the United States and Canada. Reach him at email@example.com
In her easy-to-follow, friendly style, long-time Cadalyst contributing editor and Autodesk Technical Evangelist Lynn Allen guides you through a new feature or time-saving trick in every episode of her popular AutoCAD video tips. Subscribe to the free Cadalyst Video Picks newsletter and we'll notify you every time a new video tip is published. All exclusively from Cadalyst!