Back-to-Basics Boot Camp: Data Security13 Apr, 2022 By: Robert Green
CAD Manager's Column: While it might not be the most exciting task, making sure your data is safe and secure is of utmost importance. Find out how to lock down your data.
As we near the end of the Back-to-Basics Boot Camp series, we’ve discussed the importance of communication techniques, expectation management, standards, training, and getting organized to maintain a solid CAD management infrastructure. But perhaps we should back up a bit and talk about the often-unspoken core requirement we all must address — securing the data our users produce.
So, in this installment of the Back-to-Basics Boot Camp series we’ll focus on how to protect the valuable data that is produced in the CAD tools we all manage. Here goes.
Image source: AndreaDenti/stock.adobe.com.
Data Security is Crucial
You may be a programming whiz or a BIM lord, but what’s the point if the files you manage are lost, stolen, or revisions become muddled. Managing data may not be the most cutting edge or exciting task we must perform, but if we ignore it we will certainly experience data loss, leading to money and time loss. And, should that occur, what will your senior management team think?
The good news is that having a proactive data security structure requires only a straightforward auditing of your current situation, fixing of any deficiencies, and then repeating that process any time software or systems change. The key problems I continue to see are:
- Accidental deletion/overwrite,
- Localized file hoarding (to get around bandwidth restrictions),
- Cloud data risks, and
- Lack of accessible backups.
Now, we’ll expand these topics into a series of action items. Your task will be to consider any areas where your security controls are deficient so you can start taking corrective actions.
Stopping Accidental Deletion/Overwrite
The most common cause of file security problems I’ve experienced is accidental deletion and/or overwriting of files. If you do nothing else, you must take strong action against these problems by considering the following:
Stop C drive hoarding. The surest way to lose files is to let users store large caches of data on their C drives. When users copy/move files from network drives to their own drives, the chance for many users to lose a file or work on the same file and eventually overwrite files increases exponentially. If someone violates the “No C Drive” policy, put them on notice immediately!
Stop cloud hoarding. When users copy files to their own cloud data storage utility (think Dropbox or OneDrive) the chance of accidental deletion or overwrite is just as high as it is for the C drive case. Consider unauthorized cloud storage violations in the same way you would a C drive storage violation.
Standardize cloud applications to stop hoarding. If users genuinely need to have cloud synchronized data applications to work around bandwidth problems, then implement a corporate standard application. Rather than a private Dropbox account, use Box which has enterprise robustness and better administrative control. Rather than allowing individual OneDrive usage, move to an enterprise level plan that gives IT administrative control. The end goal is to have a standard solution that IT (and you) can control rather than letting users create their own solutions that may not be secure (which we’ll cover shortly).
Review network folder security. Most projects use a network directory structure to manage files and some of those directory folders contain project standards (think blocks, families, standard parts, sub-models, etc.) that should never be deleted or overwritten. The surest way to deal with these types of problems is to review your network security group structures so that only administrators like you can manage the files.
While accidental deletion/overwrite will never be 100% eliminated, it can be greatly minimized by ensuring the above procedures are in place. And by stopping accidental deletion, you won’t have to rely on your backups nearly as much (which we’ll cover shortly).
Address Cloud Data Risks
In most companies, network file/folder security (as reference above) is a well understood concept that IT departments can implement easily. But in the rapidly evolving world of cloud data storage, there is much work to be done to assure a company of proper file security. Before implementing any cloud-based file management system, consider the following issues carefully:
Make sure you can control the apps centrally. If your company will be using a cloud file storage system, you must be able to control permissions from a central administrative console. Allowing 50 users to maintain their own cloud accounts with no ability to backup or control access to those accounts will only lead to disaster.
Consider employee turnover. If an employee leaves, how do you know that company data hasn’t been stored in their cloud account? How will you be able to revoke the account just like you would a company cell phone or network account?
Consider phone/tablet loss. If an employee has a portable device stolen, can you quickly revoke access to any cloud data from that device? This is a tricky question as more users have work email or file access on personal devices, but it is a scenario that should be discussed with IT.
Consider synchronization as a cause of data loss. If a user syncs a cloud storage folder to a network location and then deletes a file in their cloud folder, will the file disappear from your network folder? In many cases, the answer to this scenario would be, “Yes,” if tools like OneDrive or Dropbox aren’t correctly controlled.
In summary, your company must think about and implement cloud applications with the same sense of security, loss control, and legal liability that you would with any other company resource. Just because a cloud utility is cheap or free, doesn’t mean you don’t need to think about how it can damage your data.
Create Solid Backups
The fact is that people make mistakes from time to time and you’ll need to restore information from backups. Here is my CAD manager’s backup protocol which presents minimum overhead for both IT and you:
Basic incremental backups. Conducted by your IT department automatically daily. The purpose of this basic backup is to track daily changes to project files and create a disaster recovery platform that can restore most work files should a major loss occur or server replacement be required.
Local cumulative backups. Conducted by the CAD manager via some sort of automated process, copied to a network accessible location on a daily basis. These backups create a copy of working project directories as of yesterday’s end of work that can be accessed without having to go back to IT’s incremental backups. I call this, “Help yourself backup,” because you won’t have to trudge through a long IT ticketing process to deal with a simple file overwrite scenario.
Archival backups. Conducted by the CAD manager at key project milestones like submittals or release to manufacturing. These backups should be good enough to go back through the history of any given project and restore all models, drawings, data, PDF’s, and other files that comprised the project at any given milestone. Whether you use a structured data management system or just a well indexed series of folders, there is no substitute for these archival file sets.
Keep your backups local. While your IT department may store backups off site or in a cloud account, your crucial backups must be local to your own desktop. When a user deletes a file and needs it back immediately, you don’t want to wait 4 hours for IT to hopefully find it in their backups. My recommendation is to get a large, high speed portable disc drive on your desktop (or attached to the network in the server room that you can remotely access) and create your personal backups there. Ask yourself, “Do I really want to wait three days to pull an archive set back down from a cloud server to restore it?”
Use IT backups as your backup. Think of backups as your responsibility unless disaster strikes. If a user deletes a key model or CAD file you should be able to find it quickly. If the building burns down (taking your portable drive with it), then IT will deal with the disaster recovery.
It really does pay to think about keeping your own backups so you can respond do data loss promptly, without waiting for IT intervention. Once you get the process automated you’ll never want to function without your own backups again.
As you navigate the daily technology barrage of new software and features never lose sight of the fact that the only thing CAD users really produce are data files and the security of those files is of paramount importance. I hope the strategies outlined will help you assess your risk profile and take appropriate corrective action if required. Until next time.