CAD Manager-Protect Your Files30 Jun, 2006 By: Robert Green
Five security tools safeguard intellectual property
Your company pours thousands of hours of intellectual resources into designs that ultimately take final form as a CAD file. Given the money, effort and time that go into making a CAD file, it stands to reason that protecting them should be a high priority for your company. And because you're the CAD manager, it also stands to reason that finding workable ways to protect those CAD files will be your responsibility, right?
In this article
This month, I'll pass along information about software security tools that can help you control your files along with methods you can use to mitigate risks and preserve your ability to enforce intellectual property rights. In a digital world where the difference between security and intellectual property theft is a single file copy, you can't afford to ignore this responsibility.
Understanding the Risk
In the past, human intelligence that produced designs was captured in calculations documented on notepads and graph paper while the drawings that reflected that design went on paper. The paper drawings contained the minimum dimensional knowledge required to build an object but contained precious little detail about the design. In today's digital world, where machines, buildings, dams and land designs are modeled in software and are therefore captured digitally, losing a file is a lot more dangerous than losing a blueprint.
Software Tool 1: Your Network
The first software utility you should exploit to secure your design files is the network operating system that controls your in-house network. By diligently setting up your network permissions, you can prevent unauthorized access to important files by all but the trusted individuals working on the data. Although you may not think of your network as a software tool, you should because it's your primary line of defense.
Make sure you're secure by discussing with your IT department the following network considerations:
Set up secure logins, create proper permissions, keep passwords secure and don't overuse read-only type permissions. No surprises in this list, except that so many companies ignore these parameters! Remember that anyone who can view a CAD file can copy it to his or her personal hard drive, so don't trust simple read-only permissions to secure your data.
Secure any FTP/Internet sites you use to span wide areas. It amazes me how far companies will go to secure their networks, yet they let people maintain unsecured FTP drop boxes or download pages on Internet-accessible servers. If someone from your company can download a file without permission, so can someone from outside!
If only trusted people can find your CAD files, the chance for theft, and therefore the level of effort you spend to thwart it, drops dramatically.
Software Tool 2: Neutral Formats
Another way to protect the native value of your CAD models and drawings is simply to not share native versions of your files in the first place, right? If you never send anyone an AutoCAD DWG file, no one can recycle the information. The same goes for SolidWorks, Inventor, MicroStation and any other CAD format. So in cases where you're obliged to send the digital equivalent of a blueprint, use a neutral file format that has a free reader or viewer available. Here's a list of the prominent industry solutions along with some pros and cons for each.
Adobe PDF. Adobe PDF offers universal acceptance, easy printing and a free viewer, but you typically need the $299 Acrobat Pro version to create PDF files. The latest release of AutoCAD has 2D PDF print capability, but that won't help users with older versions of AutoCAD or those using non-Autodesk products.
Autodesk DWF. Autodesk DWF is Autodesk-centric, controls CAD entities using a CAD-like interface (think layers, plotting setups, views, etc.), is easy to print, has a free viewer available and produces files free of charge from any Autodesk application, yet the non-CAD world is largely unaware of DWF. If you upgrade to DWF Composer for $199, you also can create markup sets that correlate back to AutoCAD's sheet set functionality.
SolidWorks eDrawings. With basically the same advantages and drawbacks as DWF, eDrawings is tailored to the SolidWorks CAD environment. In later releases, eDrawings also embraced support for the DWG file format, which makes eDrawings a logical choice for mixed SolidWorks and AutoCAD environments.
Software Tool 3: PKZIP
We've all used PKZIP to compress CAD files into sets, but do you routinely use the password capabilities PKZIP brings to the table? By using password protection for any ZIP files you e-mail or place on FTP sites and then guarding the passwords, you'll get an extra layer of free security. And by using ZIP password encoding in combination with neutral formats such as PDF, you'll gain real security on the cheap.
Software Tool 4: Content Management Utilities
In the past few years, applications that secure data—CAD and neutral files alike—have become more available, if not popular. Although none of the applications I'm going to mention offers security for all file types, each one offers some insight into how digital file security might look in the near future. By looking at the Internet resources I've provided, you can access white papers, sample downloads and examine a variety of interesting resources about digital file security to gauge what's out there, how much it costs and how easy or complex it is to implement.
Adobe's LiveCycle Policy Server. If you use Adobe PDF files to transmit information, Policy Server is worth a look. By installing a Policy Server within your organization, you can set up policies to control how, or even if, a remote reader of a PDF file can see the file. All sorts of security policy gradations are possible, from a finite number of file opens to a time-based period of access to no access at all. Right now Policy Server is a slam dunk for non-CAD file security, but CAD file support has been lagging. Recently Adobe acquired NavisWare to beef up its support of Microsoft Office and Dassault CAD files in Policy Server, but the technology is still in the beta stage as of this writing. Whether direct support of Autodesk products is forthcoming is unknown at this time.
Pinion Software's Desktop Packager and Receiver. Along the same lines as Adobe's Policy Server, Desktop Packager and Receiver comes to your desktop at a lower price. Pinion's software provides protection for popular neutral formats such as PDF, DWF and eDrawings so that nobody who receives the files can access them without using the intelligent Receiver module to gain access to the protected content. Think of the Packager as Acrobat Pro and Receiver as Acrobat Reader and you'll have a pretty good picture of how it all works. An Enterprise Packager module runs in almost exactly the same manner as Adobe's Policy Server if you want to deploy Pinion's security solution throughout your CAD enterprise. See review in this issue for more details.
CADLock's CADVault. CADVault takes a different path than Adobe or Pinion in that it's an AutoCAD-specific application that encodes the actual DWG file you send and then uses an object-enabler module to allow decoding of the DWG by the recipient. Running under AutoCAD's command and control permits CADVault to secure portions of a drawing, say just certain layers, while enabling the user to add content to the drawing on layers that aren't protected. CADVault may be AutoCAD specific, but it offers a glimpse of what content management software could offer within the CAD interface.
Software Tool 5: Your Lawyer
OK, I admit that a lawyer isn't a software tool, but we've still got to cover this topic. No matter what you do to thwart electronic theft, you can't guarantee that everything will always go as planned. And no matter how much you trust the other parties working with your drawings, you don't know that they'll follow your procedures. The issue becomes whether you can enforce your intellectual property rights if and when an infraction occurs. To enforce your rights, you need to have contracts in place that allow you legal recourse in the event of a violation.
Although writing contracts for these sorts of scenarios typically isn't within the CAD manager's purview, you are the most knowledgeable resource in your company, so you'll need to be involved in helping your project management and legal teams write a solid contract. A good contractual agreement will include, at minimum, the following components:
Non-copy/disclose. The recipient will not copy or disclose the information you send him or her.
Password security. The recipient will keep all passwords secure and follow all procedures regarding access to your FTP or EDM systems.
Disposal of information. The recipient will shred any written information supplied and delete any digital information after transmitting it to you.
Copyrights. The recipient agrees not to reuse any portions of your digital work product in any future projects without your written consent.
Although the past year or so has brought some strides made in CAD file security, there's still no bulletproof solution that works for all software platforms or scenarios. Therefore, I encourage all CAD managers to investigate and implement digital security procedures using a broad spectrum of software tools, including old-school tools such as passwords, neutral formats, contracts and diligent follow-through.
Make no mistake—if you don't secure your CAD files, you're just asking to have your company's intellectual property stolen. So make sure your CAD file security plan is up to snuff and that your management team understands how critical this topic is before you have a problem.
Robert Green performs CAD programming and consulting throughout the United States and Canada. Reach him at firstname.lastname@example.org.