Proactive File Security21 May, 2019 By: Robert Green
While file security might not be the most exciting part of your job, it is one of the most important.
In the last installment of the CAD Manager's Newsletter we talked about the concept of proactive CAD management with the root concept of preventing problems rather than repeatedly fixing them. One of the concepts mentioned was the idea of tightly managing file security.
Image source DariaRen/istockphoto.com
In this edition of the CAD Manager's Newsletter I'll share my best practices for file security to use as a guide for planning your own systems. Here goes.
File Security is Job One
Let's face it, you can do all the whiz-bang programming and BIM wizardry in the world, but if you lose your files, what's the point? File security may not be the most cutting-edge task you manage, but you ignore it at your peril.
The good news is that having a proactive file security policy is simply a matter of auditing your current situation, fixing any deficiencies, then repeating that process any time software or systems change. The key problems I continue to see are:
- Accidental deletion/overwrite
- Cloud data risks
- Lack of accessible backups
Let's expand these topics into a series of action items. Your task will be to consider any areas where your security controls are deficient so you can start taking corrective actions.
Stop Accidental Deletion/Overwrite
The most common cause of file security problems I've experienced is accidental deletion and/or overwriting of files. If you do nothing else, take strong action against these problems by considering the following:
Stop C drive hoarding. The surest way to lose files is to let users store large caches of data on their C drives. When users copy/move files from network drives to their own drives, the chance for many users to work on the same file and eventually overwrite files goes up exponentially. If someone violates the "no C drive" policy, put them on notice immediately!
Stop cloud hoarding. When users copy files to their own cloud data storage utility (think Dropbox or OneDrive) the chance of accidental deletion or overwrite is just as high as it is for the C drive case. Consider unauthorized cloud storage violations in the same way you would a C drive storage violation.
Review network folder security. Most projects use a directory structure to manage files and some of those directory folders contain project standards (consider blocks, families, standard parts, sub-models, and the like) that should never be deleted or overwritten. The surest way to deal with these types of problems is to review your network security group structures so that only administrators such as you can manage the files.
While accidental deletion/overwrite will never be 100% eliminated, it can be greatly minimized by ensuring the above procedures are in place. By stopping accidental deletion, you won't have to rely on your backups (which we'll cover shortly) as often.
Address Cloud Data Risks
In most companies, network file/folder security (as reference above) is a well understood concept that IT departments can implement easily. But in the rapidly evolving world of cloud data storage, there is much work to be done to assure a company of proper file security. Before implementing any cloud-based file management systems consider the following issues carefully:
Make sure you can centrally control the apps. If your company will use a cloud file storage system, you must be able to control permissions from a central administrative console. Allowing 50 users to maintain their own cloud accounts with no ability to backup or control access to those accounts will only lead to disaster.
Consider employee turnover. If an employee leaves, how do you know that company data hasn't been stored to their cloud account? How will you be able to revoke the account as you would a company cell phone or network account?
Consider synchronization as a cause of data loss. If a user syncs a cloud storage folder to a network location then deletes a file in their cloud folder, will the file disappear from your network folder? In many cases, the answer to this scenario would be "yes," if you don't properly control tools such as OneDrive or Dropbox.
It's important to consider cloud applications with the same sense of security, loss control, and legal liability that you would with any other company resource. Just because a cloud utility is cheap or free doesn't mean you don't need to think about how it can damage your data.
Create Solid Backups
The brutal fact is people make mistakes from time to time and you'll need to restore information from backups. Here is my CAD manager's backup protocol which presents minimum backup requirements:
Basic incremental backups. Conducted by your IT department automatically daily. The purpose of this basic backup is to track daily changes to project files and create a disaster recovery platform that can restore most work files should a major loss occur.
Local cumulative backups. Conducted by the CAD manager via some sort of automated process copied to a network accessible location on a daily basis. These backups are designed to create a copy of working project directories as of yesterday's end of work that can be accessed without having to go back to IT's incremental backups.
Archival backups. Conducted by the CAD manager at key project milestones, such as submittals or release to manufacturing. These backups should be good enough to go back through the history of any given project and restore all models, drawings, data, PDFs, and other files that comprised the project at any given milestone.
Keep your backups local. While your IT department may store backups off site or in a cloud account, your backups must be local to your own desktop. When a user deletes a file and needs it back immediately, you don't want to wait four hours for IT to hopefully find it in their backups. My recommendation is to get a large, high-speed portable disc drive on your desktop and create your personal backups there. Ask yourself, "Do I really want to wait three days to pull an archive set back down from a cloud server to restore it?"
Use IT backups as your backup. Think of being backed up as your responsibility unless disaster strikes. If a user deletes a key model or CAD file, you should be able to find it quickly. If the building burns down (taking your portable drive with it), then IT will deal with the disaster recovery.
It really does pay to think about keeping your own backups so you can respond do data loss promptly, without waiting for IT intervention. Once you automate the process, you'll never want to function without your own backups again.
As you navigate the daily technology barrage of new software and features, never lose sight of the fact that the only thing they produce are files and the security of those files is of paramount importance. I hope the strategies outlined will help you assess your risk profile and take corrective action if required.
Until next time.