Matt, in my view, the biggest security threat is people and not systems. Your blog reminded me our previous debates about the same topic last year – http://beyondplm.com/2012/08/23/thoughts-about-plm-cloud-security-and-iphone-5/. That’s why I think, legislation proposed in the video worth discussing. Best, oleg

This was my concern when ISO9000 came along years ago. Documenting how we manufactured things of course never allowed offshore use of our methods. It is much easier to buy the cloud for some large sovereign companies. So why worry about hacking?

GREAT post Matt. These are my concerns too. I’ve been ranting about them for years. I agree with you 100%; nothing of value should be stored in the The Cloud currently.

So I’ll bring this up yet again…INSURANCE for Cloud data storage;MANDATORY. Cloud data storage providers must be BONDED & INSURED. Anyone?

Cheers, Devon Sowell

Ever heard of Samuel Slater? There were laws prohibiting the export of production machinery design from England during the industrial revolution. Slater memorised the design of the cotton mill machinery that he worked on during his apprenticeship in England, then went to the New World, reconstructed the designs, and handed England’s cotton-industry advantage to the US. He’s referred to as “Slater the traitor” in the UK and termed “the father of the US industrial revolution”. Perspective, eh? You design products for commercialisation, which lets your own cats out of the bag. As soon as they’re available, they can be reverse engineered and your data is relying on copyright, trademark and patent protection. They’re no protection against theft at all, they just specify what the penalty will be. Design data is valuable for a finite period, and, while security over open-ended timescales can’t be guaranteed, it’s practical within limits.

Sorry Oleg, you are entirely wrong on your position. People write these things they design these things and people can and do hack these things. There is no safety online with anything and you can’t bring a single example forth to prove ironclad security can be done. ALL the companies where CAD is concerned put crawfish legal disclaimers of any responsibility for bad results from the use of the cloud and their stuff. All of them. The very same ones who want to sell us this junk I might add. There is so much actual evidence against this cloud model that I am amazed it is even still being pursued by any company that claims to have it’s users interests in mind.

So Oleg these companies that you have dealings with that want us to use the cloud. How many of them come with a guarantee that would cover all potential damages to any user who uses this model? Is there perhaps a reason why there is no guarantee?

First read this completely. http://usa.autodesk.com/adsk/servlet/item?siteID=123112&id=17784802

Then read this.
http://www.cadalyst.com/cad/product-design/autodesk-and-cloud-part-2-fusion-360-will-deliver-professional-level-cad-cloud-15

“You have a right to be concerned about security of your intellectual property on the cloud,” she said. Data security should always be your first priority, whether it’s stored on the cloud or in your own systems. “You need a prenup with your cloud vendor,” she advised. If the company goes out of business or if you move off the platform in the future, what happens?

(Ha ha ha, prenup, riiiight, I’m believeing that will happen!)

“I believe with the right best practices and the right conversations with your vendor, you can actually be safer in the cloud,” Payton concluded. “Pick your partners wisely. Everyone is penetrable. The key is figuring out what guidelines to follow when your digital assets are gone, and figuring out how to handle the incident and how to let your customers know.

“You cannot protect that which you do not have in your line of sight. And that is what makes you nervous about the cloud. But, in some regards, you’d be better off going to the cloud because you can hold that provider contractually liable and ensure that your data is secure.”

So there is the cloud business model in a nutshell from one of the largest CAD companies in the world. Go there at your own risk we won’t stand behind anything.

Our hired expert will fill you in on our method to protect yourself. Sue the cloud farm vendor if they lose your stuff and since you can sue them they will keep it safe!! Except the cloud farm vendor makes you sign the same junk in their TOS that we do so we know this was a stupid idea but we had to have something to say and this was the best we could come up with.

You can’t store water in a sieve and you can’t store data securely in an electronic cloud sieve either.

@Devon Sowell
Legislating insurance would kill the cloud idea faster than anything. I can’t believe cloud providers could then make contracts lawyers couldn’t find a way through to penalize providers for data breaches.
Also, I’ve said it many times: ITAR. I’ve told my VAR and spelled it out in the surveys that when any part of Solidworks is cloud mandatory, we’re gone. Period. Not going to face fines or worse, such as being barred from government contracts.

Oleg, people write this cloud stuff, people create this cloud stuff and they also hack and whack it so what is your point? The cloud = fail and people are involved from creation to theft.
http://www.zdnet.com/almost-all-us-networks-can-be-hacked-intelligence-committee-7000011101/

The cloud is not safe period and any company that creates policies that demand their customers operate on a cloud is duplicitous when they say they value their customers. There is no grey area here where one could be ambivalent about the clouds benefits.

I guess we should ask Dassault if they are willing to put the SW and Catia source code on the cloud. Lead by example, if it’s the best thing are they willing to put their most sensitive product information there?

How many of us use Dropbox to share files with clients, manufacturers, RP vendors?

How many send files by email?

How many of us have spend $500,000 on a firewall to protect our files?

Cloud may be in it’s infancy, but It is sure to grow. Probably driven by consumer markets for a while longer and privacy concerns will ensure investment and development of security measures. Eventually this will be THE way things are done. May take a decade or more for that to really happen.

However while things develop, how secure are we now really?

I share files via Dropbox, but then delete them. I keep the back up offline. Can’t that be done with cloud storage anyway?

Let’s not confuse SaaS with Cloud storage btw, as the tow albeit related are quite different.

Overall I agree with Oleg, but I dont to think people are the route cause of the problem; but poorly designed, implemented and managed systems that the people have to work within are.

Maybe we should ask Dassault if they are willing to use the cloud for their products. Put the source code for SW and Catia on the cloud and see how secure it is. If the cloud is so good they need to lead by example.

*Edit* Sorry for the double post, my first comment didn’t seem to post.

http://www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html

Let me add to that. Autodesk and Dassault do not put their software source code on the cloud. Now why would that be I wonder? OK Autodesk or Dassault prove me wrong and provide an independent audit of where your source code resides. Holding my breath waiting for just a tiny bit of honesty from these clowns. So your stuff is too valuable to be risked but your customers is not eh?

Please look at the swinging watch, relax feel yourself going to sleep.

The cloud will save you money, work better and be more secure than in house systems and you can fire your IT staff. Join us in that happy place.

In case readers missed it in the article…

‘In 2008, a security team found that QinetiQ’s internal corporate network could be accessed from a Waltham, Massachusetts, parking lot using an unsecured Wi-Fi connection.’

So there you have it, spies could be operating in Waltham Mass. and vital defence technology/info could simply be downloaded freely from a carpark outside. Reading about the scope of the hacking into what ought to have been very secure networks its plain then if someone really wants your Catia lite data they will get it. It can probably be accessed from the other end of the same carpark using an Ipad with a hacked version of the n!Fuse code…which would be the only practical use found for it. Probably DS servers are already infested with anonymous little bots

@Neil
Like it or not we have been banking (like your checking account) on the Cloud for years now. Difference being that DS, etc. envision a Facebook type Cloud which can be implemented with MS client/server software. Data on a class A mainframe is more secure than data on your own client server. But the class A mainframe is about 2-5x the cost of the client server. Probably will only be available with Catia Plus++.

Nothing is perfect. Even with the best of intentions there will be lapses. Its likely that even the most secure systems can be breached if you try hard enough but of course we aren’t likely to hear about it in the cases where they were successful. Probably there is a more concerted and systematic effort in hacking into a defense contractor to look at info than there is to look over who has a mortgage with a bank or steal 10,000 email addresses and brag about it. Maybe there is team of 100 people trolling for something as valuable as this stuff vs some lone random aspergers genius hunting for ufo pictures. Also remote pc hacking may be the latest method but it isn’t the only way to carry out industrial espionage. There have been a number of spies infamously abscond/defect with papers and ye old microfilm through the years. Bradley Manning probably worked at a ‘Class A’ facility. What ever assurances might be given I think its just as likely DS will be compromised as anyone else. If DS are like Autodesk in the fine print they will offer no responsibility for your data at all and that’s not without reason because they know full well they can’t guarantee it and they definitely don’t want to be liable for it. Reading this story ought to remind apathetic CADsters that it could happen to them. It could be a state secret they are after or it could be next Christmas’s stuffed toy design for Mattel. The accidental/unintended sharing of the knowledge is potentially damaging to someone in some regard, somewhere.

Here is what all these people quoting banking as an example either don’t understand or deliberately ignore. At the end of the day just like your local teller all the numbers have to add up. If they don’t the search is on and in the case of fraud the victim is made whole. With IP you won’t know until your stuff shows up somewhere else if indeed you can ever catch it. With theft from your account this happens and you are restored. With IP the knock off products are built for years and someone else profits time and time again and you are never made whole for all the losses.

So if this cloud is so darned good why don’t Dassault and Autodesk “bank” on it and store their source code there? They know they can never be made whole for losses that can and do occur due to exposure to the web which can’t be made absolutely secure. You guys talking about banks just drink the koolaid and I will watch. IP is not as easy to track as dollars and cents and it is a totally specious argument to pretend they are both the same.

I am getting to the point where when someone trots out the tired banking line I either figure really naïve or they work somehow for something that will make money off of cloud use. Most intend to profit is what I figure.

And Adobe is now all-cloud—at least for their licensing:
http://market-ticker.org/akcs-www?post=220495

Hey, let’s get trendy with our CAD applications!

Yup its panning out as I anticipated. The cloud has become a wrought for software companies. This model should have been unmercifully crushed by the readers of this blog for the wellbeing of all software customers when DS first came out with it. Now it has spread to other large players who see the lack of resistance and also have mature products and markets. Shortly it will become necessary for everyone else to join in or go under regardless of the rights of it. This has shades of manufacturers taking their business to China. A great idea to exploit cheap labour and maximise profits that looped around and killed the US economy and is pulling everyone down with it. The cloud is the largest IT fraud/con ever put over users in vendors business self interest all wrapped up as the next big thing in technology that is so important that is said to be all but obligatory/compulsory to join in. Complete bollocks. This far surpasses the con put about that you dont own your software. This is all about vendors positioning to turn their customers previously unrecognised dependance into a guaranteed revenue stream. IT slavery is here and so indirectly is data mining/seizure. You can no longer be in control of your own affairs. You will be issued a smart phone or tablet at birth, a debit card, given a reference number, and your whole life will be tracked and trended, and the banks will run all aspects of the global economy. Living will be reduced to a preconceived set of social experiences. Industry experiences, nursing experiences or whatever-worker-category-you-fit-into experiences, actually zombie experiences. The largest longest pay-as-you-go packaged holiday you could go on. I think we should march on Waltham and then on to the White House. The 4th of July seems like a popular date to assert liberty at the moment…sharpen your pencils!

Well Neil it can still be stopped. All it takes is for enough people to stop buying programs or renewing programs that insist on the cloud. If enough fools drink the Kool-Aid then trouble will happen. In the mean time in the cad world one of the better reasons to consider Solid Edge is that they have no plans to go to a cloud only model. Insofar as the rest of the companies offering extortion via the cloud the only way to fix them is to starve them. Die cloud Die!