paul w. downing prostep inc. session dem...
TRANSCRIPT
Securely Exchange CATIA Data Outside Your
Enterprise
Paul W. DowningPROSTEP Inc.
Session DEM 5101
How to Securely Exchange CATIA Data Outside Your Enterprise
• Take Away Topics
» How your organization is leaking information.
» Why information leakage is so hard to control.
» Which free or paid options are available to help
mitigate this problem.
Is IP Protectionyour concern? Should it be?
Is IP Theft reallya problem?
Not Just “basement hackers”
Others … HIPAA
ITAR / Export Control Increased Fines
ITAR Violation Settled Between 2010 and 2016
Company Name Number of Violations Final Amount Paid Year
Marc Turi and Turi Defense Group, Inc. 2 $200,000 2016
Microwave Engineering Corporation 1 $100,000 2016
Intersil Corporation 339 $10,000,000 2014
Esterline Technologies Corporation 282 $20,000,000 2014
Meggitt-USA, Inc. 67 $25,000,000 2013
Aeroflex, Inc. 158 $8,000,000 2013
Raytheon Company 125 $8,000,000 2013
United Technologies Corporation 576 $55,000,000 2012
Alpine Aerospace 9 $50,000 2012
BAE Systems plc 2591 $79,000,000 2011
Xe Services LLC 288 $42,000,000 2010
AAR International, Inc. 13 $0 2010
Interturbine Aviation Logistics GmbH 7 $1,000,000 2010
Total 4458 $248,350,000.00
Average fine per violation $55,708.84
source: http://pmddtc.state.gov/compliance/poa.html
It’s OK you only send data securely!
Right ?
Audience Survey
Typical Concerns
Data Exchange vs. IP Protection
How old are your protocols?• Simple Mail Transfer Protocol (SMTP) is an Internet
standard for electronic mail (e-mail) transmission across
Internet Protocol (IP) networks. SMTP was first defined by
RFC 821 in 1982 and grew out of standards developed
during the 1970s.
• File Transfer Protocol (FTP) is a standard network
protocol used to transfer files from one host to another
host over a TCP-based network, such as the Internet.
FTP is built on a client-server architecture and uses
separate control and data connections between the client
and the server typically with clear text authentication and
published as RFC 114 in 1971.Paraphrased from <http://en.wikipedia.org/wiki/FTP>
Why do we keep doing it?
CONVENIENCE!
“increasing
convenience almost
always reduces
security”
…. but does it really have to be that way?
Convenient and Secure?
• Secure exchange needs to start as close possible
to the end users daily working environment
» Desktop Integration
» Email Integration
» PLM Integration
» Purchasing / Bid Systems
• If users have to leave their default working
environment to send secure information, they are
less likely to use the approved solution.
Ease of Deployment vs. Adoption
BASE MODUL
OPTIONS
OS Integration
Windows "Send to"
Web Browser
PDM / CAD Integrations
Mobile Apps
Automated Services
Email Integration
Alternate Formats (3DPDF, JT,….)
Standalone “Simple” Portal SolutionSupplier / ConsumerOEM / Sponsor
Standalone Portal Solutions
� Quick / Easy to Deploy
� Simple Administration
� Affordable (sometimes free)
� Good Basic Security (outside of email)
� Often Hosted outside of company *
Not Integrated (“Swivel Chair” Solution) –
Less Convenient (must be logged in and online) –
Can be hard to customize (if at all) –
*Monthly Fees for users / volume add up quickly –
Standalone Portal Solutions
� Quick / Easy to Deploy
� Simple Administration
� Affordable (sometimes free)
� Good Basic Security (outside of email)
� Often Hosted outside of company *
Not Integrated (“Swivel Chair” Solution) –
Less Convenient (must be logged in and online) –
Can be hard to customize (if at all) –
*Monthly Fees for users / volume add up quickly –
“Advanced” Portal Concepts� Automated Processes
� Upload and download with Agent,
installed at the user's desktop
Agent
Location 2
Database FileVault
Server
CADConverter
GatewayKeyStore
Server Location
� Main OEM Server Location
� Authentication
� Encrypted data storage
� PKI-Management
� User right definitions
� Processing control
� Logging
� E-Mail notification
� Data routing
� Data conversion, …
Gateway
Location 3
� Batch Mode
� Data are temporary stored quickly
in local network drive
� Transfer of data to run completely
in a batch mode Gateway
FileVault
CADConverter
Location 4� Advanced Functionality
� Encryption
� Local File Vaults
� Local conversion of data
WAN /Internet
� Manual Processes
� User sign on over WEB-Browser and up- or
download data manually, interactively
Location 1
WAN /Internet
Robot
Partner
Internet
� System to System
� Automated / Integrated
� Remote Data Vaults
� Supplier signs in over WEB-Browser
� Data is uploaded from a data vault
close to the end user
Supplier
Internet
Advanced Portal Solutions
�Deeply integrated into systems and processes
� Fully automated and work behind the scenes
� Installed in the enterprise or the cloud
� Centralized or Distributed
�Designed for customization
Upfront Infrastructure Costs –
Upfront Planning Requirement –
Administrative Overhead –
Advanced Portal Solutions
�Deeply integrated into systems and processes
� Fully automated and work behind the scenes
� Installed in the enterprise or the cloud
� Centralized or Distributed
�Designed for customization
Upfront Infrastructure Costs –
Upfront Planning Requirement –
Administrative Overhead –
Demo: Email Secure DX• Email (Outlook) Secure DX Integration Demo (1 min.)
» Internal User Initiates an email in Outlook and attached a large file
» Data is sent via Secure DX Server (not the exchange server)
» External user is sent a link to a download portal.
» External user downloads file via web portal
Email Integration
• BENEFITS OF EMAIL BASED SECURE DX
» END USER DOES NOT CHANGE ANY PRACTICES
» ZERO TRAINING REQUIRED
» POLICIES ARE 100% ENFORCED
» Audit Logs are kept separate from Clients and Mail Servers
» Data is always encrypted before transport outside of enterprise
» No data Load on Mail Server
Demo: Desktop Integration• Windows Desktop DX Integration Demo (1 min.)
» User registers accessible workspace in Windows Explorer
» Drag and Drop or Copy / Paste files into workspace folder
» Files are securely sent to workspace
» New Files Are Received as well
OS Integration
• BENEFITS of DESKTOP INTEGRATION
» Works like a network shared drive
» Data is always encrypted before transport
» Securely share files with a team without an external client
Demo: Windows “Send-To”• Windows “Send-To” Demo (30 seconds)
» User Right Clicks on a File
» “Send-To” Secure Portal User
• BENEFITS of “Send-To” INTEGRATION
» Familiar process for many users
» Data is always encrypted before transport
» No Extra Apps to Log into (No “Swivel Chair”)
Windows "Send to"
Scaling up Complexity with back end systems integration and automation
• Dealing with Engineering Data (of course) plus
» ERP Data
» MRP Data
» Bids
» Financials
» More
• Centralized Reporting on all confidential
Information
Integrated Solutions
Requirements
ERP
PLM
Other
………...
Purchasing
Demo: Sending from Enovia• Sending from Enovia Demo (1.5 min.)
» User Selects Files to Send from Enovia Client
» Selected is passed to back end server for export and checking
» User Selects recipient
» User approves transfer
• BENEFITS of Sending from Enovia
» Familiar process for engineers
» Work is done on the export server not the client
» No Extra Apps to Log into (No “Swivel Chair”)
PDM / CAD Integrations
Demo: Neutral and Lightweight files• Creating a 3DPDF from Enovia Demo (1.5 min.)
» User Selects assembly from Enovia Client
» Selected is passed to back end server for conversion
» 3DPDF files is checked back into Enovia
• BENEFITS of integration into Enovia
» Familiar process for engineers
» Work is done on the export server not the client
» Can be part of existing workflow and release process
Alternate Formats (3DPDF, JT,….)
CASE STUDY: Nordam
CASE STUDY: Nordam
CASE STUDY: Nordam
CASE STUDY: Nordam
CASE STUDY: Nordam
CASE STUDY: Nordam
CASE STUDY: Nordam
CASE STUDY: Nordam
CASE STUDY: Nordam
CASE STUDY: Nordam
DX Requirements
36
Integration
Back-end system
integration
Communication
Status notifications
for high transparency
Data transfer
High volume, robust,
high performance
Security
Adjustable security
levels
Automation
Robots and Gateways
for transfer
automation
Flexibility
Versatile user
interfaces & flexible
software
Documentation
Documentation for
users &
administrators
Processing
Process engine for
data processing
Reports
Research, KPI‘s,
automated reports
Scalability
Flexible software &
license model
• DRM Protected Documents» Limit Access to named users
» Revoke Rights in the field» Force Updates to Latest
Document Versions
» Authentic via PKI, AD, LDAP,RSA, Others
• Limit Document Features» Read Only» Save
» Copy» Measure
» Cross Sections» Etc
• Traceability Logs by Document
DRM Requirements
Final Advice From the Field• Start Today
• Use Free Trials to get a feeling for what does and does not work for your enterprise
• Look for a mix of Hosted or Self Installed Options
• Look for technology that integrates not only front end applications (Outlook, Desktop, Mobile) but back end applications like PLM, ERP, Etc
• Low Hanging Fruit to go after for DX Security
» Outlook
» Desktop
» Web Based
• Don’t forget about protecting your data once it leaves your enterprise. Getting it there is only part of the equation.
» Strip unneeded IP
» Consider DRM solutions for when your data is in the wild.
» Too much DRM is counter productive !
Shareholders
Over 23 years experiencewith engineering interoperability, migration, intelligent documents, benchmarking, more
Approximately 250 employees and consultantsbased from international locations throughout Europe and in North America
More than 500 Customersthat are leading companies across most industries
A vendor neutral / independent engineering services and software company since 1993
[email protected] / 8-PROSTEP01 300 Park St – Suite 410 – Birmingham MI 48009
Reseller
Our CustomersCar Manufacturers Automotive Suppliers
•
Electrical / Electronic
40
Our CustomersAerospace Industry Shipbuilding& Marine Engineering
Mechanical Engineering, Plant Construction and Rail Vehicles
•
Other sectors
•
41
Questions: