“No way” you say. “Cloud services aren’t ready for prime time. They’re not secure/fast/reliable/full-featured enough for my business.” Let me tell you why you’re wrong.
Spoiler
Whether I’m using email, LAN, sFTP, or good ol’ reliable sneakernet, using cloud services are not only just as safe as what I’m currently doing, they’re probably far safer.
When I design products for companies big and small, I eventually have to communicate my designs to somebody. Even if I worked in a maximum-security off-grid underground bunker, at some point I have to send data to clients, machine shops, or factories.
Here are my options:
- Drawings on paper (c. 1425)
- File on a magnetic tape or equiv. (1928)
- File via email attachment (1971)
- Your-Favorite-PLM-System (1982)
- Dropbox/Box/gDrive/OneDrive (2007)
- GrabCAD (2009)
- Fusion 360 (2013)
- Onshape (2015)
When I’ve used paper, sneakernet, or email to share files, I have a technical term I’d use to describe the ensuing situation: data constipation. That’s what happens when too much information moves through a small pipe, and the result is slow, unappealing, and often excruciating. Cloud services are the fiber in your data management diet: they keep things moving.
In this series I’ll debunk some common cloud myths, and hopefully explain why I think cloud services are actually the safest, fastest, most reliable, most fully-featured solutions available on the market. In this installment, we’ll focus on an IT manager’s first concern: security.
First, let’s talk about email.
1. Email is Bad
Fun fact: if you use email, you’re already using cloud services. If you’re using an in-house exchange server and Outlook, you’re using what’s known as a “private cloud.” Congratulations! You’re working like it’s 1971!
If you’re using a hosted web-based email system like Office 365 or Gmail for Business, you’re even cloudier. In fact, you’re up to date as of 1993. Well done, you techno-whiz you.
To share your CAD data, I can save an eDrawing (like it’s 1999!), zip that sucker and email it to somebody! Shoo dawg! Technologizzle!
But there are some pretty big problems here:
- The only secure email is one you don’t send.
- Seriously, email is ridiculously un-secure. It’s possibly the least secure digital communication medium we use. If security matters to your business even a little bit, then email is Just Plain Bad. (No matter how many stupid footers you add to your messages.)
- Once I send an email, I have zero control over what happens to that data. The recipient could forward it to My Nemesis, post it on a forum, or burn it onto thousands of DVDs and pass them out on street corners, and I can’t do a thing about it.
- Oops! I’m fired. Pick your favorite reason:
- Accidentally sent to the wrong email address… at a competitor.
- Didn’t include the attachment on a deadline; went scuba diving.
- Included the wrong attachment (which happened to be a photo of your boss in a compromising position at the gym)
- May-or-may-not have accidentally told my most important customer to do something physiologically impossible.
- Severe file size restrictions mean that anything larger than your average animated cat GIF gets stuck in the tubes, often arriving too late to be useful.
- Revision control is a nightmare; it’s impossible to have a single source of truth with files with various versions whirling all over the place.
- It is incumbent upon me, the sender, to perform any necessary data translation. (“Sorry, that STEP won’t open for me. Can you send over an IGES? Oh, and was that the latest version?”)
I guess we should stick to good ol’ portable storage devices, copying files onto USB sticks and running them around the office. Not so fast.
2. Sneakernet is Equally Bad
You guys: floppy disks suck, and so do their various offspring. I don’t care if you use magnetic tape, zip disks, +RW DVDs, thumb drives, or a flash drive that looks like a frisky puppy: storing your stuff on a physical object is a very, very bad thing. Let me count the reasons:
- I can lose it.
- My Nemesis can find it.
- It can be damaged.
- Employees can take it home against company policy without my knowledge, without a paper trail, and there’s literally nothing I can do to stop it.
- As with email, I have zero control over the file after it’s received.
- As with email, I can accidentally send the wrong file(s), or, more commonly, accidentally include a bunch of stuff you shouldn’t have.
- As with email, revision control becomes impossible.
- As with email, data translation is up to me, the sender.
- What if somebody works directly from that thumb drive, makes changes, and that becomes the plan of record? How do I bring that data back into play?
So still bad, but at least it’s more secure, right? I mean, information disseminated using a pile of Laser Discs is way safer than using the Interwebbies, not least because it’s harder for Chinese Hackers to get ahold of those discs. We at SolidSmack hear this argument a lot when it comes to cloud security, and it’s deceptively appealing. The concept is known in security-speak as “Security Through Obscurity” (SOT), and while it may seem reasonable, it’s not generally well regarded.
“Most leaks start from inside.”
Obscurity is not a bad thing in itself, but it’s certainly not an adequate security strategy. The vast majority of data theft these days is accomplished through phishing, spear phishing, or other insider-based attacks, where an internal participant is used (knowingly or not) in order to compromise the system.
In the case of the Laser Discs above, what if an employee carries them home and uploads them to her GrabCAD public profile or, in an unexpected twist, sells them to the Russian Mafia? More realistically, what if that employee ships the discs to a supplier, and the supplier then passes them along to The Enemy? Most leaks start from inside, after all, physical media are just as susceptible to this kind of leak as email, and in some cases more so. The worst thing about this kind of leak is that it is completely undetectable, untraceable, and un-fixable. Once that data is in the wrong hands, there’s nothing you can do.
While it may seem counter-intuitive, cloud based systems are actually your best defense against the most common kinds of hacks, both for protecting against break-ins and, just as importantly, plugging leaks when they inevitably happen. But more on that in a bit.
So email is Bad, mailing around 6” floppies is Bad. What about the good ol’ Local Area Network and a quick FTP server? That works, right?
3. Yes: LAN + (s)FTP is also Bad
Let’s assume that I have a kick-ass IT guy named Boris who keeps his savings in gold bars buried in Siberia and owns a Caucasian Ovcharka named Buyan, and never smiles. I’ve given said IT bruiser enough time and money to set up a fully encrypted LAN with hardware-keyed two-factor VPN tunneling and a complete lock-down on external IP traffic.
Theatrical, sure. But effective? Hardly. After all that, I have the same fundamental problem as with email and physical media: all it takes is one misguided employee to compromise the whole system. If someone brings a thumb drive to work and copies a few files to work on at home over the weekend, my entire security scheme crumbles. If Boris turns on me, I’m done for.
And forget about FTP. Assuming Boris knows how to configure a secure sFTP port and expose that only to trusted clients, I still have the same data control problems as the above: as soon as the data reaches its recipient, that person is free to do whatever she want with it forevermore; revision control is impossible; leaks are inevitable.
(FTP is also just annoying. Do I really want to make my clients download a client just to access my deliverables? But I digress.)
The status quo is really pretty abysmal when it comes to security, not to mention efficiency or–god forbid–convenience. Running things this way is expensive, time-consuming, error prone, and far from secure.
It’s actually amazing that people have put up with this for so long. Pining for the bad-old-days of Retrospect backups on archival tape is absurd in an age when off-site storage is cheaper, faster, more secure, more accessible, less redundant, and less likely to melt in a fire or float away in a flood.
4. Cloud Security Rocks
When I store data with cloud services, things are very different.
- My data is encrypted. A would-be thief would need to steal not only the data itself, but also the keys to decrypt it. In the case of a CAD platform like Onshape, he would even need to steal the server-side software required to interpret the data. Wholesale data theft in a system like this is not impossible, but it is utterly impractical.
- Older file-based cloud systems like Dropbox, Box, or Google Drive allow the user to create and destroy download URL’s on demand, or even self-destruct on a timer. Once I know the recipient has downloaded a file, I can destroy its URL, so no one else can download it. And, unlike email/sneakernet/FTP/etc, I can monitor access, pinpointing exactly who has accessed a given file, when it was accessed, and from where. Unlike email etc, all uploads and downloads are encrypted, so interception in transit is impractical.
- Database-driven systems like Onshape take this a step further: not only is my data end-to-end encrypted, but users interact with it without ever actually downloading any one coherent chunk of data. Onshape has no “files”: you just view the data directly in the browser. Disallow export for low-level users, and leaks are nearly impossible: if files are never downloaded, they can never be leaked. Employees can’t steal data on thumb drives anymore; just disallow export for those users, and they will be literally incapable of leaking anything. Even if that employee leaks his password to The Enemy, that enemy will only be able to view content, but never download it. And, I’ll of course be monitoring IP access, and will know immediately that an un-trusted computer is logging into one of my accounts. I shut down the account, fire the employee, and everything is fine.
- Oops! Meh, no big deal:
- Accidentally sent to the wrong email address? Redact it.
- Sent the wrong data to someone? Redact it.
- Forgot to send attachment? What attachment? Attachments are for suckers.
- No file size restrictions. Users have direct access to exactly what you give them.
- Revision control is a breeze. I have one source of Truth, and everyone has access to it.
- Users can do data translations on their own. In Onshape, for example, if I grant the machine shop export access to a specific version of a specific part for a specific period of time, the shop tech can download any interchange format she wants–STEP, IGS, Parasolid, STL, Whatever–and doesn’t have to bother me for it.
(It’s not perfect, of course. Perfect security is impossible. If you’re a convenience store owner, you could prevent Twinky theft by putting all of the factory-wrapped pastry products in a bank vault out back, but you’d be preventing sales in direct proportion to your increased security. The more paranoid your security, the less practical it is to maintain. Security is about maximizing data utility while minimizing–but never eliminating–risk.)
5. ABSOLUTE POWER
With any file-based system, all security comes down to trust: if I share a confidential file with my CAD guy, I’m entrusting my reputation to him. In a traditional data exchange, the recipient has all the power.
In a database-driven cloud architecture, the opposite is true. In Onshape, my CAD guy only has access to the specific things I grant, and I can revoke those privileges at any time. Adding two-factor authentication makes data theft from leaked passwords nearly impossible.
In the last few months, Onshape has increased the levels of control. Users can specify if a shared peer is permitted to only view, view and comment, edit, or edit with additional sharing. It is easy to imagine additional levels of control that are only possible with a cloud based system.
I’m not a security expert, but these guys are.
I’m no security guru, so don’t take it from me. Take it from the teams of world-class security SWAT teams at the Amazons, Googles, and Onshapes of the world. They’ve collectively invested billions into infrastructure that is both strong and resilient. I don’t care how good Boris the IT guy is, he’s not as good as AWS’s security Special Forces.
And let’s not forget that security-focused industries like the US Military, an increasing number of banks (including big ones) are using a combination of internal and external clouds more with each passing year. If AWS is secure enough to meet DOD security specs, can I seriously think it’s not secure enough for my engineering data?
So the argument that cloud services are not secure enough for engineering is, in my humble opinion, bogus. But what about speed, reliability, features, and the ever-controversial rent-vs-buy debate? We’ll take those one by one as this series continues. Stay tuned.