These are unprecedented times, and with them come new challenges for cybersecurity. With record numbers of remote workers accessing cloud solutions during the COVID-19 pandemic, a huge quantity of data is now being transferred, processed and stored on cloud platforms.
You might think this represents a security risk? Well, not necessarily. We all use the cloud in our personal lives every day, whether we’re syncing our family calendars, storing our photos and videos or even, looking at our online banking. Why would using the cloud for our business present any more of a risk?
Dassault Systèmes has engineered the 3DEXPERIENCE platform on the cloud to follow industry standards and best practices using a key design philosophy – Security in Depth. The result: you can opt for the cloud-based version of their business experience platform with no compromise on data security.
Security in Depth
This concept relies on the use of several independent security mechanisms to protect information. Should one mechanism be breached, the others are still able to block the malevolent action and negate the threat.
The security processes of the 3DEXPERIENCE platform on the cloud follow industry best practice, with an emphasis on:
- OWASP (Open Web Application Security Project) methodologies – recognised as the “gold standard” for web security
- ISO 2700x standards, and in particular Implementation Guide ISO 27002
- NIST 800 series
3DEXPERIENCE cloud employs Security in Depth in five layers
3DEXPERIENCE on the cloud incorporates several security layers ensuring that only intended traffic and activities reach the online platform for processing. Security measures include:
- Filtering of all incoming traffic by independent mechanisms which ensure reliability and reduce vulnerability cascading – an issue where a single system flaw creates repercussions for other security layers.
- The internet-scale hosting environment is robust against Distributed Denial of Service attacks – an attack whereby a large number of requests made from many sources cause the target system to become unresponsive.
- Secure communication channels between the hosting environment and the customer’s premises ensure confidentiality and integrity of transferred data.TLS based mechanisms ensure secure connectivity, addressing the risk ofthird-party data interception.
- The structure of the cloud environment. Each customer’s instance is compartmentalized to prevent cross-customer data access. This design precaution also reduces the risk of traditional cyber–attacks such as sniffing and IP spoofing.
- Traffic restriction using firewalls.
The application layer of 3DEXPERIENCE on the cloud undergoes a strict security design and review process, with security awareness embedded in Development and Verification processes. Application security is achieved by:
- Code aligned with industry best practices and double peer-reviewed (internally and externally). Secure coding methodologies, closely linked to OWASP standards, are followed to prevent the introduction of vulnerabilities at an application code level.
- Penetration testing exercises in which hacker-like activities are carried out to exhaustively test system security.
- A continuous process of scans to monitor application modules.
Virtual Systems Security
The security of the virtualized systems (virtual computing resources), on which data and applications are hosted, is strictly maintained both before and after production release. Some measures are taken to ensure virtual systems security include:
- Regularly conducted attack-like scenarios to test the integrity of a model system, as well as the responsiveness of operational teams. These are conducted randomly to ensure useful data for resolving potential flaws.
- Careful security maintenance through system patching and services review.
Finally, the underlying physical hardware is protected by the last, but by no means least, security layer – physical security.
- Customer data is processed in nondescript data centres to which access is strictly limited.
- All contractors and visitors are escorted at all times.
- Physical storage is also secured via redundant disks, disaster recovery, and backup and restore procedures.
Security Tests, Reviews and Access Control
Information security is built into the Dassault Systèmes 3DEXPERIENCE solution on the cloud during the development process. The R&D and Information Security teams collaborate closely to address all potential issues in advance.
Carefully planned hacker-like tests are conducted on the various security layers as part of a global design, implementation and validation cycle. These take place at least annually and with every major change of the platform to eliminate issues.
Finally, protection by security mechanisms is complemented by roles-based granular access rights (with which a data owner can set different levels of access to certain areas of a system based on user job roles). A correct licence is also required to access the application, which reduces opportunities for attack.
3DEXPERIENCE on the cloud has been developed with several layers of industry-standard security following a Security in Depth concept. Security is maintained by an ongoing cycle of scans, system patches and regular simulated cyber-attacks to identify and address security issues. Data owners are given some control over security settings through user access controls.
Discover the full whitepaper.