In the digital world we all live in, the security of our data is more important now than ever before. This includes our business data and intellectual property which is the lifeblood of a company. While evaluating systems in which to hold your data, security needs to be kept at the forefront and the 3DEXPERIENCE platform is no different.
Dassault Systèmes and the developers of the 3DEXPERIENCE platform follow many industry standards and best practices while making the cloud software. The general guidelines and methodologies that the team adheres to are as follows:
• ISO 2700x standards, and in particular Implementation Guide ISO 27002
• Open Web Application Security Project (OWASP) methodologies
• CobIT framework
Now, let’s look at the specific layers of security applied to the 3DEXPERIENCE platform.
Physical Security
The 3DEXPERIENCE platform has its data stored in several nondescript physical data centers around the world. Access is limited to authorized staff, contractors, and visitors are escorted at all times, and physical access to the data centers is logged and audited. Finally, the physical storage is secured via redundant disks with disaster recovery, backup, and restore procedures.
Virtual Systems Security
On the physical machines in the data center, several virtualized systems are created in which the data and applications are hosted. These systems are scrutinized, from a security standpoint, prior to being released into production. Beyond standard security activities such as system patches and services review, Dassault Systèmes runs random attack-like scenarios to test the integrity of the system as well as the reactivity of the operational response teams.
In-Cloud Security
While inside the Dassault Systèmes cloud, there are several layers of security solutions. Beyond firewalls to restrict traffic, each client works on instances that are separated from other systems. This approach protects against cross-customer data access, which is also hardcoded at the application level. This separation inside the cloud environment mitigates classical risks of network attacks, in particular, sniffing and IP spoofing is not feasible by design.
Application – Level Security
Security awareness and controls are designed into the development and verification process of the applications on the 3DEXPERIENCE platform. The code is double-peer reviewed, both internally and externally with special emphasis on the top OWASP threats. An additional protection check is performed on the application ecosystem where a cyclic penetration testing exercise is performed. Lastly, a continuous scanning process is in place to monitor various modules of the application.
Internet Security
The final security measure that is in place is how the end-user interacts with the platform over the internet and what data is exchanged between the user and the platform. Incoming internet traffic to the platform is filtered by independent mechanisms ensuring reliability and lack of vulnerability. To ensure the confidentiality and integrity of the data being transferred to and from the platform, secured communication channels can be used, where applicable.
After reading this blog, hopefully, you have a better understanding of the security measures that are in place on the 3DEXPERIENCE platform and its applications. This multi-layer security approach makes the 3D Experience platform as robust as can be in cloud software today. To learn more about the 3DEXPERIENCE platform, take a look at this video or reach out to your local CADimensions representative today.
Your Answer To Finding A Complete Product Development Solution On The Cloud
See how the 3DEXPERIENCE can enable your design and engineering team to work from anywhere without compromising your security and privacy.