What's new
What's new

Cloud Security - Lets beat that horse!!

csharp

Stainless
Joined
Sep 24, 2009
Location
PA
I try to keep up on some of this cloud technology and security. I know everyone has an argument on both sides. I am somewhere in the middle, "I drink the Kool-Aid while wearing the tin foil hat"

I just read an article about cloud security and it brings up some good points I had not thought about. One that in a program like Onshape there are no files. Users are just working on the file there is no onshape format they can download. So if it is true that most security breaches are started internally then this seems to be a good solution. Since users never have access to the file. They can't download it to a USB to take home. Export can be disabled so they can't get a dumb solid. You can track everyone who has viewed the file. Here is a like to the entire article. Just thougth it was interesting view. It was obviously written from OnShpae's point of view, but still some good point are made.


A couple of months ago I read a article in Modern Machine Shop about IoT and industry 4.0
One point they also eluded to was machine destruction. What if the hackers goal was not to steal your info but to wreck your machines. What if they could change the parameters in your FusionCAM files to create a machine crash.

Interesting times with some real challenges.
 
I absolutely will not trust anyone with my design files. I will not buy into that cloud CAD stuff. I must retain control of everything I do. I have my own server which I sync everything to. Syncing to Autodesk or Onshape servers would violate probably every NDA I have signed.

Same goes for every other cloud service out there(dropbox, amazon, etc.).

No thank you.
 
I absolutely will not trust anyone with my design files. I will not buy into that cloud CAD stuff. I must retain control of everything I do. I have my own server which I sync everything to. Syncing to Autodesk or Onshape servers would violate probably every NDA I have signed.

Same goes for every other cloud service out there(dropbox, amazon, etc.).

No thank you.

First, let me say that I completely agree with you. But my concern is what will we do when all of the CAD/CAM providers have gone that direction? It's heading that way regardless if we want it to or not.

JustAbout
 
First, let me say that I completely agree with you. But my concern is what will we do when all of the CAD/CAM providers have gone that direction? It's heading that way regardless if we want it to or not.

JustAbout

First thing to do is to tell the vendors of software that you won't buy it if it does not have local storage as a real option. Many potential customers big and small will not accept cloud storage. Personally I think cloud storage has its place but so does local storage. The lack of a local storage option in software is a tactical marketing decision not something done because it is too hard or expensive for them to incorporate both. All the big companies do it- try to lead customers where they want them to go. Look at windows 8 had to have their stupid new interface designed to lead customers to their tablets etc. Well it didn't go too far because people did not buy it.
 
One point they also eluded to was machine destruction. What if the hackers goal was not to steal your info but to wreck your machines. What if they could change the parameters in your FusionCAM files to create a machine crash.

Interesting times with some real challenges.

What if a hacker wanted to change the programming parameters on your computer?
Is your intrusion detection better than your cloud providers? For the top 100 companies maybe yes, for the rest of the world no.
Many people own $30-$100 per year protection software. The bad guys buy this software too and take it apart line by line so it's a never ending race
This end protects you from kiddie attacks and unfortunately nowadays everyone needs and should have it.
If you are a high value target, different game. Home Depot or Target are not big enough to be immune. HP, and Apple have been breached. Sony and even the IRS get beat on hard.
These people spend 100's of millions on protection, yet it fails. You may have 100 bucks trying to do a better job.

Not say it would happen but there was one that screwed with VFD settings that got int many programming systems.
If it had been a bit less specific about which machines and processes it wanted to mess up it would have been a worldwide nightmare.
Most of the infected computers where isolated and had no connection to the net or the outside world.
The users felt very safe because of this "system in a locked room, programmed by a system in a locked room".

I don't like the feel of my data stored out there in who knows what or where.
Yet the people doing it have tons of worker bees starring at internet traffic on screens all day long looking for something a bit off kilter.
I can't afford a staff this size doing nothing but protecting my data.

Mostly your data, models, cnc programs are very safe anywhere as it is of little use outside of you and your shop.
My Wi-Fi is open and boosted so others around can use some of the bandwidth I pay for. It exposes many of my systems to all the neighbors.
Bob
 
I absolutely will not trust anyone with my design files. I will not buy into that cloud CAD stuff. I must retain control of everything I do. I have my own server which I sync everything to. Syncing to Autodesk or Onshape servers would violate probably every NDA I have signed.

Same goes for every other cloud service out there(dropbox, amazon, etc.).

No thank you.


No one here trying to change your mind. Just not sure why people cant have a discussion about the pros and cons of it.

So how would your system handle a disgruntled worker who walks out with your files on a USB?

How do you receive your CAD files for Quoting/Manufacturing etc....

Like I said I am not trying to convert anyone just curious how others handle these situations. I like to read these articles pro or con just learn things I would not have thought of.
 
I would say that as long as large global companies (like the one I work for) use the software in question, there is no chance they will force a cloud solution on all users. My company does not and will not tolerate any proprietary data being outside of their control. I'm aware this is an illusion, anyone with sensitive access (me) can pop it on a USB and walk out the door, but still they must have the appearance of control the data at their centers. They definitely don't want Google or Microsoft's data problems becoming theirs.

The drive located at HQ for just my division and only for tools, fixtures, machine schematics, etc., is 5TB and we've only filled 900G of it.
 
First, let me say that I completely agree with you. But my concern is what will we do when all of the CAD/CAM providers have gone that direction? It's heading that way regardless if we want it to or not.

JustAbout


One of the primary reasons I refuse to buy an autodesk product, they want to move to this model. I highly doubt all CAD/CAM providers will move toward this. I see Autodesk with Fusion and Onshape, these are low end pieces of software and this caters to these customers. Higher end software caters to a completely different clientele. You won't see Pro/e, SolidWorks, Catia, Mastercam, etc. going that direction.

No one here trying to change your mind. Just not sure why people cant have a discussion about the pros and cons of it.

So how would your system handle a disgruntled worker who walks out with your files on a USB?

How do you receive your CAD files for Quoting/Manufacturing etc....

Like I said I am not trying to convert anyone just curious how others handle these situations. I like to read these articles pro or con just learn things I would not have thought of.

I don't have any employees at the moment. If I have disgruntled employees, I have other problems I need to fix.

I send and received my files many different methods. None of which are a centralized server that everyone uses that if hacked, gives access to data across many companies, individuals, and industries. Look at what happened with celebrities that were using Apples cloud service when it got hacked. One service got hacked, hundreds(probably tens of thousands) of peoples private information, photo's, all got stolen.
 
One of the primary reasons I refuse to buy an autodesk product, they want to move to this model. I highly doubt all CAD/CAM providers will move toward this. I see Autodesk with Fusion and Onshape, these are low end pieces of software and this caters to these customers. Higher end software caters to a completely different clientele. You won't see Pro/e, SolidWorks, Catia, Mastercam, etc. going that direction.



I don't have any employees at the moment. If I have disgruntled employees, I have other problems I need to fix.

I send and received my files many different methods. None of which are a centralized server that everyone uses that if hacked, gives access to data across many companies, individuals, and industries. Look at what happened with celebrities that were using Apples cloud service when it got hacked. One service got hacked, hundreds(probably tens of thousands) of peoples private information, photo's, all got stolen.

I understand, but you may not know they were disgruntled until it is too late.

I get what you are saying about a centralized server. You may not be targeted as an individual but belonging to a central hub puts you at risk with the group.

You mention that you send and receive many methods I can only assume some of them are electronic/digital.

I use Fusion for my own personal stuff and don't care if it gets hacked or not to be honest. Hell I would share it with someone it they asked. But I feel as though I would be taking a risk with my customers doing it. I have a good relationship with my customers and have asked them what they thought. I have one that says use it you want they are fine with it. They do pretty high end RD work and don't mind. I have never done it since they use SW and provide me with native files to work with.

I definitely see some of the benefits of a Cloud system. No files for employees to steal, send to the wrong email address, etc... I wonder if Onshape or Fusion will ever allow a private cloud that a company can run themselves on their internal servers.

One of the things I thought was interesting is that you can obviously share and un-share data with a customer when ever you want. You maintain more control over the file by sharing with view only rights than providing them the solid model files IMO.
 
One of the primary reasons I refuse to buy an autodesk product, they want to move to this model. I highly doubt all CAD/CAM providers will move toward this. I see Autodesk with Fusion and Onshape, these are low end pieces of software and this caters to these customers. Higher end software caters to a completely different clientele. You won't see Pro/e, SolidWorks, Catia, Mastercam, etc. going that direction.

I don't have any employees at the moment. If I have disgruntled employees, I have other problems I need to fix.

I send and received my files many different methods. None of which are a centralized server that everyone uses that if hacked, gives access to data across many companies, individuals, and industries. Look at what happened with celebrities that were using Apples cloud service when it got hacked. One service got hacked, hundreds(probably tens of thousands) of peoples private information, photo's, all got stolen.

Well, you might see them go that way someday but not anytime soon - I agree. Autodesk (ironically) pushed me to finally purchase MasterCAM with their 800lb Gorilla tactics. A lot of these guys are already using the same code under the hood, further thinning of the CAM providers is not a good thing. If you do intend to buck the trend, know that you can only vote with your dollar.
 
One of the primary reasons I refuse to buy an autodesk product, they want to move to this model. I highly doubt all CAD/CAM providers will move toward this. I see Autodesk with Fusion and Onshape, these are low end pieces of software and this caters to these customers. Higher end software caters to a completely different clientele. You won't see Pro/e, SolidWorks, Catia, Mastercam, etc. going that direction.



I don't have any employees at the moment. If I have disgruntled employees, I have other problems I need to fix.

I send and received my files many different methods. None of which are a centralized server that everyone uses that if hacked, gives access to data across many companies, individuals, and industries. Look at what happened with celebrities that were using Apples cloud service when it got hacked. One service got hacked, hundreds(probably tens of thousands) of peoples private information, photo's, all got stolen.

PRO/E really Cero is heading that direction
 
One of the primary reasons I refuse to buy an autodesk product, they want to move to this model. I highly doubt all CAD/CAM providers will move toward this. I see Autodesk with Fusion and Onshape, these are low end pieces of software and this caters to these customers. Higher end software caters to a completely different clientele. You won't see Pro/e, SolidWorks, Catia, Mastercam, etc. going that direction.



I don't have any employees at the moment. If I have disgruntled employees, I have other problems I need to fix.

I send and received my files many different methods. None of which are a centralized server that everyone uses that if hacked, gives access to data across many companies, individuals, and industries. Look at what happened with celebrities that were using Apples cloud service when it got hacked. One service got hacked, hundreds(probably tens of thousands) of peoples private information, photo's, all got stolen.

That's the thing if someone knows you have them something of worth they will attempt to steal it even your "little server" won't be safe
 
Cloud storage has proven itself to be one big target with huge rewards for the hackers if they succeed in breaking in, and many have proven to have shockingly bad security processes which are revealed with shocking regularity. Stuff like Apple and "private" photo accounts. Read slashdot.org for a continuous rundown.

My customers are pretty data-sensitive at the corporate level, but my individual contacts are surprisingly casual. Things like "I put a copy of it on Dropbox, here's my account info for you to download it." A, they have internal places to put that stuff so I can get to it, and B, don't give out your username and password to something you're responsible for. Yikes.

The other reason for cloudiness is SAS -- the software-as-service business model, where you pay by the month forever, instead of pay once and use it. Yeah, timely updates are are problem, and support plans are usually required (even retroactively) to get up to date. It just puts a lot more stuff in the "what can go wrong" chain, like internet connectivity, their servers' uptime, etc. There are now large chunks of certain industries with a single point of failure -- take video production, with Adobe Creative Suite. When their system goes down (and it does) broadcast deadlines can be missed, with large dollar consequences.

I would be surprised if government contracts didn't have specific language relating to cloud storage of their data.

Chip
 
For me it's not about data security, it's about security of access, when and where I want it and under my control.
I run a minimum of two identical systems for CAD/CAM/CNC applications with dual 5TB RAID5 NAS boxes mirrored at separate physical locations on my LAN.
If I have mains power I can access and utilise all my own work.
I have no need or wish to add in dependence on ISP connections and other systems out of my control which are run by people who's primary motivation is not my personal ability to work.

- Nick
 
#1 "What if the hackers goal was not to steal your info but to wreck your machines"
Stuxnet.

#3 "No thank you." ++++^10000.

#17 100% agreement.

The time when people beat a path to your door, because you had designed a superior mouse trap, has long gone.

Question #1, "Is the Government, in this instance the US government, in favour of the cloud?"
Answer #1 Yes.
Conclusion, the cloud is hazardous to to the health of the citizens.

Question #2, "Is "big business", however defined, in favour of the cloud?"
Answer #2 Yes.
Conclusion, as #1 above.

Question #3, The controversial one.
"Is Edward Snowden the worst traitor in US history, or the greatest hero since Washington?"
Answer #3. I do not know, maybe there is no definitive answer, maybe the orrect answer will be revealed by historians. Unless, of course, the historians are named Langer and Gleason. Not the Gleason who advanced gear production more than any other individual, but the FDR apologist and transmogrifier of history.

Time, long past time, for all US citizens to show the Missouri scepticism.
 
You won't see Pro/e, SolidWorks, Catia, Mastercam, etc. going that direction.

Each year we have a newer generation entering the workforce that gets more comfortable with mobile devices and cloud type storage. So our voting dollar gets smaller every year. Reality is eventually it will happen for most if not all platforms.

JustAbout
 








 
Back
Top