When thinking about cyber security in the context of software products, you probably think about that software having a strong defense – a way to respond when attacked from the outside. But product security can be much more than built-in defensive mechanisms. When it comes to protecting IP, it’s important to also have a good offense. What does having a good offense look like when it comes to product security? It looks like preventing wrongful access to design IP from an unauthorized user. It looks like creating user roles and privileges so that the right people in the organization have the right access to the right data.
Let’s dig deeper into some of the offensive measures we are taking with our products today:
- Authentication/user identification
- Project-level data management
- Data protection
- Data privacy
Protect your IP with authentication/user identification
Our desktop products integrate with existing enterprise authentication systems like Active Directory, LDAP, and Kerberos. This means that a user only needs one login across multiple systems. For our cloud-connected and cloud-native applications, authentication is accomplished using the Siemens Webkey, which is tied to a validated, named-user email and password specified by the user. Access to Siemens Support Center, for example, also shares the same webkey authentication system.
Now that we know who you are, we need to know what you’re authorized to do. In general, the principle of “least privilege” will apply here, which means that you will only get access to the privileges needed to complete your specific tasks. For our on-premises tools, we offer both role-based identification of users and group-based assignment of permissions. These can be aligned with corporate assignments or customized. For our cloud-connected and cloud-native applications, once a named user is authenticated, the system checks to see what “entitlements” are assigned to that user. In other words, is the user authorized to use the cloud application based on the webkey credentials submitted when logging in.
Project-level data management
With some products, you can collaboratively view and mark up a design from a centrally managed location, which enables real-time communication. Collaboration in this environment isn’t accomplished by simply sharing a link to design IP, it requires an authorized administrator to assign a license to an authenticated user, granting the privilege to access the collaboration workspace. The administrator can then add the authenticated user to a project with a specified “role” (like “view only” permission). When the collaboration process is complete, the administrator has the option to remove the license, eliminating any ongoing access to the project.
Our data management products encrypt data in transit and data at rest and customers can even configure these schemes to comply with their enterprise standards. Our cloud-connected and cloud-native applications add development processes that are audited and certified to ISO 27001 and SOC2 conformance. These certifications reflect that a rigorous and well-managed process has been adopted that will protect your intellectual property to the highest standards. You can read more about these standards here.
Data privacy plays an important role in protecting personal information, which is why we practice Privacy by Design. This means that legality, transparency, informational self-determination, data economy and security are designed into all our products and services. Privacy by Design is integrated into our product development processes. The Siemens Trust Center provides comprehensive information regarding Privacy including answers to FAQs.
Protect your IP by going on the offense
As you can see, offensive measures can truly help protect and secure design IP. For a more detailed overview of the Siemens EDA security strategy, check out The Modern day security practices safeguard a digital transformation white paper.