How the PCBflow platform keeps your data safe

Data safety in PCBflow

Updated on April 6, 2022

It’s been several months now since the introduction of PCBflow, the easy-to-use, on-line collaboration space that helps connect designers and manufacturers to greatly accelerate the design-to-manufacturing process.

When we talk to electronics designers and manufacturers, a frequently raised concern is: “When I upload my board design/DFM profile to PCBflow, is it safe from theft or other malicious activity?”
The answer is: Yes, it is safe. All files are stored in a highly-secure environment that complies with the most demanding security standards, and is audited by Siemens.
But please read on! The rest of this post will be dedicated to explaining how your data is secured.

What happens when I log in?

OK, so you’ve logged into PCBflow.com. Each registered organization is assigned a unique Tenant ID, and all of your data in the system is tagged with your organization’s ID. To see your tenant ID, log into PCBflow and under your profile select “PCBflow account”.

PCBflow is a multi-tenant system that isolates your resources from the resources and access of other tenants. Each request that you make to PCBflow is signed with an access token, which contains information on your identity, tenant association and authorized user actions. Your requests are then forwarded to the PCBflow services.

What happens when I upload a file?

Here’s what happens when you upload a design or capabilities file to PCBflow:

  1. Data in transit. When you upload a file to PCBflow.com via your web browser, we establish an HTTPS connection, which secures the connection between you and our services for any type of communication, including your uploaded data. This means that your file remains encrypted until it reaches the service. Upon arrival, the data is decoded, and is forwarded to secured storage.
Data in transit
  1. Data at rest. Your data is stored in Siemens DISW Cloud Storage. The storage is encrypted and internally divided to separate locations per each tenant. When a user requests to store or retrieve data, Siemens DISW Cloud Storage identifies the requesting caller using their user access token, and upon successful identification provides a temporary “ticket” to the separate location.
Data at rest

How is access to the file secured?

When you make an access request – say, to download your file again – the system checks the request against the privileges defined for you, and if the action is permitted, a relevant request for your tenant key is created. Using the tenant-dedicated key, the file is decoded, and its contents are transmitted back to your browser using the HTTPS protocol mentioned above. You can then download the file to your computer, just as you would download an attachment from your email system.

How do I sign up to use PCBflow? Right here!

Read more about how Siemens protects your data in Siemens Trust Center.

This article first appeared on the Siemens Digital Industries Software blog at https://blogs.sw.siemens.com/pcbflow/2020/07/09/how-the-pcbflow-platform-keeps-your-data-safe/