安全

形状 was created specifically to address the shortcomings of file-based CAD and PDM systems. The use of modern computing technologies provides visibility into all phases of the design process. Strong authentication and fine-grained authorization technologies provide control over company intellectual property. The team behind the 形状 platform are able to react quickly to leverage new technologies and bring the latest defenses to bear against emerging threats.

基础设施& Certifications

形状建立在Amazon Web Services(AWS)弹性计算云(EC2)基础架构即服务(IaaS)云平台上。 AWS EC2被选为提供现代,安全的CAD服务的理想技术。 AWS提供了世界一流的计算基础架构,其中包括具有冗余电源,散热和网络的全球分布的物理安全数据中心。 AWS已获得多项美国和全球安全与质量认证,包括ISO 9001,ISO 27001,SOC-2 II型,FIPS 140-2和NIST 800-53。 形状服务本身已完成SOC-2 Type II认证的认证过程。此外,3d预测胆码使用AWS虚拟私有云(VPC)技术隔离和保护进出服务的网络流量。用于VPC配置的规则在代码中定义,经过同行评审并通过自动化进行部署。

无文件系统

形状’s highly available, distributed database architecture stores all design data in modern NoSQL databases. These databases use geographically distributed servers with multiple replicas for high availability and are backed up every 3 hours for disaster recovery. Backups are restored every 3 weeks and every model is automatically checked for integrity against new versions of 形状 software. This also validates that functionality introduced in new releases does not break existing models.

访问& Audit Trail

形状 is accessed through standard web browsers such as Chrome, Firefox and Safari on desktops / laptops and through fully-functional apps (not just viewers) on iOS and Android mobile devices. Operating systems are irrelevant: Windows, MacOS, Linux and Chrome OS provide the same design experience and work equally well. CAD data never leaves the secure cloud 恩 vironment unless permission to export has been explicitly granted by the data’的所有者。每个从事项目工作的人都始终在合作进行最新设计。所有数据访问都记录在永久审核记录中。多个用户可以从可以访问Internet的任何位置同时安全地在同一设计上进行协作。

加密

从客户端计算机和设备到3d预测胆码的所有访问’的服务器由TLSv1.2加密保护,该加密支持强密码套件(例如AES-GCM),而不允许弱密码套件。设计数据在静止时被加密。所有数据库均配置有加密文件系统,该文件系统在XTS模式下使用AES-256加密标准,并具有由AWS Key Management System(KMS)管理的密钥。 KMS利用硬件安全模块来保护加密密钥的安全性。 3d预测胆码’s servers are deployed and configured completely by automation and are frequently replaced, sometimes multiple times a day. 形状’s servers never run anything but 形状 software so there is no possibility of exploits due to web browser or email client activity.

权限

形状使用强大的身份验证系统来建立用户身份,并允许通过基于时间的一次性密码(TOTP)使用两层身份验证(2FA)以保护帐户访问,即使用户名和密码被泄露也是如此。使用PBKDF2密钥派生功能,所有密码都以散列,加盐的形式存储,因此,对3d预测胆码密码数据库的破坏不会在不花费大量计算精力的情况下将所存储的密码暴露给离线攻击。通过限制无效的登录尝试来防止在线攻击。在3d预测胆码中,CAD文档访问是由细化的读取,写入,复制,注释,链接,删除和重新共享权限控制的,这些权限为设计所有者提供了平衡安全性和设计工作流程要求的工具。可以随时更改这些权限以扩展或删除对设计数据的访问。所有数据访问和权限更改都记录在永久审核记录中。

资料还原

形状 provides transparency into service problems through an online status page. The modern database architecture allows customers to recover accidentally or intentionally deleted data. Data loss through crashes or user error, common with file-based CAD systems, is almost 恩 tirely eliminated.

客户数据保护

形状 takes the security and privacy of customer data very seriously. 形状 employees do not have the ability to view any customer data unless it has been explicitly shared with 形状 Support. In addition, 形状 Operations personnel can access the server 恩 vironment only via a VPN requiring authentication which includes a password, an 恩 crypted public / private key pair, a generated shared secret and 2FA.

第三方验证

形状已与备受推崇的安全公司Synack签约,该公司提供持续的渗透测试和漏洞管理。来自全球的安全研究人员使用最先进的工具和技术来发现3d预测胆码 CAD服务以及支持该平台的其他系统中的漏洞。测试范围包括API,DNS管理和面向Internet的目标主机。 Synack的研究人员根据发现的实际漏洞的数量和严重性来付费,因此有财务动机在其测试中勇于进取和富于创造力。 Synack记录了针对3d预测胆码服务的数千小时渗透测试。发现的漏洞将立即报告给3d预测胆码安全团队,该团队将对所有漏洞进行分类和缓解。形状’的部署自动化能够快速部署补丁软件。在某些情况下,所有3d预测胆码用户的漏洞已在几小时内得到解决。

In addition, all 形状 servers run software agents that provide an Intrusion Detection System (IDS). This IDS monitors every operating system kernel call and provides:

  • 文件完整性监控(FIM)
  • 网络进出监控
  • 权限提升监控
  • AWS配置更改监控
  • Real-time alerting of severity 1 issues to the 形状 安全 Team

 

//d0.awsstatic.com/logos/powered-by-aws.png

"形状 allows us to keep everything much more organized without needing a PDM system. 形状 probably cuts our design time in half because we’re designing our parts together in one place versus flipping back and forth between files. We can make changes without worrying about breaking the assembly."

菲利普·泰伯
Silverside探测器硬件工程副总裁

"Getting accurate part information to our 恩 gineers, designers, management and the manufacturing vendor is crucial. Previously, out-of-sync information had led to incorrect parts being manufactured. 形状 now 恩 ables us to share information quickly and 恩 sures that everything is as accurate and as up-to-date as possible. "

欧文·朗
通用逻辑工程运营经理

使您的产品更快,更安全,更高效地投放市场。