‍

The Data Security Dilemma

A prospect I was interviewing recently said something along the lines of “we do not upload our 3D models to the cloud–we keep them on our servers instead for better security.” I come from the Cybersecurity world, so his words opened a big box of memories. I’ve seen a lot of people who believed their data is secured because it was right there in front of them. Those beliefs made it really hard for them to accept that the data sitting in front of them was also available for purchase on the Dark Web…

Cue the dilemma: You can make your data super secure by not sharing it with anyone, but it would also render it useless. On the opposite, if you want your 3D designs to create value, you have to share them, but then you can’t keep them secure.
Or can you? Follow my train of thought to learn.

Why Share?

So, your company is creating some 3D models. CAD files, product designs, 3D renders, 3D printing files, you name it. If all the 3D assets only sat in the version control system, nice and square, you could have built some simple and straightforward security discipline around them. (Which I hope you did, but I will cover it in a separate article.) Then comes the sharing time. Very few businesses today can be fully done within one room or even one building.
You might need to:

• Conduct an assessment of 3D CAD/CAM files by a manufacturer,
• Collaborate with partners on 3D design of parts,
• Work with outsourcers that do some 3D modeling of product design,
• Review the 3D product design with the Marketing team,
• And so on.

Let’s debrief the ways you can share the 3D models, and more importantly, how you can share them securely.

Sharing via Email

We at Sibe believe that reviewing a 3D model via screenshots sent by email is, to put it politely, inconvenient. That’s why we created a cloud service for sharing, reviewing, and proofing of 3D models. However, if you do share 3D via email, there are a few data security aspects you need to take care of. Your email system, or that of your partners and suppliers might become the reason for data leak any time. Even companies with enough budget and specialists are finding themselves in trouble, as in the recent Microsoft cloud email platform breach leading to loss of 60,000 emails from U.S. State Department accounts.
The damage can also be done without even involving any hackers: some people are getting really creative at ignorance. Why not forward your work mail to your personal mail so that you can respond from home or while on the road?

The ol’ good email jumps to mind first when you need to let someone know something. Apparently, emails or instant messages are often used when the files are rather small and the response is needed instantly.

How to mitigate some of the risks when sharing 3D via email:

1. Control Email Forwarding. There are plenty of good articles on securing virtually any email system, as well as specialized reporting and prevention software.
2. Raise Security Awareness. Your employees will less likely commit goofy actions if they understand the consequences for themselves and the entire team.

File Sharing Services

There are plenty of free and paid file sharing services, including Dropbox, Google Drive, etc. They come in super handy when you need to send a large file, or a dozen of files, or share with several people. The ease and convenience of these file sharing services largely contributed to the phenomena of Shadow IT, i.e. employees sharing files out of the control of the IT team. Whatever IT doesn’t know of, they can’t enforce retention and permissions. Hence, your business critical data might be left unattended, creating opportunities for drive-by takeover.

If you’re not using Sibe, here’s how you can mitigate some of the risks:

1. Defragment. Make sure all your employees only use the corporate approved sharing service to share 3D models. This way your IT department will be able to enforce access, retention, and other policies.
2. Enforce the expiration dates. Your 3D design drafts do not need to sit on the Web forever.
3. Always configure explicit access. “Anyone with the link” is a little more convenient but a lot less safe. The email with the link might escalate in a bigger email thread, involving people that you actually wouldn’t want to see your 3D assets.

Drop Folder

Drop folders are somewhat similar to file sharing. The difference is that they reside on the infrastructure that you control. It could be physical file servers in your data center, virtual servers in your service provider’s data center, or even some storage space on AWS, Azure, or other cloud provider. Either way, you will be giving some people outside of your organization access rights to the folder in your organization (which Sibe was designed to prevent).

How to mitigate some of the risks:

1. Assign permissions granularly. Only invite people with the business need to know and run access attestation reports on a regular basis. You do not want to end on the news like the New York International Airport exposing their entire backup to everyone on the Internet back in 2017.
2. Protect from Malware. If you are granting write permissions on any of your properties, make sure you have an anti-Malware and anti-Ransomware protection in place. You might lose all of your data, not just the 3D models that you share.

Portable Drive/Stick

Carrying around files on removable media sounds a little vintage in 2023, yet let’s count it in. Every year thousands of USB sticks and drives (and laptops too!) get lost. Most cases never get in the news, but you could’ve read of Transportation Security Administration (TSA) losing a hard drive with personal data of 100,000 employees. Even security agencies are prone to human error.

How to mitigate some of the risks:

1. Use encrypted drives with strong enough keys.
2. Enforce removable media policy. At a minimum, disable removable drives for those computers and roles that do not need it. If there is a budget, consider implementing a Data Loss Prevention (DLP) solution.

So how do I share 3D securely?

First and foremost, let’s break down the purposes of sharing, as they will define the media:

1. Reviewing the product looks with a non-engineer.
   From Product Managers and Project Managers to Directors and CEOs, all stakeholders care about the product design and want to share their opinions early in the process.
2. Reviewing the engineering design with an Engineer.
   Be that an outsource engineer, a partner company, or another engineering department, you might need to discuss the designs with them.
3. Reviewing the engineering design with a production facility
   When producing physical goods, it is important to understand the cost and feasibility of production upfront.

Define your goals

Assess your risks

What happens if the 3D models or 3D renders get outside? Will the competing retail chain reproduce your new shop layout? Will another manufacturer produce a competing product? Will someone else file a patent application earlier than you? Will an enthusiast post the looks of your new product on the Internet before release? It is important to understand the consequences in each particular case.

Train your people

Do not focus on technology alone. People are the weakest link of any security policy. You want to have them as allies.

Security breaches are often times a result of ignorance, not deliberate actions. Hence, start by raising the security awareness.

1. Train your employees. Make sure they understand the security risks and know how to handle sensitive 3D data.
2. Leverage NDAs with your supply chain. Make sure that whoever is accessing your 3D designs knows their responsibility (and liability) in case of a breach.

Choose your media

Now that we have looked into the 3D asset sharing goals and risks, it’s time to apply this knowledge to the sharing of 3D models.

Use Cases

Security Measures

Regardless of the measures you take, one security issue persists for all the traditional media. By sharing the 3D asset you are creating a copy of it and handing it over. Creating copies of sensitive data makes it inherently less secure, because you’ve now doubled the risk surface. So...

...use a dedicated solution!

Sibe is designed to address the security issues of sharing 3D models. It is an online platform for sharing, reviewing, and proofing of 3D that brings together all the stakeholders.

• Data Security. You decide who needs to have the source 3D files and who just needs to view the 3D models.
  
• Access Control. You define who can access and annotate your 3D assets.
• Work from Anywhere. Use an office PC, a laptop, or even a smartphone to review and annotate online – no need to create local copies and carry them around.

While improving the security of sharing and collaboration, Sibe also boosts the collaboration workflows:

• Easy Sharing. Team members can share 3D models online with a single click, so there will be more collaboration and earlier feedback.
  
• Actionable Feedback. All the annotations are sticking to a particular place on 3D model, so no need to interpret the verbal feedback and scribbles.
• Version Control. You can track how the 3D designs changed over time and how the requested changes were implemented.