2. How to Securely Exchange CATIA
Data Outside Your Enterprise
• Take Away Topics
» How your organization is leaking information.
» Why information leakage is so hard to control.
» Which free or paid options are available to help
mitigate this problem.
8. ITAR Violation Settled Between 2010 and 2016
Company Name Number of Violations Final Amount Paid Year
Marc Turi and Turi Defense Group, Inc. 2 $200,000 2016
Microwave Engineering Corporation 1 $100,000 2016
Intersil Corporation 339 $10,000,000 2014
Esterline Technologies Corporation 282 $20,000,000 2014
Meggitt-USA, Inc. 67 $25,000,000 2013
Aeroflex, Inc. 158 $8,000,000 2013
Raytheon Company 125 $8,000,000 2013
United Technologies Corporation 576 $55,000,000 2012
Alpine Aerospace 9 $50,000 2012
BAE Systems plc 2591 $79,000,000 2011
Xe Services LLC 288 $42,000,000 2010
AAR International, Inc. 13 $0 2010
Interturbine Aviation Logistics GmbH 7 $1,000,000 2010
Total 4458 $248,350,000.00
Average fine per violation $55,708.84
source:http://pmddtc.state.gov/compliance/poa.html
13. How old are your protocols?
• Simple Mail Transfer Protocol (SMTP) is an Internet
standard for electronic mail (e-mail) transmission across
Internet Protocol (IP) networks. SMTP was first defined by
RFC 821 in 1982 and grew out of standards developed
during the 1970s.
• File Transfer Protocol (FTP) is a standard network
protocol used to transfer files from one host to another
host over a TCP-based network, such as the Internet.
FTP is built on a client-server architecture and uses
separate control and data connections between the client
and the server typically with clear text authentication and
published as RFC 114 in 1971.
Paraphrased from <http://en.wikipedia.org/wiki/FTP>
14. Why do we keep doing it?
CONVENIENCE!
“increasing
convenience almost
always reduces
security”
…. but does it really have to be that way?
15. Convenient and Secure?
• Secure exchange needs to start as close possible
to the end users daily working environment
» Desktop Integration
» Email Integration
» PLM Integration
» Purchasing / Bid Systems
• If users have to leave their default working
environment to send secure information, they are
less likely to use the approved solution.
16. Ease of Deployment vs. Adoption
April 2016
BASE MODUL
OPTIONS
OS Integration
Windows "Send to"
Web Browser
PDM / CAD Integrations
Mobile Apps
Automated Services
Email Integration
Alternate Formats
(3DPDF, JT,….)
17. Standalone “Simple” Portal Solution
Supplier / ConsumerOEM / Sponsor
Standalone Portal Solutions
Quick / Easy to Deploy
Simple Administration
Affordable (sometimes free)
Good Basic Security (outside of email)
Often Hosted outside of company *
Not Integrated (“Swivel Chair” Solution) –
Less Convenient (must be logged in and online) –
Can be hard to customize (if at all) –
*Monthly Fees for users / volume add up quickly –
18. “Advanced” Portal Concepts Automated Processes
Upload and download with Agent,
installed at the user's desktop
Agent
Location 2
Database FileVault
Server
CAD
Converter
Gateway
KeyStore
Server Location
Main OEM Server Location
Authentication
Encrypted data storage
PKI-Management
User right definitions
Processing control
Logging
E-Mail notification
Data routing
Data conversion, …
Gateway
Location 3
Batch Mode
Data are temporary stored quickly
in local network drive
Transfer of data to run completely
in a batch mode Gateway
FileVault
CAD
Converter
Location 4 Advanced Functionality
Encryption
Local File Vaults
Local conversion of data
WAN /
Internet
Manual Processes
User sign on over WEB-Browser and up- or
download data manually, interactively
Location 1
WAN /
Internet
Robot
Partner
Internet
System to System
Automated / Integrated
Remote Data Vaults
Supplier signs in over WEB-Browser
Data is uploaded from a data vault
close to the end user
Supplier
Internet
Advanced Portal Solutions
Deeply integrated into systems and processes
Fully automated and work behind the scenes
Installed in the enterprise or the cloud
Centralized or Distributed
Designed for customization
Upfront Infrastructure Costs –
Upfront Planning Requirement –
Administrative Overhead –
19. Demo: Email Secure DX
• Email (Outlook) Secure DX Integration Demo (1 min.)
» Internal User Initiates an email in Outlook and attached a large file
» Data is sent via Secure DX Server (not the exchange server)
» External user is sent a link to a download portal.
» External user downloads file via web portal
Email Integration
• BENEFITS OF EMAIL BASED SECURE DX
» END USER DOES NOT CHANGE ANY PRACTICES
» ZERO TRAINING REQUIRED
» POLICIES ARE 100% ENFORCED
» Audit Logs are kept separate from Clients and Mail Servers
» Data is always encrypted before transport outside of enterprise
» No data Load on Mail Server
20. Demo: Desktop Integration
• Windows Desktop DX Integration Demo (1 min.)
» User registers accessible workspace in Windows Explorer
» Drag and Drop or Copy / Paste files into workspace folder
» Files are securely sent to workspace
» New Files Are Received as well
OS Integration
• BENEFITS of DESKTOP INTEGRATION
» Works like a network shared drive
» Data is always encrypted before transport
» Securely share files with a team without an external client
21. Demo: Windows “Send-To”
• Windows “Send-To” Demo (30 seconds)
» User Right Clicks on a File
» “Send-To” Secure Portal User
• BENEFITS of “Send-To” INTEGRATION
» Familiar process for many users
» Data is always encrypted before transport
» No Extra Apps to Log into (No “Swivel Chair”)
Windows "Send to"
22. Scaling up Complexity with back end
systems integration and automation
• Dealing with Engineering Data (of course) plus
» ERP Data
» MRP Data
» Bids
» Financials
» More
• Centralized Reporting on all confidential
Information
24. Demo: Sending from Enovia
• Sending from Enovia Demo (1.5 min.)
» User Selects Files to Send from Enovia Client
» Selected is passed to back end server for export and checking
» User Selects recipient
» User approves transfer
• BENEFITS of Sending from Enovia
» Familiar process for engineers
» Work is done on the export server not the client
» No Extra Apps to Log into (No “Swivel Chair”)
PDM / CAD Integrations
25. Demo: Neutral and Lightweight files
• Creating a 3DPDF from Enovia Demo (1.5 min.)
» User Selects assembly from Enovia Client
» Selected is passed to back end server for conversion
» 3DPDF files is checked back into Enovia
• BENEFITS of integration into Enovia
» Familiar process for engineers
» Work is done on the export server not the client
» Can be part of existing workflow and release process
Alternate Formats
(3DPDF, JT,….)
36. DX Requirements
36
Integration
Back-end system
integration
Communication
Status notifications
for high transparency
Data transfer
High volume, robust,
high performance
Security
Adjustable security
levels
Automation
Robots and Gateways
for transfer
automation
Flexibility
Versatile user
interfaces & flexible
software
Documentation
Documentation for
users &
administrators
Processing
Process engine for
data processing
Reports
Research, KPI‘s,
automated reports
Scalability
Flexible software &
license model
37. • DRM Protected Documents
» Limit Access to named users
» Revoke Rights in the field
» Force Updates to Latest
Document Versions
» Authentic via PKI, AD, LDAP,
RSA, Others
• Limit Document Features
» Read Only
» Save
» Print
» Copy
» Measure
» Cross Sections
» Etc
• Traceability Logs by Document
DRM Requirements
38. Final Advice From the Field
• Start Today
• Use Free Trials to get a feeling for what does and does not work for your enterprise
• Look for a mix of Hosted or Self Installed Options
• Look for technology that integrates not only front end applications (Outlook, Desktop,
Mobile) but back end applications like PLM, ERP, Etc
• Low Hanging Fruit to go after for DX Security
» Outlook
» Desktop
» Web Based
• Don’t forget about protecting your data once it leaves your enterprise. Getting it there
is only part of the equation.
» Strip unneeded IP
» Consider DRM solutions for when your data is in the wild.
» Too much DRM is counter productive !
39. Shareholders
Over 23 years experience
with engineering interoperability, migration, intelligent documents,
benchmarking, more
Approximately 250 employees and consultants
based from international locations throughout Europe and in North America
More than 500 Customers
that are leading companies across most industries
A vendor neutral / independent engineering services and software company since 1993
infocenter@prostep.com / 8-PROSTEP01 300 Park St – Suite 410 – Birmingham MI 48009
Reseller
41. Our CustomersAerospace Industry Shipbuilding & Marine Engineering
Mechanical Engineering, Plant Construction and Rail Vehicles
•
Other sectors
•
41