Security Controls for the Autodesk 360 Managed Services

Transcription

1 Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices regarding data center location, business operations, facility characteristics, software controls, risk mitigation, and more can be instrumental in preventing unexpected events from affecting customers of the Autodesk 360 Managed Services. The practices described in this whitepaper provide greater detail into the safeguards put in place by Autodesk Security Operations to help maintain secure and dependable operation of the Autodesk 360 Managed Services.

2 Contents Introduction...3 Services covered...3 Security...3 Physical architecture...3 Multifactor authentication...3 Employee lifecycle...4 Data center environmental protections and system redundancy...4 Data center geographic locations...4 Storage device decommissioning and media sanitization...5 Account access and authentication...5 Telecommunications, network, and client security...5 Application security...5 Database backup...6 Monitoring...6 Active security: The Autodesk 360 Security, Trust, and Assurance Program...6 Threat identification...6 Hardening (reducing potential angles of attack)...6 Risk mitigation...7 Incident management...7 Security policy audit and update frequency...7 Data portability...7 For more information...8 2

3 Introduction Services covered Autodesk is committed to delivering trustworthy cloud services. We impose rigorous internal standards for the services listed below to safeguard the availability, confidentiality, privacy, and security of our customers data in the cloud. Please note that there are some Autodesk services, including some that are branded as 360, that are outside the scope of this whitepaper. Autodesk Security Operations, a specialized team of Autodesk information security subjectmatter experts, manages certain Autodesk cloud services that they have determined uniformly apply the practices and protections described in this whitepaper, as follows: Autodesk 360 Autodesk BIM 360 Glue Autodesk Buzzsaw Autodesk Constructware Autodesk PLM 360 Autodesk Sim 360 Pro Autodesk SIM 360 Moldflow Optimization for Autodesk Inventor Throughout this whitepaper, the services listed above are referred to as the Autodesk 360 Managed Services. 1 Security Physical architecture All production systems necessary to operate the Autodesk 360 Managed Services are physically located in a secure data center with 24/7 security staffing and formalized security access procedures. We use advanced technologies and formalized procedures to control physical access to the data center. Examples include, but are not limited to: Multifactor authentication Entrance to the data center is limited to one person at a time and requires both an active electronic key card and hand geometry biometric verification. The ability to log in to critical devices once inside the center also requires an active username and password. 1 The information in this whitepaper does not apply to Autodesk services not listed as Autodesk 360 Managed Services, and this whitepaper does not apply to any services labeled Beta or Technology Preview or to any service provided by third parties, including third party services that Autodesk 360 Managed Services may enable access to or use of but that are not provided by Autodesk. 3

4 Employee lifecycle The data center security team performs background checks as criteria for employment. Access privileges are terminated when an employee leaves the company. Employment policies also identify functional responsibilities for the administration of logical access and security. Further, facilities hosting the Autodesk 360 Managed Services are monitored via closed-circuit TV cameras both inside and outside the data centers. Experienced security firms conduct semiannual independent security reviews on the service environment of the Autodesk 360 Managed Services. Data center environmental protections and system redundancy Designed using sound infrastructure practices and robust hardware architectures, the data centers that host the Autodesk 360 Managed Services include redundant systems for multiple levels of protection. Examples are as follows: Fire detection sensors are deployed both in the ceiling and underneath the raised floor, and a heat-activated wet pipe system is used for fire suppression. Dual utility power feeds, redundant UPS (uninterruptible power supply) systems, and generators can maintain the data center in the event of power loss for up to 5 days. Internet connectivity is achieved using a fully redundant, fault-tolerant multivendor architecture. To mitigate the risk of downtime, Autodesk maintains at least one, identical, geographically dispersed standby infrastructure for Autodesk 360 Managed Services in case of a total outage at the primary infrastructure. Examples are as follows: The identical infrastructure exists on standby, ready for immediate operation, in physically separate data centers in the event another data center fails. Data replicates between data centers across a private and secure high-speed link so that data is readily available at the standby location if it s needed. Operational validation of standby infrastructure and failover procedures occurs regularly. Redundancies designed into the data center computing architecture eliminate single points of failure across the network, application, database, and storage layers needed for dependable operation of the Autodesk 360 Managed Services. Examples are as follows: Geographically dispersed data center clusters protect against region-specific threats such as natural disasters. Automated server configuration management and infrastructure deployment enable data centers to remain fully synchronized. Multiple geographically dispersed DNS (domain name system) servers direct incoming traffic to the correct data center. Data center geographic locations Data centers for the Autodesk 360 Managed Services are located in both the eastern and western United States. Geographically dispersed data centers provide fault separation and improve system performance. Companies outside the United States sometimes have questions about the U.S. Patriot Act and its effect on data privacy and law enforcement for them. In response, the U.S. government addressed common misunderstandings in Five Myths Regarding Privacy and Law Enforcement Access to Personal Information in the European Union and the United States. 4

5 Storage device decommissioning and media sanitization Autodesk adheres to the National Institute of Standards and Technology (NIST) Special Publication : Guidelines for Media Sanitization recommendations for sanitizing data when decommissioning media devices. Specific to the Autodesk 360 Managed Services, the Autodesk Security Operations team destroys decommissioned media to render its data unrecoverable, even by extraordinary means. Account access and authentication Where the Autodesk 360 Managed Services employ passwords or passphrases for authentication (for example, login to workstations), identity management solutions enforce Autodesk Security Operations strong password policies, including password expiration, restrictions on password reuse, and sufficient password strength. Autodesk Security Operations uses a least-privilege model with moderated need to know access to authenticate administrators of the Autodesk 360 Managed Services. A formal access control policy limits access to information based on business requirements. Access lists are reviewed regularly using a formal process. Access to resources such as servers, routers, and firewall equipment and access to customer data therein by authorized employees both require multifactor authentication. Telecommunications, network, and client security Autodesk Security Operations segregates Autodesk 360 Managed Services networks from all other corporate networks. Access is granted only to authorized personnel using unique user identifiers and passwords. All traffic into production networks must traverse a fully redundant fault-tolerant firewall infrastructure. All traffic is denied by default unless explicitly required for business reasons. The data centers hosting the Autodesk 360 Managed Services segregate server hardware on a private VLAN (virtual local area network) so that communications remain private and confidential and removed from other servers. Autodesk Security Operations regularly scans all Internet-facing service endpoint IP addresses used by the Autodesk 360 Managed Services for vulnerabilities (these scans do not include customer instances). Further examples of network security mechanisms that help to protect the Autodesk 360 Managed Services include: 256-bit SSL encrypted transfers Encryption at rest (not applicable to all services) High availability firewalls System, user, and record logging Single sign-on with other Autodesk sites Password hashing policies User lockout policies IP whitelisting Autodesk strictly enforces information security procedures related to staff communications involving the Internet, files, , and more to further protect privileged customer information related to the Autodesk 360 Managed Services. Application security Autodesk Security Operations works with independent external security experts to regularly perform extensive security scans and assessments of the applications that make up the Autodesk 360 Managed Services. Autodesk protects customer data within the Autodesk 360 Managed Services by using a multitenancy model to provide an additional layer of separation at the application level. This model uses a single instance of a software application to serve multiple customers, or tenants. For further protection, tenants cannot customize the application's underlying code. 5

6 Database backup The Autodesk Security Operations team performs full weekly backups of the tenant data stored in the Autodesk 360 Managed Services. In addition, incremental backups of tenant data and backups of the transactional logs occur hourly. Monitoring Autodesk uses automated monitoring tools to oversee the proper operation of Autodesk 360 Managed Services components. Automation programs set triggers that notify Autodesk Security Operations staff of early warnings and critical alarms. Reliable monitoring tools help us to respond to incidents before they affect customers. Examples are as follows: Availability and performance monitors of critical infrastructure components run 24/7, and a formalized escalation process is in place to respond to warnings and alarms. Autodesk Security Operations captures resource use on an ongoing basis for capacity planning purposes. Audit logging facilities exist throughout the infrastructure, and logs store certain information about user activities. Active security: The Autodesk 360 Security, Trust, and Assurance Program Autodesk centralizes cloud security and operations for the Autodesk 360 Managed Services with a specific program to focus expertise, cultivate best practices, and drive continuous improvement in all areas affecting security and performance. Ultimately, the Autodesk 360 Security, Trust, and Assurance Program aims to preserve the ongoing operation and trustworthiness of these services on behalf of our customers. Following are examples of activities conducted as part of the Autodesk 360 Security, Trust, and Assurance Program to help protect the Autodesk 360 Managed Services: Threat identification Log analysis: Security teams centralize application server and system logs to better analyze them for attack patterns. Logs also prove useful for forensics in the event an actual breach occurs. Intrusion detection systems: These dedicated systems inspect website traffic for known attack signatures and patterns that might indicate attacks. For example, repeated requests for the same resource with varying query parameters might indicate a SQL injection attack is under way. These systems may either alert the operations team of possible attacks or block them automatically. File integrity monitoring: Specialized tools monitor system configuration files to detect unauthorized modification of critical system, configuration, or data files. Service operations staff is alerted when modifications are detected. Hardening (reducing potential angles of attack) OS (operating system) hardening: The Autodesk Security Operations team executes specific operating system hardening sequences before deployment to reduce vulnerability, for example, removing unnecessary default administrator and guest user accounts. Development practices: Autodesk pursues a layered software quality strategy. Software developers strive for 100% automated test coverage of the code base, including automated unit testing. Expert software quality engineers regularly perform application tests with select customer use cases. Internal scans: Vulnerability scans are periodically run against the server environments (see Penetration Tests below). 6

7 Risk mitigation Securing physical access: Refer to the Physical Architecture section earlier on this page. Encrypting communications: The Autodesk 360 Managed Services conduct all client communications over a securely encrypted channel to prevent private data from being intercepted in transit and thus vulnerable to man-in-the-middle attacks, for example. VPN authentication: Remote access VPN (virtual private network) for Autodesk Security Operations staff requires two-factor authentication. Data transfer encryption: Encrypted in-transit data transfers use SSLv3/TLSv1 with 128+ bit ciphers and a 2048-bit certificate or AES 256-bit SSL and RSA 2048-bit certificates, depending on Autodesk service. Vulnerability scans: Periodic vulnerability scans of the network and server infrastructures help protect against the latest known system vulnerabilities. Penetration tests: Third-party experts conduct application tests after major functional updates to help prevent targeted attacks. These third parties use specialized tools to find new vulnerabilities in the application. While conducting penetration tests, these experts use the same techniques as the attackers to find exploitable vulnerabilities in the application. Autodesk software application developers immediately work to address vulnerabilities uncovered during the tests. Antivirus patching: Antivirus solutions deployed on the relevant servers work to protect against known virus threats. Autodesk maintains all systems required for the operation of the Autodesk 360 Managed Services according to the patch levels recommended by the manufacturers. Password protection: The Autodesk 360 Managed Services use Secure Hash Algorithm-1 (SHA-1) Hashing with Salt to protect user passwords. Salt is a technique to add random inputs to passwords for additional security. Encryption at rest: Our strategy is to transition the storage topology to be 100% encrypted at rest. Execution of this strategy is well under way with approximately 80% of the Autodesk 360 Managed Services already complete. Incident management Autodesk Security Operations employs an incident management process to quickly respond to events that adversely affect the Autodesk 360 Managed Services. If you believe such an event has occurred, members of the Autodesk Security Operations team are available 24/7 to respond. We treat events that directly impact customers with the highest priority. To report an incident, contact us at trust@autodesk.com. Security policy audit and update frequency The Autodesk Security Operations team conducts semiannual security policy audits. In addition, we may update our security policy periodically during the year as needed. For example, we review and implement new policy solutions from respected trade groups as appropriate. If we discover a procedural vulnerability, security updates may be implemented promptly. Data portability Customers own the data that they place in the Autodesk 360 Managed Services. At any time during the use of these services, you can export your data. If you decide to stop using the services, you have 30 days to export your data. Refer to the Autodesk Terms of Service for details. 7

8 For more information Autodesk is committed to secure cloud-computing. Visit the Autodesk Trust Center to learn why we re confident in our ability to protect the Autodesk 360 Managed Services. If you have any questions, contact us at Autodesk, BIM 360 Glue, Buzzsaw, Constructware, Moldflow and Inventor are registered trademarks or trademarks of Autodesk, Inc., and/or its subsidiaries and/or affiliates in the USA and/or other countries. All other brand names, product names, or trademarks belong to their respective holders. Autodesk reserves the right to alter product and services offerings, and specifications and pricing at any time without notice, and is not responsible for typographical or graphical errors that may appear in this document Autodesk, Inc. All rights reserved. 8