As I noted in a previous blog post, Cadence IT experts are engaging with customers to help them develop and improve their CAD infrastructures. One issue that some customers need help with is data security. There are many "best practices" that can be helpful, particularly for small companies and startups who don't have full-fledged IT departments.
I talked to Saravanan Nagarjan, senior IT architect at Cadence, about some of the "best practices" Cadence recommends to EDA tool users. Cadence implements many of these practices itself to protect customer data inside VCAD (Virtual CAD) chambers, which can provide everything from a place to run diagnostics to a complete CAD infrastructure for a small company.
An article in the December 2010 issue of Processor magazine provides a more detailed look at how Cadence secures customer intellectual property in its Hosted Design Services engagements, which are basically VCAD chambers with design tools provided on a software-as-a-service (SaaS) basis. As the article notes, Cadence also works with customers through its EDA Infrastructure Acceleration Services to address concerns such as data and network security.
Rule Number One: Know Where Your Data Is
Saravanan said that Cadence advocates a "data centric" security approach, and the first step is to simply locate the data. "Often times, customers don't know where their data is," he noted. "It could be on servers, it could be on laptops; data can be anywhere. Once you know where your crown jewels are, it's easier to protect them."
Once located, it's important to identify or classify the data, monitor critical data, and track its movements. This helps prevent data loss. Internally, Cadence uses a methodology called "Label, Log & Secure" that sets forth protocols for logging customer data and tracking every data transfer.
Here are some other points that emerged from our discussion:
- Passwords alone are not enough. Cadence strongly recommends "two factor authentication," which combines something you know (such as a password or pin) with something you have (such as a smartcard).
- Watch your back. Don't just safeguard your network perimeter - be aware of any "back doors" people could use to walk away with crucial data.
- Encrypt data so that if it's lost or stolen, it can't be used by the bad guys. But don't encrypt all data. First identify what is private and confidential, and what is public, and apply encryption based on that classification.
- Different solutions may be needed for encrypting data at rest and encrypting data in motion. For example, there are products that focus specifically on secure file transfer with encryption.
- The easy availability and low cost of memory devices, such as USB drives, represents a big security challenge. The best antidote is to identify, monitor, encrypt, and track the movement of data.
- Network security best practices include industry-certified firewalls, intrusion detection systems, data loss prevention systems, end-to-end VPN encryption, and centralized log monitoring and correlation.
- Physical security is also important. For example, Cadence has 24/7 monitoring with restricted and controlled access to VCAD chambers.
- Servers are "hardened" by closing down protocols and ports that are not required by the customer, and a strict data cleansing process is followed after every customer engagement.
Inside the Cloud
There's a lot of interest these days in cloud computing, and Cadence is "closely monitoring" developments in that space, Saravanan said. His view, however, is that "the security is still maturing" for public clouds. "The cloud should adhere to our standard security practices with things like firewalls, VPN and security monitoring devices, and at the same time we have to worry about the trust model of the cloud," he said. "The trust model should include third party security audits and should adhere to legal and contractual obligations as well. We need to make sure the confidentiality, integrity, and validity of the data inside the cloud is there." Similar views were voiced in the Processor magazine article cited above.
In addition to data security, Cadence IT experts are helping customers solve problems and answer questions related to networking, thin clients, Linux, tool licensing and management, and private and public clouds. "If you need any help with IT, we are more than willing to provide advice," Saravanan said.