Cloud PLM and Security Certification

August 22, 2011

Cloud and Security. I hope I’ve got your attention a bit :) . In 99% of my talks about PLM and the cloud, the topic of security was coming very fast. The question of how to provide a balanced way to handle it is the one I’m mostly interested. Thinking about consumer and enterprise space, Google seems to be one of the companies that has real concerns about how to support it in the right way. In my view, Google is actively seeking how to increase their Google App presence in the enterprise space and replace Microsoft Office suite of product. Over the weekend, I was reading ZDNet blog – Google App Engine now officially secure. While I don’t think, this is the major addition to what Google already had, I found it as important. Pay attention to the following passage:

The certification process, which covers everything from physical security at the data center to making sure that only pre-cleared staff have access to customer data, to evaluating Google’s redundancy and incident reporting… And the bottom line to all this is that several enterprises require their cloud providers to be compliant with these standards – formerly SAS 70, and now SSAE-16. And this means that Google App Engine is open to a whole new customer base, with confidences bolstered by an authoritative second opinion.

My take is that certification process can open many doors for Google Apps in the world of enterprise.

Cloud PLM Certification

There are not much existing cloud PLM applications. I definitely need to mention Arena Solution as one of the pioneers in this space. PTC/Windichill was experimenting with IBM deployment, but I don’t know much about the status of this solution. Some of the cloud / SaaS products such as Agile Advantage was retired by vendors. Multiple providers in CAD/PLM space are rushing to announce and provide their roadmaps and first product introduction into this space. There are few, I noticed specifically: Dassault announced about their V6 cloud applications, Aras published, they are ready for cloud with Aras Innovator. Autodesk, even if not having any cloud enterprise application today, already announced about future Autodesk PLM cloud application coming later this year. I’d be interested to hear these (and other) vendors are talking about ‘security topics’. What is vendor’s view on cloud security certifications for the enterprise? What specific certifications expected by customers depends on customer type and range? What is the reasonable requirement and what is the "red-herring" type of requirements?

What is my conclusion? Security is important. I think, industry developed lots of potential technologies, procedures and techniques for security. However, to differentiate between what is the priority and what is the minimum set of techniques and procedures is important. PLM vendors will have to discover them to provide it to customers and, at the same time, to optimize the cost of security mechanisms. Just my thoughts..

Best, Oleg

Image: jscreationzs / FreeDigitalPhotos.net

Leave a Comment » | Daily PLM Think Tank | Tagged: , , , , | Permalink
Posted by olegshilovitsky

PLM: Data Protection and Security Approaches

September 17, 2009

data-protectionI want to touch and discuss an issue of data protection. When thinking about Product Lifecycle Management and related disciplines, IP protection and data security are obviously very important. However, I’d like to take in the context of another very important and growing trend in PLM, in my view - need to expand Product Lifecycle Management beyond the level of engineering department.

Product Lifecycle Management discipline and implementations are growing. The big potential PLM return can come together with an ability of PLM to proliferate in business process and activity PLM manages to the overall organizational value chain including extended enterprise of various types of subcontractors. In order to achieve that PLM develops and invests various abilities to integrate and exchange information with different organizational systems. But, at the same time, massive product information exposure brings risk that company IP will be lost and get into competitor hands. This is especially true with latest development and trends related to the ability to “socialize PLM”. Internet and other related technologies are very open and put company IP at high risk.

With such an introduction and background, I want to propose few possible approaches how PLM can manage IP protection with everything related to product development, manufacturing and supply chain.

1. Application level. With such approach IP protection will be managed secure access to data in the way a specific set of applications can do so. PDM / PLM / ERP and any other products in IT will have consolidated definition of security and authorization rules. The advantages of such method is in diversification of data protection and, probably certain level of simplicity. The main disadvantages I see are related to overlapped definitions and potential lack of consistency between different application domain.

2. Middleware/IT. This approach assumes the existence of cross-organizational systems (such as enterprise portals, master data management etc.) that place a role of cross functional domain holders for product data and IP. Sometime, specific enterprise application such as PLM or ERP can play a role of the overall umbrella. However, I don’t see it as happens very often. The advantage is the absence of overlap and consistency in the definition. From the opposite view, this approach increase, an overall complexity in product IP management. I do see options 1 and option 2 as co-existing options.

3. Data Level. Let me dream about another possible option - data level. One of the possible future directions in data protection is to make authorization and security mechanisms to become a part of data itself. You can get initial conceptual thoughts about that in protection of PDF files and some Web and REST architecture principles.

This is my short analyzes and thoughts so far. I think data protection and security will play a very significant role in planning of future enterprise data management systems. Movement to the Web-based concepts is something I see beneficial. It can create consolidated data and information protection mechanisms.

Best, Oleg

Leave a Comment » | Daily PLM Think Tank, Future Trends, Technology | Tagged: , , , | Permalink
Posted by olegshilovitsky

PLM Prompt: Social PLM and Security

June 30, 2009

Note…  Reading very interesting study about higher vulnearability of social networkers.

We are all very excited about advantages of PLM social product development and social innovation. I think, social software brings a lot of potential.  But what will be security impact for these people and enterprises?

My short prompt. How do you see it?

4 Comments | PLM and Social Environment, PLM Prompt | Tagged: , , | Permalink
Posted by olegshilovitsky

Follow

Get every new post delivered to your Inbox.

Join 73 other followers