Your company’s most valuable asset is its intellectual property, so making sure it doesn’t get into the wrong hands is of paramount importance. If your CAD data is lost or stolen, your ideas could be copied and your competition could get to market first on the back of all your hard work and innovation.
How can you lose CAD data? Easy. Every time you send a CAD file outside of your firewall, it’s lost forever.
Lost, in the sense that you don’t know where it is or where it’s going and you can never get it back. Most of the time you need never worry – the CAD file you emailed to your trusted supplier is safe. However, there are times when you need to email files to people you’ve never worked with before. In these instances, you just have to hope they maintain a certain level of professionalism and keep your data secure. Unfortunately, hope is not a very good security strategy.
The historic solution to this problem has been to implement a product data management (PDM) system that allows only authorized users to access your data. Some PDM systems are a little more “with the times” and have a web interface, so that external contractors and suppliers do not have to license and install a PDM client on their computer. These solutions often require you to host your own web server and domain with an obscure URL that’s impossible to remember. Others require a VPN connection to your company network – this is fine for employees, but not feasible for third parties. Both of these options require a local download of a file to a computer outside of your firewall, so trust and hope are in play again.
Herein lies the conundrum: How do you keep your data secure, but allow easy access for anyone who needs it?
Share, Don’t Copy
Onshape is the only 3D CAD system that enables secure sharing of your design data and real-time collaboration. Data is shared, rather than copied, with granular control of each user’s access permissions. If you are dealing with a new supplier and are requesting a quote, simply enter their email address, set their permissions to “view and comment only” and hit Share. That’s all you need to do.
They will receive an email with a link that will open your design in a browser for them to view and measure. They don’t even need an Onshape account. When they have finished, click the “X” next to their name and their access is revoked immediately. There are no copies of your data anywhere.
If you need to work with a partner or contractor, you can give them edit rights (while still preventing sharing or exporting rights if need be). This sharing mechanism keeps your data secure. For simple interactions with coworkers and third parties, sharing data in this way is more than sufficient.
However, as your business expands and your product offerings multiply, the number of people who need to access your CAD data grows exponentially. When this happens, granting access to your design data on a per Document basis is not so manageable and certainly not scalable.
Onshape Enterprise addresses these issues with a number of additional security features that enable you to monitor and audit every interaction with your data. It also provides easier ways to enable access to your data for extended teams of users both inside and outside of your company.
Instant Setup And Provisioning
One of the benefits of Onshape is that it runs in a web browser, so there’s no software to download, install, update or license. This makes it super easy for a single user to sign up for a new account, enter their details and be up and running in a matter of minutes. But what if your company has hundreds of users? That might be a little trickier to orchestrate.
Both Onshape Professional and Onshape Enterprise enable instant provisioning of 3D CAD. Simply add each user’s email address to a list, click “Add” and within moments they will receive an email with a registration link. After creating their account, they then have instant access to state-of-the-art CAD and the design data you have given them permission to see. If you have hundreds of users, chances are you will have their email addresses in a spreadsheet or CSV file format. Copy and paste. Done.
The difference between Onshape Professional and Onshape Enterprise is how your data is accessible to third parties. For example, if you add a contractor (who already has their own Onshape account) to your company in Onshape Professional, they will see all your shared company data, plus shared data from other companies they are part of, plus their own design data.
With Onshape Enterprise, an external third party must sign in to your Enterprise domain in order to access your design data. This keeps your data completely separate from any other company’s data and prevents it from being used or copied outside of your domain.
Your Company’s Custom Domain
Every Onshape Enterprise customer gets their own unique domain name to access their company data, in the form of <company name>.onshape.com. Every authorized user, either internal or external, must sign in to that domain account in order to access your data. It’s easy to remember, easy to share, and always clear who owns the design data that is being worked on. You can also add your own branding.
If a user has their own Onshape account and is a member of one or more Enterprise accounts, switching between them is easy. Under the user’s account settings menu, there are options to “Switch to” each of the Enterprise domains they are part of. This will automatically sign them out of the Onshape account they are currently using and take them to the Enterprise sign-in page.
Guest User Access
When adding new users to an Enterprise account, you have the option to tag a person as a Guest. This is intended to be used as a differentiator between external third parties and company employees. Guest users, by default, have zero access to any of your company data. A company administrator or other user with sharing permissions must then explicitly share design data with that guest. This is to safeguard against accidentally sharing sensitive data to people outside of your organization.
When a user is tagged as a Guest, an icon appears next to their name wherever it is used. For example, when sharing data, this makes it easy to see which users are employees and which are guests and therefore what level of access they should be granted. A Guest can be promoted to become part of the Enterprise and enjoy the same access rights as other employees or they can be removed completely. Once removed, all access to your domain and your design data is instantly revoked.
My previous blog post about Onshape Enterprise’s Real-Time Analytics and Reports explains how you can explore each user’s or team’s activities, see what Documents they have worked on and how much time they’ve spent on a project. This is especially useful for Guest users. If you are paying a contractor by the hour, you will know when they worked on a project and for how long. This data is retained long after a user has been removed from your Enterprise account, so you will always have an accurate account of everything.
Options For Full & Light Users
For additional flexibility with defining sharing and access rights, Onshape Enterprise also gives you the option to define a user type as either Full or Light.
A Full user speaks for itself. This is a user who has full CAD editing rights (but only to the Documents and Projects that he/she has editing rights to). A Light user is intended for users who need view and comment access to your data and do not need to make edits. Access to data is still by permission, but you cannot give full editing rights to a Light user. This tiered structure and the advanced provisioning make it far easier for organizations to share design data with authorized collaborators beyond the core engineering team, both inside and outside the company, including sales and marketing staff, field service staff, supply chain and manufacturing partners – even customers.
Universal Access With Onshape Enterprise
For the first time in the history of CAD, design data can be consumed easily by those who need it. Designers, managers, executives, sales, external manufacturing partners and every other stakeholder in a design project can have unfettered access to the data they need to do their jobs effectively.
To quote both Winston Churchill and Spider-Man, “With great power, comes great responsibility.” In the next blog post of this series, we will explore Onshape Enterprise’s features for extended security and access control. Stay tuned!