Protecting Your CAD Data with Onshape: A Security Overview

In This Blog: 

• How Secure is Onshape?

• Amazon Web Services

• Onshape’s Core Security Measures

• Secure Collaboration

• Onshape Enterprise

• Onshape Government

Your company’s most valuable asset is its intellectual property, and ensuring its protection is paramount. When it comes to CAD data security, a single breach could allow competitors to copy your ideas and beat you to market or worse, you could be subject to a ransomware attack

This raises an important question: How can you maintain stringent security while providing easy access to those who need it?

How Secure is Onshape? The Cloud CAD Security Advantage

Onshape security features are built on a foundation of robust cloud technology partnerships and proprietary protections. As a secure cloud-native CAD platform, Onshape delivers multiple layers of security measures, both on the client side for access control and in the backend to prevent security breaches and data loss.

Enterprise-Grade Infrastructure for All Users

At the foundation of Onshape's cloud technology is its partnership with Amazon Web Services (AWS), which maintains security standards rigorous enough to serve the CIA. 

What does that mean? AWS goes to great lengths to protect your intellectual property. Data centers are housed in nondescript facilities with physical access strictly controlled at both the perimeter and building ingress points by armed guards utilizing video surveillance, intrusion detection systems, and other electronic means. AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors and all visitors and contractors are required to present ID and are continually escorted by authorized staff.

These multiple layers of protection far exceed what individual companies could implement independently to keep safe files stored on USB drives, external drives, etc. 

How Onshape Protects CAD Data: Core Security Measures

The Onshape platform includes comprehensive security features, adding yet another security layer. 

Password Protected Access

Users must have valid login credentials, with passwords meeting strict complexity requirements. The system prevents brute force attacks by blocking access after five invalid attempts. For any deployment, user management is streamlined – adding team members takes only a few minutes, and access revocation is instant.

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) provides an additional security layer by requiring a time-sensitive 6-digit code generated by an authenticator app, providing protection even if passwords are compromised. The system offers convenient 30-day trust periods for verified devices while maintaining security.

If you were to lose your phone, you can use the recovery codes that were generated at the time of setup (that you should keep in a safe place) or contact Onshape Support.

Database Backup Procedures & Dedicated Servers

As part of the Onshape security infrastructure, databases are replicated across geographically separated data centers with near-instantaneous synchronization. Full backups occur every 4 hours, with integrity testing performed every three weeks. The cloud CAD security approach includes hundreds of servers dedicated solely to running Onshape, with regular server replacements and automated scaling to ensure optimal performance and security.

Communications Security & Encryption

In the Onshape environment, design data never leaves the data center. Clients receive only encrypted visual approximations, preventing local storage of sensitive information. All services require HTTPS, with regular security audits and automated vulnerability testing. Onshape security features include AES-256 encryption for all design data, both at rest and in transit. Internal communications between servers and databases use SSL/TLS protocols.

Third-Party Security Testing

Third-party security researchers continuously perform penetration testing, validating Onshape's security against emerging threats. All system activity is logged and audited. Even in the unlikely event of a breach, data remains unusable without access to the complete Onshape production environment.

SOC 2 Type II

Last but not least, Onshape has completed the SOC 2 Type II audit, demonstrating its commitment to protecting customer data through regularly reviewed security controls. This independent verification confirms that Onshape security features meet industry standards for securing sensitive information, making it a trusted choice for organizations across regulated industries.

Secure Collaboration for Every User

Unlike traditional file-based systems, Onshape enables secure sharing without creating vulnerable copies. Users simply enter an email address and set appropriate permissions. Recipients receive a link that opens the design directly in their browser, with no software installation required.

The permission system allows for granular control over what others can do with your designs. You can grant view-only access for suppliers needing to provide quotes, or full editing capabilities for trusted team members. Comments can be enabled without granting other permissions, facilitating clear communication while maintaining security. Perhaps most importantly, access can be revoked instantly at any time, ensuring your intellectual property remains under your control.

Enhanced Security with Onshape Enterprise

The Onshape Enterprise security overview reveals additional layers of protection for organizations requiring maximum control over their CAD data security. Each enterprise receives a unique domain in the format of <company name>.onshape.com. This dedicated space ensures complete separation of company data and provides a professional, branded environment for all users.

Enterprise administrators can tag a person as a “guest,” providing a special designation for external collaborators. Guest users begin with zero default access to company data and require explicit permission grants from administrators. This safeguard prevents the accidental exposure of sensitive data to outside parties.

Activity monitoring takes on new depth in Enterprise accounts. Administrators can access comprehensive audit trails of all user interactions, making it possible to track every action taken within the system. This is particularly valuable for managing contractor access and maintaining compliance requirements.

Onshape Enterprise also has tiered access levels through Full and Light user designations. Full users receive complete CAD editing capabilities within their permitted documents, while Light users are limited to viewing and commenting. This structured approach allows organizations to extend controlled access to non-engineering teams like sales, marketing, and field service staff without compromising security.

Onshape Government

Onshape Government is the same cloud-native CAD and PDM solution, but tailored for U.S. government agencies, defense contractors, and organizations working with sensitive or regulated projects. Built on AWS GovCloud, Onshape Government helps customers meet ITAR and EAR compliance requirements. With Onshape Government, teams can innovate quickly and securely without compromising on compliance.