Results 1 to 4 of 4

Thread: Cad software that protects IP

  1. #1
    Associate Engineer
    Join Date
    Apr 2011
    Posts
    2

    Cad software that protects IP

    I work for a small family company in China.
    Mostly doing manufacturing engineering.

    The level of IP theft over here is astounding. And most don't consider it to be morally wrong either.

    We're growing quite fast and are looking at employing some more Chinese engineers, to help with manufacturing design.
    A serious potential problem though, is engineers staying for a few months, then leaving to work for a competitor, and taking the CAD drawings with them... (it's much easier to get a job, if you can also offer the IP from a competitor!!)

    Is there a way to run Cad software across a network, so that only certain people can Export the CAD data? I.e. When an new engineer makes a new file, they are restricted to saving it on 1 hard drive on the network, They are also restricted, so they can't export the data. Also you'd have to allow them to open Cad files from that hard drive, but not copy files from that hard drive to an existing drive etc. Is this possible?
    (Obviously, a trusted employee would have to have access to print or send the data off to the mold/machine shop etc.)

    Are there any CAD systems out there that allow for this? We currently use alibre, but I'm doubting that it has this functionality. I'm guessing possibly a cloud based software could have something like this?

    Obviously you'd still be reliant on the "trusted" employee not to leak the data, and the machine shop not to pass on drawings. But We've been here for a while, and have those people in place. (at least we hope so) It's more that we are about to employ new engineers, we don't know, with little track record...

    Any advice would be much appreciated.
    Cheers
    AJ

  2. #2
    Technical Fellow
    Join Date
    Feb 2011
    Posts
    1,043
    There are ways your Network administrator should be able to protect the drawings, all without the workstation application (ALibre et al) from needing to know about it.

    Limit "Save" rights to certain locations only, the main file server for instance.
    Have no saving devices like USB ports or CD-writers on the workstation machines. Or disable them at the operating system level if they have them and cannot be removed.
    Encrypt the files on "Save," decrypt on "Read" using a key only known to a select few. That encrypt/decrypt can be incorporated into the network transfer protocol so that it happens automatically and transparently to the workstation user.

    Many more options. You need to find a good local person to set this up if it is beyond the current network Admin's abilities.

    Dave

  3. #3
    Associate Engineer
    Join Date
    Apr 2011
    Posts
    2

    Great thanks for that!
    Looking for a good local network tech now.

    Is there anyway that laptops could be incorporated into the system? If staff wanted to work on designs at home?

  4. #4
    Technical Fellow
    Join Date
    Feb 2011
    Posts
    1,043
    AJ, That could get tricky as once it is on the laptop it is no longer under the control of the network Admin.

    On a laptop the user would have to keep it in "Sleep" mode, PLUS the software ALibre etc would have to be prevented from saving. That approach is risky as the battery may totally expire and the changes would be lost.

    Allowing them to take stuff home on their laptops is about as secure as you have it now.

    However, allowing laptops would be your choice. BUT -- for reasons other than just IP rights protection, allowing a laptop onto your high-value-data network, is plain crazy. You have little control over what may be coming IN!! That may be a whole lot worse than them stealing drawings.

    If you provided the laptops then you could limit at the OS level, what can and can't be saved. However, once the laptop is out of sight, even that can be easily compromised. I won't go into detail but suffice to say, laptop files could be liberated by a skilled person in under 70 seconds.

    My strongest advice is to keep ALL stuff on your network until you have an absolute trust of each individual, then gift them as appropriate. People are people so even then, that may not be 100% secure. After some 35+ years programming and consulting my approach is that I would ALWAYS keep important IP stuff trapped on the network, but then I am a little paranoid. LOL

    Dave

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •