Going mobile….Safely

Just in case you have not noticed, the world has gone mobile crazy. Mobile apps are now key business tools and Engineering is no exception. This raises an important problem: mobile by definition means that your data is going mobile; but how do we protect the Intellectual Property (IP) of this data? PLM holds data in the form of CAD Models, drawings and documentation, which is some of the most critical data that the company owns. Protecting IP is not new, for example, in 1967 Israel’s Mossad allegedly stole 3 tonnes of drawings of the Dassault Mirage fighter and effectively copied the aircraft, it was a huge operation; now someone can have 3 tonnes of drawings on their phone! Going mobile clearly poses a new set of problems.

tablethands

Financially IP theft is not a small matter, the U.S. Commerce Department has estimated that intellectual property theft costs the economy more than $250 billion and 750,000 jobs annually and the International Chamber of Commerce estimates that the global fiscal loss is more than $600 billion per year. In another example, it is estimated that the worldwide turnover of fake automotive parts and components amounts to $12 billion a year, of which $3 billion is in the USA alone.

Protecting mobile data

Before we can protect our valuable data, we need to understand how it is used. Who needs access? What do they want to do with it? and where do they need the data?

The following are some examples of data going mobile:

  • Managers making approvals whilst travelling
  • Shop floor access to drawings and
  • CAD models to check details
  • Service technicians on-site repairing products
  • Providing designs to OEMs and third parties to outsource manufacturing
  • Design reviews with clients on-site

For our organisations to thrive the product data must be mobile, but how can we protect this data in the wild?

First we need our design data to be housed in a safe place and most companies have agreed that PLM is that place. All PLMs have access control mechanisms, usually a complex matrix of users, teams, folders and life cycles. Using rules we restrict user’s access to data. The first stage to protect data is to make sure it is carefully organised within the PLM. For example, in Windchill “containers” (aka “contexts”) were introduced some years ago to assist this this, and now form the backbone of the data and team organisation in the system and therefore the underlying access rules.  However mobile adds a new dimension to access control, “If I want to see a drawing on a tablet, it is because I want to move it somewhere” and this needs us to have more that static data management rules.

In the Clouds

“Let’s keep it in the cloud, it will be safe!” this seems like a legitimate answer but it is not that simple. Unfortunately even if the data is stored in the cloud, the adage “If I can see it, I can copy it” applies. The data itself is fluid, it moves easily. For example, if I look at a drawing on a mobile devise a copy is downloaded, even if I try to prevent the user accessing the downloaded copy I can’t stop them doing a screen shot or even simply taking a photo with a high resolution camera.

cloud

The data is on the move, wherever it originated.

Security Technology

With so much at stake the industry has concentrated on locks, preventing unauthorized access to data that is mobile. A number of commercial solutions exist, to encrypt and password-protect files when they are viewed or downloaded, the viewer will attempt to limit the users’ ability to make changes, cut and paste, save etc. All the major CAD vendors have these types of solution. This software uses closed applications and proprietary file formats to limit access; perhaps the best known widely used closed application is Adobe’s Acrobat PDF viewer. Many companies use PDF to provide read-only access to drawings and documents but there are many other applications specifically for CAD data. It should be noted that however hard we try, we can never get past the “If I can see it, I can copy it” rule. They are many other techniques used to try to protect data.

Watermarking is a very active area of interest for many companies; a mark is added to a drawing which overlays additional information and in doing so makes it harder to copy the image. Using another approach some software providers have investigated Digital rights management (DRM), or more accurately IRM, but most seem to have rejected it as being too complex to administer.

Finally we need to consider the human factor, an Ibas survey (www.ibas.net) shows that only 28.2 percent of business professionals commonly think that intellectual property theft is completely unacceptable, and the most common thieves are the IT folks themselves, so maybe locks on data are not the only answer; at Wincom we are looking at other ideas.

New ideas

The first is to make it hard work to copy the data. Many 2D drawing formats are vector based, meaning that the file is effectively as set of instructions on how to draw the drawing. This makes the result, small, fast and scalable, examples of this format are dwg and svg, however the problem is this format is very easy to copy, and even the watermarks are relatively easy to remove. Converting vector to raster when sending content to mobile devices makes it much harder to copy; albeit at the cost of larger file sizes.

Another technique we have adopted is called “personalised watermarking”. Wincom watermarks are applied at the moment a user views or downloads a drawing, and includes the name of the user and the time and date. This will encourage users to value and look after the data properly.

This book belongs to

In addition to standard watermarks we also incorporate “hidden watermarks”. Once the data is in a raster format we can add information on the drawing that the human eye cannot see and is embedded into the data. This means that if the data is copied in any way, and then we get the hold of the copy in future we can identify who, how and when the data was copied. Having a leak is bad enough, not stopping it once you find it is worse.

For our clients we use a mobile PLM framework and a secure content server, which allows us to create custom task oriented apps, giving the user quick access to only the data they need to do their job and provides that data only in a secure format.

Conclusion

Accept the data cannot be 100% secure if it is mobile, but we can to make it hard to make unauthorised copies using raster formats, watermarking and closed applications. The next step is to get employees to have ownership and value the data they use. Keep data well organized and access control rules up-to-date. Finally give users access to only the data they need with task oriented mobile apps, which will make them more productive and reduces the risk of IP theft.

Leave a Reply

Change Lite

Take a look at the EAP Search last improvements!