Best Practices for Data Security in the Cloud

Experts continue to identify data security as a primary barrier to wider adoption of cloud-based CAE solutions. Essentially every field of engineering has unique security issues to address:

In Aerospace and defense (A&D), rigorous standards are necessary to protect national security.
For medical and pharmaceutical companies, HIPAA requires that patient data be confidential and anonymized.
Across all disciplines of engineering, the security of intellectual property (IP) is a pressing concern.

These data security concerns are certainly well founded, and it’s important to carefully weigh them before choosing a cloud CAE solution. But what’s often overlooked is that keeping your data in the cloud could actually be safer than keeping it on premises; after all, cloud providers must comply with high security standards and conduct regular security audits.

The right cloud CAE vendor can easily address these issues while also delivering robust computational power. Choose a provider that offers protection for data in motion and data at rest; that can deliver a hybrid cloud solution based on your organization’s distinct security needs; and embraces the pillars of cloud security.

Protection for Data in Motion and Data at Rest

It’s easy to think of data as an abstract aggregate. But for the purposes of keeping it secure, it’s critical to think of data in two separate states: in motion, and at rest. Each of these requires specific security measures.

Data in motion (sometimes called data in transit) is data that is actively being transferred from one location to another. For example, data being transferred from an engineer’s workstation to the cloud would be in motion. Data in motion is often considered more vulnerable--but less valuable--than data at rest. Measures such as encrypting data and using an encrypted connection can help protect data in transit, as can strict network security controls.

Conversely, data at rest is any data that isn’t actively being transferred. It could be stored on-premises, in the cloud, or on a portable storage device such as a flash drive. This “inactive” data is at lower risk because it is not being transferred, but it is often considered to be higher value because most organizations have a large volume of data at rest at any given time. Data at rest can be protected, for instance, through encryption of the data itself and/or the storage device.

Potential for Hybrid Cloud Configurations

Not every data set is equally important to your business. In the case of engineering simulations, however, data often consists of IP, such as new product designs, or other highly sensitive information. Protecting this data is especially important. That can make the prospect of putting it in the cloud a little daunting.

One excellent option for securing highly sensitive data is a hybrid cloud solution, which blends on-premises data storage with cloud storage. More sensitive data can stay on-premises, behind the company’s internal firewall, while less sensitive data can be stored and used in the cloud.

This approach has proven invaluable for pharmaceutical companies, which use patient data for clinical drug trials--and increasingly for simulations to evaluate potential drug side effects. Any data containing patient identifiers can be stored in-house, ensuring compliance with HIPAA regulations. Meanwhile, anonymized data can be used for simulations in the cloud, providing much better HPC computational capacity than most companies have on site.

Beyond data security, the hybrid cloud model confers other key benefits for engineering simulations. For example, UberCloud client uBeam already had its own on-premises ANSYS license and Azure subscription, but sometimes needed additional computational power for larger or more complex simulations. Using UberCloud ANSYS containers gave the uBeam engineering team the flexibility to scale up and down as needed, while still maximizing their investment in on-site licensing and subscriptions.

Pillars of Cloud Security Protocols

Security should be a primary consideration in the evaluation of prospective cloud CAE providers. Look for a company that offers comprehensive security features:

Security designed “from the ground up,” that is, security incorporated in the application itself, along with the network, hardware and procedures
Clear guidelines for both logistical and physical security
Enterprise data centers with world-class protection and monitoring
Industry-leading encryption options to secure data in motion and data at rest
Authentication procedures that leverage best practices like multi-factor authentication
Mechanisms to ensure that only authorized individuals have access to data per security policies
Code development, testing and operations that adhere to security best practices
Regular review of policies and procedures for security and operations

Security should not be a deterrent for taking advantage of the myriad benefits of cloud-based simulations. By carefully assessing vendors’ security protocols in the context of business needs like expanded computational capacity, organizations can find the right provider.