Version 1.0 2016-11-03
Traditionally, Building Information Modelling field has been driven by tools which were mainly used locally on single PCs. As the world has moved towards world-wide collaboration and cloud services, the value added by embracing these ideas and technologies has not gone unnoticed by any areas of technology.
Trimble, the producer of Tekla software and services, has embraced opportunities created by the internet. Tekla Online Services team focuses on creating and maintaining online services that support and create additional value to the users of Tekla software. Some examples include Tekla Model Sharing service for collaboration, and Tekla User Assistance, which helps users utilize Tekla products effectively.
The online services we focus on here are Tekla Account and Tekla Online Admin Tool, Tekla Model Sharing, Tekla User Assistance, Tekla Warehouse, Tekla Forum, Tekla Downloads, and Tekla Campus.
This paper discusses some of the security and privacy topics that are important to our customers.
Processes and the related organizations on security and privacy protection follow the best practices of ISO 27001 standard. In addition, many of the security requirements are aligned with industry standards such as BSIMM and OWASP ASVS.
By design, most Tekla Online Services do not share data between them. Data, such as models stored in one service, is not available to other services. The only exception to this rule is Tekla Account that is used for authentication into all services: it provides necessary identity information for the services.
Information that our customers store within Tekla Online Services can be divided into three main categories:
|Information||Rationale for categorization|
|Models created by customers using Tekla Structures (Models)||Models are the most valuable commercial assets that our customers store within the online services.|
|Personal Identifiable Information (PII)||Personally Identifiable Information (PII) is any data that can potentially identify a specific individual.|
|Other content created by customers within the services (Other Content)||In addition to models, other content such as support discussions or files must be protected within the services.|
When designing the Tekla Online Services portfolio, one design principle is to store the minimum amount of information needed for each service to function. Trimble recognizes the value of customer data and wants to minimize the risk related to security incidents, and any potential misuse of data.
Tekla Online Services can be classified based on the types of data they process.
|Critical||Tekla Model Sharing||Contains all Tekla Structures Models shared using Tekla Model Sharing.|
|Critical||Tekla Account||Contains PII about users and the user roles that are used for authentication.|
|High||Tekla Warehouse||Contains applications and plugins that can be directly inserted to models.|
|Normal||All others||Stores only limited PII from Tekla Account or Other Content created within the system. Does not store or have any access to Models.|
|Critical||Services which by design store and process users’ critical business data (for example, models), or would trivially enable access to it if compromised.|
|High||Services which are not mainly designed to store or process users’ critical business data, but may do so occasionally in limited quantities, for example, for technical support purposes|
|Normal||Systems which do not store or process users’ critical business data under any circumstances, or enable access to such data even if compromised.|
Specific information about customer information stored within Tekla Online Services, and where the information is located geographically, is available on request.
Even after applications have been designed and developed according to all industry best practices and by highly skilled professionals, there is still a possibility that something was missed. With Tekla Online Services, we ensure that all our services go through thorough security audits by third party security testers. The services are audited regularly to ensure that the level of security remains high.
If security issues or improvement areas are identified in security audits, Tekla team will evaluate these items and design effective mitigations. All important security findings are fixed before the product is deployed into production, and verified by the security testers before being approved.
All audits are done against industry standard security auditing frameworks and standards such as the OWASP Foundation ASVS 3.0 standard and the OWASP Top 10 or OWASP Mobile Top 10 security issue lists as relevant. All security issues are ranked according to the CVSS scoring method which is widely recognized as industry standard.
Vulnerability management is the process of ensuring that software is kept up-to-date as new security issues are found by the security community. With new issues being found at an ever increasing pace, it is vital for ensuring that internet services remain secure.
Many Tekla Online Services use both proprietary and open source components and systems. Occasionally, new security vulnerabilities are found in these systems by security researchers. Identified vulnerabilities are reviewed and fixes deployed to the services depending on their severity. Processes exist for fast-tracking critical security fixes into production, based on risk analysis done by Tekla team to ensure that services remain secure.
Each team at Tekla Online Services is responsible for maintaining an inventory of software components used by their product or service. The teams actively follow security feeds coming from vendors or central authorities like Cert.
Some of Tekla Online Services are hosted or managed by partners. In these cases, Tekla team works in close co-operation with the partner to ensure that vulnerability management is effective and that the services are patched regularly. Contracts are in place to ensure that our partners follow similar standards as Trimble.
While we do our best to ensure that all Tekla Online Services are secure, there is always a risk of a system being compromised. Trimble has set up practices for incident management to ensure that all incidents are handled efficiently.
Each team at Tekla Online Services maintains an incident response plan that includes instructions on handling security incidents. The plans include responsibilities, technical steps to take, and the location of all relevant materials needed in mitigating and investigating issues.
Each Tekla Online Services has a disaster recovery plan that details how the service can be brought up again in the event of partial or total loss. The plans ensure that acceptable service levels can be maintained even if something unexpected happens.
Tekla Online Services use varying types of architecture depending on the specific system and its requirements. However, the basic architectural principles are shared and applied to all systems to ensure that the services meet Trimble security and quality requirements.
All architectural designs are created and validated by a separate architecture team within Trimble to ensure that the basic structure is sound and secure. This ensures that the development teams can focus on the application logic. If there are any changes that could affect the security landscape, the architecture team is involved again.
Standard cloud architecture template is recommended for Tekla Online Services that do not have unique requirements that would prevent its usage. It is also used to benchmark custom architecture solutions to ensure that they fulfill the same basic requirements.
All Tekla Online Services use HTTPS / TLS for securing customer data when in transit over the internet. This is especially critical in services that handle models or other data created by our customers.
Many of the Online Services are critical for our customers and their business. To ensure that the services are available when needed, we have designed them to achieve high availability and scalability.
Critical services are hosted in established, world-class data centers with history of providing good service. We have implemented geographically distributed hosting to ensure that even in the event of total loss, the content is still available and can be distributed from the location closest to the customer. Detailed information on individual services is available on request.
Designing secure solutions begins from understanding the threats that the solution needs to be protected from. Without adequate understanding of the threats, security controls may be ineffective or even make the situation worse. Understanding the threats is one of the core guiding principles for designing and developing Tekla Online Services.
Threat modeling is an activity where the threat landscape is studied before the architectural design is finalized. All Tekla Online Services go through threat modeling. The threats form the basis for the design of security controls and system features.
Threat models are kept up to date as the services evolve. Threat modeling is a mandatory part of the change management process. It ensures that the impact of new features is properly understood.
Input from threat modeling is used as basis for defining security audits and testing.
Tekla Online Services are designed to be administered and provisioned by our customers. Tekla Account Admin tool allows customer organizations to configure the roles and access rights within different services. Our customers retain control over their data and can decide what kind of access rights are given within their own organizations.
Only authorized Trimble personnel have administrative access to the services, and the number of people who can access the customer data is limited.
In general, data created by the users is owned by the users even when stored in Tekla Online Services. Exceptions to this rule are described in service specific terms.
Tekla Online Services use trusted partners to host, develop, maintain, and test the services. These partner relationships have lasted for many years and partners’ expertise is a key aspect in building and maintaining our services.
All contracts with Trimble suppliers who handle personal data include EU model clauses that define requirements regarding security, privacy, confidentiality, and use of any materials that the supplier may have access to. All suppliers are held to the same standards as Trimble’s own employees. In addition, only named persons from the vendors are allowed to work on Trimble projects.
Tekla Online Services that require authentication operate using Tekla Account. Access rights can always be managed centrally through Tekla Account Admin Tool. This makes it easy for our customers to manage their accesses within Tekla Online Services.
Tekla Account service is built on industry standard authentication technology. All integrations to other Tekla Online Services are implemented using standard technologies, such as SAML, to keep the separation clear. The service is only used by other Tekla Online Services, which need to be authorized, and tested before being deployed into production.
Ensuring that source code cannot be altered is critical for the security of online systems. To guarantee this, various measures are in place. All code is stored using version control systems, either deployed within Trimble’s own network in the centralized repository, or in our partners’ own version control system. Access is strictly limited to development teams and named stakeholders.
Code for Tekla Online Services is developed either locally at Trimble premises, or at the premises of our partners. Trimble’s own premises are secure and require access permissions from all staff members and visitors. Similar requirements are in place for partners to ensure that they follow equally strict guidelines.
Development and testing is performed either locally on workstations, or within specially set up development environments. Remote development and testing environments are designed to protect the software and other data in similar manner as in production.
Even the best software development professionals can make mistakes. The best way to catch such mistakes and learn from them is code review done within the development teams. Different Tekla Online Services teams perform code review in the form of both peer review and formal code review. This allows us to ensure that the code is of high quality, and to spread the best practices within the teams.
Tekla Online Services are based on a wide range of technologies. Different teams use and follow industry guidelines and best practices when developing code. Code review processes aim to identify deviations from guidelines or best practices. The deviations can then be addressed before deploying the code in production.
At Trimble, we want to ensure that our services are of the highest quality. To achieve this goal, all systems go through rigorous testing before being deployed into production.
As part of the change management process, all changes to Tekla Online Services are first tested using both automatic testing and manual test cases. Any regressions in the testing are addressed before the changes can be considered for deployment. Test cases are continuously improved to cover new development. If any issues are discovered, test cases are created to catch them. Through this process, the quality of our services remains high.
Trimble recognizes the value of our customers. With Tekla Online Services, we have taken the steps necessary to protect both your privacy and the designs that are at the core of your business. While using the services, you can be assured that your data is protected.
We will continue to work on maintaining and improving the security of our services by taking advantage of new development in industry best practices. Our efforts allow you to focus on your core business without letting security concerns stop you.
If you have any concerns or questions regarding any of the Tekla Online Services not covered here, do not hesitate to contact us.