Thanks go to Steve Johnson and his Blog Nauseam post today http://www.blog.cadnauseam.com/2012/06/22/acadmedre-a-malware-emails-your-drawings-to-the-bad-guys/ for this eye opener.
I have been down on this whole cloud thing for any CAD use from day one. How many different ways can your data be hacked and it all depends upon a reliable method of access for it all to work.
The problem is that reliable accrues benefits to those who wish to steal data and not create data. You see the web can’t be made secure and the one thing, the only thing, that is guaranteed is the ability of technology to figure out workarounds for all security measures except keeping your data from any web access.
I see articles this day once again talking about how this web stuff will benefit all who use it but once again there are no comments on how to secure it. Autodesk is in my opinion going to be sued into oblivion not to long after they force their customers to the web. Unless of course they make every customer sign a EULA so ironclad that they can save themselves this way. It will only take a few high-profile cases before Autodesk will have to relent on this cloud only stuff or indeed they will suffer the consequences of customer loss. Kind of like the equivalent of data loss only for them it will customer loss.
How can any company afford to stay? I like what was stated in the article Steve quotes from.
“ACAD/Medre.A is a serious example of suspected industrial espionage. Every new design created by a victim is sent automatically to the authors of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals will have designs before they even go into production by the original designer. The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office. The inventor may not know of the security breach until his patent claim is denied due to prior art.”
So now Autodesk and I believe Dassault want all their users to be forced to have to work on the web. How priceless a warning is this about the perils of doing so from every direction. The one common denominator with every hack I have read about is the access to the web. All the stuff from server boards with back doors built-in to this bit of malware are rendered useless by not allowing any access to the web. The claims of tech advantages for the cloud by those who wish to make money off of it will in the end be defeated by tech designed to compromise it.
Your competitor could patent your stuff before you do as he had the finished drawings as soon as the author did!! Brilliant, this cloud thing really is good for some ahem, ah design firms should I say. Sponsored by the Chinese Board of Industry 🙂
Machined Audio Horn Lens 
I’m not sure people understand “cloud computing”. I do understand that people tend to believe a lot of media hype. And we all know the media is always right and always reports on the different views equally.
Anyway, when you dig into “cloud computing” and read some of the facts out there you might be surprised that “cloud computing” is going to more secure than your own internal storage security. Most systems out there encrypt your data as it comes into the cloud and if you want you can encrypt your data before you send it to the cloud and then have it double encrypted.
As for me personally, I’m not to hip on the idea of storing data up on the cloud because my data is usually quite large and heavy compared to the “consumer” data that is traditionally stored in the cloud. I feel that network speeds and the decryption/encryption process would be a drag on my systems and kill the performance.
Just my thoughts on beautiful Friday after with 81F, sunny and slight breezy day!
Hi Ryan, How is business going?
I will have to disagree with you on this one. When I dig into cloud computing on anything other than an in-house web prohibited system I see danger and breaches. It is hardly media hype with so many actual reports of serious problems from server boards with backdoors to this article today on malware. NSA and the FBI and major companies like Lockheed Martin and BAE all say the web can’t be made safe for critical data. Add in all the infrastructure problems with ISP’s and there you go. What is there to like? Encrypted, fine. Just hack the passwords account on the target pc and off you go. Now in an ideal world maybe this could not happen but companies can’t force employees to rigorously follow security measures leaving the only reliable one to be to prohibit web access.
All I know is that when the 13 Tribes of Kobol had to protect themselves from the hacking ways of the Cylon, they went off grid. They distributed all their computers and didn’t network any of them together. They managed to run an entire fleet of spacecraft that way.
You want to protect yourself from hackers, industrial espionage, malware, worms, viruses, and trojans? Then stop opening yourself up to the options. There are other ways to achieve the end result.
Hi Scott,
+1.
At the end all is about risk/cost ratio. I think, many SMEs will follow individuals and work with cloud / internet / dropbox-like… Huge behemoths you mentioned will keep their critical data behind firewalls and other locked devices. However, as we learned from Hollywood, there are 2 proven ways to get any data you want: 1/ $$$; 2/ sex… You can use a combination too :). So, within time, cloud can be probably even safer, since it will hide a location (at least from some people). Just my opinion. YMMV. -oleg
Hi Oleg, Yeah $$$ and sex are pretty good hacker tools and have stood the test of time for sure. I think there will be a place in the clouds for non critical data. How this will work I don’t know but I believe CAD and design data falls into the critical area and will not see adoption of the cloud for it any time soon. I am amazed at how fast the advancement of technology is accelerating and perhaps there will be a good solution not far away. Good to see you at SEU2012 and hope you did well there.
Dave, you are right. People that choose the cloud these days will be less concerned about security. I don’t expect to see defense, aero- and other similar companies. However, think about either with short life-cycle products or products that can be easy reverse engineered (today even easier with all new 3D scanning options). Maybe these companies / people will be less concerned about the fact somebody can potentially compromise the data? These companies in my view, will be first to adopt cloud because of cost / risk balance. Just my thoughts. It was a pleasure finally meet you in person at SEU2012. It was a very interesting event for us. Best, Oleg
The “Cloud” is a solution in search of a problem.
It is not the brain-child of engineers looking to solve an existing computing problem and progress technologically.
It is being pushed solely by those with a blind interest in jumping on the “social media” bandwagon.
The idea that the “Cloud” is progress in nonsense.
It is a technical regression that brings everyone back to the day of Mainframes and dumb terminal.
The problem now is that the CAD vendor want complete control of the Mainframe and refuses to indemnify customers for the loss or compromised IP.
These “Cloud” proponents can’t even protect a customer’s personal information and they actually expect people to jump on board?
It is also completely disingenuous of the proponents to downplay the security issues. IP theft via the “Cloud” has already happened.
To even suggest that there is a possible cost vs security equilibrium is intellectually dishonest.
I’ll consider the “Cloud” for my work when AutoDesk and Dassault use the “Cloud” for all their development.
Hi Tim, This is my take on it too and I have no intention of ever going there. It is all about the money as far as I can tell and I mean your money in their pockets with control over you as a data hostage. From security to autonomy what’s to like? Maybe there are some aspects of this of benefit in some ways I can’t see yet. But as I write this I am thinking of the latest hacker headlines of $70,000,000.00 plus electronically removed from banks who I am certain have spent far more money on trying to create security than these cloud for cad people ever dreamed of spending.
I have always maintained that deliberate deception is at the heart of this whole cloud thing as NOT ONE of these cloud guys has ever spelled out in writing indemnification for users. They know they can’t deliver so they just avoid the topic. Here buy this, isn’t it cool and we PROMISE you that it will save you time and money, just don’t ask to look behind the curtain.