IP security vs efficiency: What’s the best way to share engineering information?

There’s a generally accepted notion in engineering that cumbersome security protocols are a necessary evil. Sharing files and data, especially outside your organization, can either be fast and easy or it can be secure — but not both. That’s just the way it is and the way it’s always been, right?

And no matter how deeply you understand the importance of rigorous Intellectual Property (IP) security, it’s natural to get frustrated if it feels like your hands are always tied by red tape. So when you’re trying to stay on schedule, nail your quality goals, hit your cost-down targets, manage a distributed team, communicate with suppliers and customers, and keep everything from flying off the rails… waiting 17 minutes to load a single file because you’re using an FTP or VPN service? That can seem like the straw that’s really going to break the camel’s back this time.

But the truth is: maintaining a high standard of security doesn’t have to be so painful.

Historically, we’ve normalized viewing security and efficiency as being at odds with each other. Realistically, though, that’s a mindset of the past. Today, even major governments and financial institutions are running cloud technology that balances maximal security with optimal effectiveness. And although the mechanical and hardware world has been lagging behind other industries when it comes to cloud adoption and digital collaboration, top teams have been waking up to the possibilities for a while now.

So what does the industry’s current state of collaboration look like? This article gives a rundown of the most common ways engineering information gets shared today, and our take on them. But first, some important background to consider when evaluating solutions for security and efficiency.

Security and efficiency are not, in fact, mutually exclusive

It’s worth repeating: a secure process does not necessarily mean a slow process. Yet because IP security is so crucial for engineering companies, most teams have some tolerance for workflows that are secure but somewhat inefficient. On the flip side, there should be slim to zero tolerance for workflows that are efficient but not secure.

That’s largely where this false dichotomy comes from. We’re more than two decades into the 2000s, but many engineering teams are still collaborating and sharing information the same way they did in the 90s. That means many engineering and collaboration processes that were designed to be as efficient as possible while still maintaining adequate security controls — they’re still rooted in the technology and landscape and capabilities of a world that no longer exists.

“Focusing on efficiency gains when you haven’t nailed effectiveness is a waste of time.”

Here in the present day, there’s a lot more convergence of best practices for security and best practices for efficiency. In other words, compared to the last 20 years, there’s now significantly more overlap between a secure process and an efficient one.

But perhaps more importantly, there’s a growing recognition that engineering teams need to be reprioritizing the way they think about process improvements. Everyone wants to be as efficient as possible. But if you take a process that’s no longer as effective as it should be, and you successfully make it 5% or 10% or even as much as 25% more efficient, all you have is a really efficient broken process.

‍

“Focusing on efficiency gains when you haven’t nailed effectiveness is a waste of time,” says Adam Keating, CoLab’s co-founder and CEO. “Teams need to do the right things first. Then do the right things right.”

So it’s not just a matter of adopting new tech solutions; it’s about adapting to new ways of working together. Things that seemed unrealistic just a few short years ago are quickly becoming table stakes. Pre-pandemic, nobody was predicting the rapid rise of remote work to happen as soon as it did. Now, it’s a consideration that no employer can ignore if they want to compete for top talent.

As mechanical teams reevaluate their engineering processes and the ways they collaborate and communicate about design, there’s a big opportunity to actually strike that ideal balance between a secure process and an effective process. But to get there, we first need to have a conversation about cloud tech.

‍

Let’s talk about the cloud

Regardless how you personally feel about the cloud, it’s not a stretch to say that cloud technology has often been met with quite a bit of apprehension and scrutiny by large engineering companies. And initially, that was fair enough! The term “cloud computing” only first emerged in the latter half of the 90s (several years after the World Wide Web first launched in 1991).

However, over the last two decades, cloud tech has continued to evolve and mature. On top of that, more and more organizations have taken the leap and shown that cloud solutions can indeed be implemented securely — even when data and IP security is paramount.

“There’s a misperception that cloud is insecure, and it’s not true. It’s wrong. It’s a complete misperception.”

Robert Percy, a 25-year cybersecurity and tech industry veteran and CoLab’s VP Security, is very familiar with the myths that still exist around cloud technology. “There’s a misperception that cloud is insecure, and it's not true,” says Percy. “It's wrong. It's a complete misperception.”

When it comes to security concerns, there are real risks and then there are perceived risks. Hesitancy around adopting cloud solutions is generally based on perceived risks rather than real ones. And while on-premise solutions don’t carry the same perceived risks as the cloud, there are real risks with on-prem infrastructure that frequently get overlooked.

“Cloud can be as secure as you want it to be,” emphasizes Percy. “Neither is more or less secure than the other. On-prem infrastructure can be made secure, or it can be not secure. Cloud can be made secure, or it can be not secure. It all depends on the implementation and it all comes down to configuration. The vast majority of breaches are still because of misconfiguration.”

“We have major government entities with the most secure data possible that are using cloud infrastructure, because they have the controls in place to guarantee that it is secure,” Percy continues. “If you don't do that, then it's the same as anything else. It can be the same in an on-prem situation, where you have this server that's sitting on the internet that nobody knows about and it's unpatched and wide open to the internet and it's a perfect pathway. It's no different.”

Unfortunately, these persistent misperceptions that cloud infrastructure is less secure than on-prem are not harmless. 

Theoretically, engineers today have a massively unprecedented ability for the best and brightest minds in the world to collaborate on truly life-changing (and world-changing) innovations. Yet while every other industry is already adopting cloud tech en masse and revolutionizing the way their teams work, the engineering world is being held back by misconceptions about data security — and that needs to change.

So cloud or no cloud, let’s review the most common ways of sharing engineering information.

‍

Breakdown: Common ways engineering teams share design files and info

This isn’t intended to be a perfect or exhaustive list. However, after speaking with 100s of engineers and leaders over the last few years, we’ve found that essentially every engineering team falls into one or more of these six buckets when it comes to collaboration.

Most teams use a combination of methods, supported by document-based design communication (ie: PowerPoints, PDFs, spreadsheets, etc).

But how do you know what’s secure, and what’s not? While your security team likely has the final say and ultimate accountability for matters of data security, engineering leaders need to have an understanding and awareness of fundamental security principles. Like anything else, you only learn once you start taking a closer look and asking questions.

Here’s what Percy recommends when considering how secure your collaboration processes are: “When you're sharing information — whether it's by email, through your PLM solution, FTP, whatever — you have to ask: can I prevent someone from sharing, forwarding, uploading, redistributing, printing, copying, doing whatever? Can you prevent somebody from doing that with your data? If the answer is no, then you have lost control. It's gone.”

With that in mind, let’s look at how these common sharing methods stack up against each other for security, effectiveness, and efficiency.

Email and chat

• Can be a fast, convenient way to get someone the information they need
• Instantaneous, reliable, and straightforward to use; works for communicating externally
• Quickly becomes cluttered and disorganized
• Files and info need to be included as attachments or URLs 
• Version control is difficult and messy email threads make it easy for things to fall through cracks
• Does not offer any 3D viewing capabilities
• Not secure at all; once an email is sent, you no longer have control over the data it contains
• As Percy puts it, “Email was never, ever designed to be a secure method of communication.”

Servers and shared drives

• Covers a broad range of sharing methods, from SharePoint and Dropbox to network drives and FTP
• Provides a central storage hub that can hold multiple file types
• Can typically be organized and structured according to your team’s needs
• Only enables file sharing; doesn’t offer any collaboration functionality
• Typically still requires using a second method (such as email) to actually communicate
• May be fast and simple, like copy-and-pasting a URL, or more time-consuming like an FTP download
• Does not offer any 3D viewing capabilities
• Files must be downloaded to be reviewed, which introduces a loss of control over that file
• Level of security varies widely depending on what’s being used, how it’s being used, and for what purpose (ie: configuration and controls)

Meetings and calls

• For certain purposes and at certain stages, meetings and calls are necessary and effective
• Helpful for getting everyone aligned in real-time and for having meaningful design discussions
• Must happen synchronously, so scheduling is a challenge (especially across time zones)
• Over-reliance on meetings can lead to bloat, unproductive meetings, and poor use of engineers’ time
• Viewing design files and 3D models requires a screenshare, which means one person has to “drive” and control the CAD for everyone else
• Discussion history, decisions made, and resulting action items must be captured manually and transferred into a document or software tool
• Offers a fairly secure way to communicate, particularly when nothing is recorded or documented
• Call recordings, meeting minutes, and any other follow-up documents are all subject to the same security risks as any other information (based on how the files get shared and where they’re stored)

‍

CAD, PDM, or PLM

• Provides more sophisticated, engineering-specific capabilities than other sharing methods
• Prevents work from getting out of sync with important shared sources of truth
• May offer comment functionality, but typically not optimized for having design conversations
• Typically still requires using a second method (such as email) to actually communicate
• Doesn’t offer a way to view or manage all your review activities and follow-up actions
• Requires any reviewer to have a CAD/PLM seat and be able to navigate within the tool, which limits cross-functional collaboration
• Not ideal for sharing and communicating externally since it requires access to core systems (which are typically on internal corporate networks using on-prem infrastructure)
• Likely offers a high level of security for collaborating internally, due to sensitivity of CAD/PLM data

Project management software

• Brings design communication into a tool that’s geared for broader project and task management
• Mainly useful for managing internal, cross-functional collaboration at a high level
• Many general purpose cloud options are available for browser-based project management tools
• Can potentially be helpful for managing engineering collaboration, but generally lacks the ability to integrate directly with engineering-specific software like CAD or PLM
• Likely offers some comment functionality, but typically not optimized for back-and-forth discussion
• Does not offer any 3D viewing capabilities
• May or may not allow for sharing and communicating externally, but not ideal for it
• Level of security varies widely depending on what’s being used, how it’s being used, and for what purpose (ie: configuration and controls)

CoLab

• (Yes, we’re including our own software. No, we’re not trying to be sneaky about it.)
• Bridges the gap between your CAD and PLM systems as a Design Engagement System
• Makes it easy to securely share files with anyone, get contextualized feedback on a drawing or model, and keep track of everything from one central design collaboration hub
• Cloud-based and accessed directly from a web browser
• Files and 3D models can be viewed in the app without needing to be downloaded
• Permissions and access are controlled by admins, including the ability to disable file downloads
• External partners can be invited to a controlled collaboration space without needing a paid license
• CAD-agnostic with support for 70+ file formats, plus out-of-the-box native integrations with SolidWorks and Windchill (+ more in development)
• Can only be accessed with a CoLab account
• Offers teams a simple, fast, link-based way to share engineering information while maintaining the highest standards of security and data protection

‍

Key takeaways

If you only take one thing away from this article, let it be this: It doesn’t have to be painful, balancing the need for an effective and efficient process with the need for a secure one.

Here’s the reality of engineering collaboration today:

• Most engineering teams today are still relying on 20-year-old collaboration processes
• Massive amounts of sensitive data and engineering information gets sent over email, despite the reality that email is not a secure sharing method
• On-prem infrastructure is not inherently “more secure” than cloud infrastructure
• Your data security depends on how your technology is configured and what controls are in place
• When people go around your security protocols for convenience or efficiency, it introduces risk
• A properly-configured cloud solution can offer the best of both worlds for security and effectiveness

Despite the advantages the cloud can offer, there’s no replacement for a robust security program and team. “You still have to take care of your security. You don't offload security; you never do. It's still your responsibility,” emphasizes Percy. At the same time, engineering companies should not shy away from cloud solutions based on outdated and inaccurate beliefs. “Cloud is a perfect option. It's a very viable option.”

“Don’t talk about the technology. Talk about the business value.”

So if you’re curious about adopting a cloud collaboration tool for your engineering team, Percy suggests working closely with your security team. 

Once you’ve identified a potential solution, start by putting together the business case. Help the security team understand what you’re trying to accomplish, why, and how this particular tool fits into the bigger picture. “Don't talk about the technology. Talk about the business value, and the savings that we're going to have from a financial perspective,” Percy recommends. “Because everything at the end of day boils down to finance. It's money. It's financial risk; it’s business risk. By starting to shift things to the cloud, you start to remove some of that risk.”

And if you’re interested in CoLab but you want some help figuring out how to build that business case for your team, we’ve got experience doing exactly that! You can book a quick intro call by clicking here.