Jump to content

a case for browser based CAD


Recommended Posts

On 12-4-2018 at 9:12 PM, digitalcarbon said:

 

do you sign a liability agreement (for your clients) accepting liability for the storage of all their data sitting on your HD in your office?

Yes, that is part of the terms of the agreement, for a project for which I have to sign a specific liability and confidentiality agreement any and all information in any form that is considered confidential has to be kept secure as well as under controlled access (i.e. not just knowing who has access, but anyone who has access to any part of that particular information, even if it is only one document of many, has to sign that liability and confidentiality agreement as well). This liability and confidentiality in some cases includes talking about the project with someone else in a public place (.e.g. when having a lunch outside the office, or when a visitor for a colleague is within hearing distance) then you also have to make sure no such confidential information is discussed if others could hear it. Under such an agreement both the office and the individual employee who signed the agreement can be held liable for data leaks/losses.

Apart from that, almost all agreements with clients have a clause about keeping the data residing in the office secure from unauthorized access (e.g. visitors) or to be returned to the client without keeping copies.

Of course there are projects which will go public at some point and then the restrictions are (or become) much more relaxed when most of the information becomes public, but then we still have to keep the original files secure to avoid tampering with the original documents just in case.

 

So all drives (including backup drives) are encrypted, all prints, documentation etc. related to projects get shredded in a paper shredder with a P5 classification minimum when it's no longer needed and all old drives that are discarded get wiped first and then physically destroyed/shredded. There is even a dedicated floppy/CD shredder available (not one of those included with paper shredders that break a CD in a few big chunks but one that is at least a P3 class cross cut shredder).

 

With a cloud provider you just have to believe them on their word they will take similar precautions to keep your data safe, unless they allow you or an independent third party auditor to physically inspect the premises and procedures.

 

One to keep in mind is that even when OneDrive, Dropbox etc. claim that your data is encrypted on their servers that this is usually when they are in a state of rest (i.e. not being worked on). Once you start working on a file it becomes decrypted and therefore vulnerable to unauthorized access. How large that vulnerability is will depend on various factors and may vary from cloud provider to cloud provider.

 

So for confidential information I still wouldn't rely on cloud providers at the moment if I can't use additional protections measures for confidential data (e.g. encrypted containers within an encrypted connection).

 

If your projects don't have/require that level of confidentiality and you do feel comfortable with a specific cloud based provider then feel free to use it if you want. But I think it would be a good idea to have a non-cloud based alternative as well for clients with projects that they consider to be confidential.

Edited by Art V
  • Like 1
Link to comment
On 13-4-2018 at 7:51 PM, B Cox said:

If you think you would be immune from litigation if your clients information was stolen regardless of them having you sign a liability agreement, you've got another thing coming.  More likely you would have them sign an indemnity clause.

If the client requires you to sign such a liability and confidentiality agreement, they most likely would not sign an indemnity clause that would keep you safe.

It could be an option if you are not working on a project that the client has declared confidential, of after you have handed over all information with proof that you have no copies at all in your possession anymore so that you can shift the full responsibility for the data back to the client.

Link to comment
On 13-4-2018 at 1:46 PM, Christiaan said:

 

Isn't that what PI insurance is for?

Yes, but only to some extent and only for the financial part, this assuming the insurance could cover the potential financial damages (which may not always be the case depending on project size unless you are willing to pay very hefty insurance premiums).

Link to comment
On 13-4-2018 at 9:14 PM, Jim Smith said:

So I do see the need and value for some limited cloud based CAD interfaces but I'm convinced that the person/firm who has the overall responsibility should still have to maintain the "parent" file physically on their server or hard drive and act as the gate keeper of all information that is added or subtracted from the parent file.

^This I agree with completely. For personal use I do use some cloud based things as I can see where it can be useful, but even then I won't put any confidential/privacy sensitive information on them without additional safeguarding (e.g. a well and properly encrypted container holding the data (i.e. a password protected word file does not classify a secure).)

 

On 13-4-2018 at 9:14 PM, Jim Smith said:

If a parent file is on a cloud & as Mr Zuckerberg proved this week, even those supposedly in charge of data can't, or won't ensure the safety and veracity of data means Cloud drawing files would be next to useless in maintaining accountably. 

Yet, despite advice from my side to be cautious with privacy sensitive information, some people I know recently still proclaimed that data in a private Facebook group would be perfectly safe as only they could access it. (and of course Facebook (or whatever cloud provider for that matter), which they forgot). Now some of them are getting a bit nervous about this.

 

Unless the cloud provider has a system that even they cannot tamper with, that shows who accessed what, when, where, how and why you are going to have a hard time proving any data leak was not your fault.

 

The new General Data Protection Regulation (GDPR) of the EU that becomes effective soon even will hold you accountable/liable if your cloud provider messes up and leaks the data if you didn't take additional precautions to prevent unauthorized access to confidential/privacy sensitive data (e.g. encrypting the files on your end before uploading to the cloud, or using encrypted data containers etc.).

 

Some companies are contacting me for re-approval of being on their contact list (e.g. newsletter) because of the upcoming GDPR, others don't seem to be doing anything so far. It is estimated that half of those who are going to be affected by the GDPR are still not ready to meet the requirements. Of course the EU is on the other side of the spectrum on this kind of stuff than e.g. the US, so perspectives on this are or can be quite different.

Link to comment
On 4/15/2018 at 5:27 AM, Art V said:

If the client requires you to sign such a liability and confidentiality agreement, they most likely would not sign an indemnity clause that would keep you safe.

It could be an option if you are not working on a project that the client has declared confidential, of after you have handed over all information with proof that you have no copies at all in your possession anymore so that you can shift the full responsibility for the data back to the client.

 

Was there a point of this beyond my original comment?  Its exactly what I just said?

Edited by B Cox
Link to comment

Guys, I think we are missing the point...lets back it up a bit...

 

there is legal security and there is mechanical security...

 

i can work for your secure office with all your servers in the basement and sign all the "i will be honest" papers you want...but i could still in 6 months burn the place down as i run out the back door with all your data on a thumb drive...

 

sure, you will have a legal means to get me but the damage is done because i posted all your data on the internet...

 

security is never an absolute 100% in any configuration (its all probabilities)

 

machines need maintenance (& the bldgs they are in) & people need to be trained and kept happy...(a good work environment)

 

i would rather have a trained "Formula 1" pit crew managing my "car" then me having to stop and get out to do my own tire changes.

 

i would rather buy a car that has a good safety track record then try to build my own just because Subaru will not guarantee 100% safety. 

 

i would rather buy a bullet proof vest that has a good safety record than build my own just because they will not guarantee 100% safety.

 

the whole legal argument is about assigning blame...it is not about the mechanics of truly trying to reduce the probability of failures.

 

the last statement is the only thing that i am interested in.

 

 

Link to comment
2 hours ago, digitalcarbon said:

Guys, I think we are missing the point...lets back it up a bit...

.... the whole legal argument is about assigning blame...it is not about the mechanics of truly trying to reduce the probability of failures.

the last statement is the only thing that i am interested in.

 

 

So it comes down to who/what do you trust. Frankly I don't trust ANYTHING online, especially my livelihood.

 

Link to comment
On 4/16/2018 at 3:16 PM, digitalcarbon said:

Guys, I think we are missing the point...lets back it up a bit...

 

there is legal security and there is mechanical security...

 

i can work for your secure office with all your servers in the basement and sign all the "i will be honest" papers you want...but i could still in 6 months burn the place down as i run out the back door with all your data on a thumb drive...

No disagreement there, but at least you would have a hunch of who might be the perpetrator. The same risk applies to cloud services but to a larger extent.

With a cloud service provider you have much less control over things than with in-house/on-premise storage etc. as you can put your own access control systems etc. in place.

 

On 4/16/2018 at 3:16 PM, digitalcarbon said:

sure, you will have a legal means to get me but the damage is done because i posted all your data on the internet...

No difference with a cloud service either, the data loss and the technical consequences would be there either way. The difference is that the legal means may give you enough protection from having to close down completely, but with a cloud company that would be quite a bit harder achieve for a small client than for a big corporation with its own department of lawyers and deep pockets (assuming they're not already running their on-premise copy of that cloud software).

 

On 4/16/2018 at 3:16 PM, digitalcarbon said:

would rather have a trained "Formula 1" pit crew managing my "car" then me having to stop and get out to do my own tire changes.

 

i would rather buy a car that has a good safety track record then try to build my own just because Subaru will not guarantee 100% safety. 

 

i would rather buy a bullet proof vest that has a good safety record than build my own just because they will not guarantee 100% safety

Yet those highly trained/skilled people who are expected to do a much better job than you can and do make (sometimes costly)  mistakes. Or you could get a broken product and only find out when it is too late. I agree the chances for this are less than when  someone with little or no experience/expertise would do it, but then you would not be able to properly determine either if they are doing a good job or not so you would have to take their word for it.

 

On 4/16/2018 at 3:16 PM, digitalcarbon said:

the whole legal argument is about assigning blame...it is not about the mechanics of truly trying to reduce the probability of failures.

 

the last statement is the only thing that i am interested in.

As Jim Smith said, it comes down to who/what do you trust. For your work the legal stakes may not be that high, for others it is.  As long as a client mandates that I impose the same confidentiality/liability clauses to outsourced services as they do to me then I won't be using an outsourced service that is not willing to comply with such a request. It is that simple. Not to mention the mechanical safety things as well. And virtually all cloud services will not do this as most of us are not big enough to be able to enforce it or pay them enough to make them interested/willing to accept.

 

 

Link to comment

I don't think the Facebook comparisons are apt. While it's an example of a cloud company being loose with data, they're a special case because selling their data to third parties is the name of their game. The people who are negatively affected by Facebook's lax attitude with their data are not actually Facebook's paying customers, so Facebook wouldn't have had to worry about it much except for the risk of regulation by the government they've now opened up.

 

If Onshape or any other cloud CAD provider ever screwed up it would be their paying customers who would be directly affected. Therefore their reputation and continued existence depends on ensuring they maintain a good reputation for security. Not saying they can't screw up. Just saying it's a very different situation to FB.

Edited by Christiaan
Link to comment
On 4/15/2018 at 5:27 AM, Art V said:

If the client requires you to sign such a liability and confidentiality agreement, they most likely would not sign an indemnity clause that would keep you safe.

It could be an option if you are not working on a project that the client has declared confidential, of after you have handed over all information with proof that you have no copies at all in your possession anymore so that you can shift the full responsibility for the data back to the client.

 

unsubscribe

Link to comment
1 hour ago, Christiaan said:

 

If Onshape or any other cloud CAD provider ever screwed up it would be their paying customers who would be directly affected. Therefore their reputation and continued existence depends on ensuring they maintain a good reputation for security. Not saying they can't screw up. Just saying it's a very different situation to FB

I'm sure Onshape is trying to keep your stuff from being accessed by people who should not be able to access it. The issue is that we don't know how well they are doing with that and what steps they have taken to prevent data exposure (some things on this were mentioned in an earlier reply in this thread).

 

Facebook is a different situation, but a lot of people are not aware of how far reaching their data grabbing is going and assume that if they set something to private it is private. It isn't.

 

To stay within the context of this discussion, cloud based CAD, if a cloud provider only says your files are encrypted then that does not say much about when they are encrypted, and how etc. unless they provide the details about that. Only then you can have a good idea of how well protected your data is and whether the potential benefits outweigh the potential risks or not. With the exception of a few cloud providers most are not really/fully clear about this.

 

Then there is something else that may be an issue for some and not for others. In a discussion elsewhere someone made a comment about why Autodesk, Dassault etc. want their software to be cloud-based:

"Autodesk, Dassault, Bentley, et al are after the data-pile in the way that Facebook is. It creates a very powerful data-pile of very timely trends, which is vastly easier to harvest from the cloud. What do the data management agreements look like?"

His question about data agreements is a valid one on which you usually don't get a very clear answer from most cloud provider websites other than a generic one like "your data is safe with us, you remain the owner of your files".

 

How much of an issue such things are depends on the kind of work you are doing. For some it is barely an issue, for some it is a big issue.

Don't get me wrong, as mentioned before I do see the advantages of cloud systems but there are some real disadvantages/issues too which are often downplayed by the "fans of cloud" by focusing on the (sometimes perceived) benefits/convenience.  A lot depends on how things are implemented, if you can work offline as well if you want/need and where your data will reside and how well you can make backups etc.

 

For me, given the kind of drawings/documents I work on, there is extremely little advantage in cloud based CAD from a practical point of view, the technology just isn't there yet in most cases. This apart from all the other things brought forward by others and myself. So for now I'm not going to be a proponent for Vectorworks becoming cloud based only.

  • Like 1
Link to comment
On 4/2/2018 at 6:57 PM, digitalcarbon said:

they were training in under 60 min...

 

now lets get back to my April 2nd post...note how person "A" was up and running with a browser based cad (see above)

 

now compare that with the following message I just got this morning...(April 30th)

(She has a typo "one" is really "on")

1649805935_ScreenShot2018-04-30at8_24_19AM.thumb.png.165ce07388c40b210b2dfbc83ef5e52a.png

 

I had her try to install VW (free 30 day) to see if she could at least get up and running (I was then going to get a 2nd seat of VW for her to use after that)

 

hmmm...60 min vs 28 days (and still not resolved)

 

now the big picture...

its all about collaboration...even if i bought everyone on a large project their own seat of VW for collaboration purposes...it would not work...unless i also bought them all new computers...

 

I understand the concerns some have about liability and i get it...its not for you at this time...that aside...I'm ready to warp into the future...

 

 

 

Link to comment
1 hour ago, digitalcarbon said:

I understand the concerns some have about liability and i get it...its not for you at this time...that aside...I'm ready to warp into the future...

 

Same here. The pros far outweigh the cons for us.

 

And there's a gapping gap in the market here. I'm sure we're not the first to look at Onshape and imagine an AEC-centric version.

Edited by Christiaan
  • Love 1
Link to comment

Coincidentally upFront eZine just released an article about Dassault trying to cloudify Solidworks and finding that their windows only desktop version license numbers is growing in double digit numbers whereas their attempt at "cloudifying"  it is getting lackluster response. So instead of claiming that Solidworks cloud is the future they now say that the desktop version is going to be one of the pillars of their product line. It briefly compares their cloud attempt with Onshape and Autodesk's attempt to put its software in the cloud.

 

If you are interested, the full article can be found at: http://www.upfrontezine.com/2018/04/upf-978.html

Link to comment

I'm an old enough of a bunny to remember Dumb terminals where everything operated off one mainframe. At the time a pal who teaches digital design  (I think he was using hypercard to do stuff) answered my question about digital imagery saying " Pixel density will take decades, if ever, to reach the image clarity of film". He may have been correct, but whither  Kodak, Ilford, Agfa, and Fuji? 

 

I think Cloud Based may become the default, but hopefully long after I'm retired as I strongly feel while the business model may, in some ways be different, the FaceB analogy is valid. MY Data on SOMEONE else's Mainframe is the issue I'm totally against. I'm happy to be a luddite on this issue.

 

Now where can I get film for my Polaroid Swinger?

Link to comment

I'm in the design development phase of a project and into deep deep modeling...

 

people on the team want constant updates of the model and key configurations...

 

the only way they can get/see this is if I stop modeling and make sheets...

 

need sheets for the Structural Eng, the communication person who makes brochures, etc, the designer who wants volumes...list goes on...

 

all these team members need their own special sheets that contain their data...

 

the model (when done well) has an infinite amount of data useful for many many different disciplines...

 

In VW cloud, I would just invite everyone in and they can harvest all they want...

 

vs me saving pdfs to a shared Dropbox, or Bluebeam Revu and posting to Youtube.

 

and when I make an improvement to the model I need to start the process all over again...all the sheets posted yesterday are outdated.

 

 

 

 

 

 

Link to comment

now as for my "60min vs 28 days.." comment above...

 

I already have someone part time to help with my work load for all my shop drawings which are done in Onshape and exported to the master VW model.

 

but for my VW work...now 35 days...still trying to figure it out...(do i buy her a new computer?? do i buy another mac or windows and let her borrow? does VW work on a chrome book?)

Link to comment

need to be able to give the structural engineer a small notification to check out what I have done so far so I don't get too far off track...

without making a sheet that has a title block and issue release information that all needs to be cataloged...yes I can send a screen shot but I want him to fly around and measure things and post a comment right on the object...THAT'S  the future.

 

153355817_ScreenShot2018-05-08at10_11_42AM.thumb.png.9bee5bb5a513d3e73e66cf4b3ef17303.png

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...