-
- News
- Books
Featured Books
- design007 Magazine
Latest Issues
Current IssueRules of Thumb
This month, we delve into rules of thumb—which ones work, which ones should be avoided. Rules of thumb are everywhere, but there may be hundreds of rules of thumb for PCB design. How do we separate the wheat from the chaff, so to speak?
Partial HDI
Our expert contributors provide a complete, detailed view of partial HDI this month. Most experienced PCB designers can start using this approach right away, but you need to know these tips, tricks and techniques first.
Silicon to Systems: From Soup to Nuts
This month, we asked our expert contributors to weigh in on silicon to systems—what it means to PCB designers and design engineers, EDA companies, and the rest of the PCB supply chain... from soup to nuts.
- Articles
- Columns
Search Console
- Links
- Media kit
||| MENU - design007 Magazine
Altium 365 GovCloud Offers Increased Security
June 27, 2023 | Andy Shaughnessy, Design007 MagazineEstimated reading time: 7 minutes
Altium recently launched Altium 365 GovCloud, a dedicated platform accessible only to—and managed solely by—U.S. persons. The company says that GovCloud can help customers to be in compliance with ITAR, EAR, and other requirements.
I spoke with Bruno Blasigh, Director of Cloud Security for Altium 365, about the new platform, how it functions, and how GovCloud can help to keep foreign entities from accessing your data.
Andy Shaughnessy: Bruno, how are you doing? Give us a little background about yourself.
Bruno Blasigh: I'm the director of cloud security for Altium 365. Ultimately Altium 365 is an electronics product design platform, allowing people to bring together all the aspects of PCB design, as well as helping organizations to build better products faster.
Shaughnessy: Altium recently launched Altium 365 GovCloud. Tell us about this and how it's different from the standard platform.
Blasigh: Sure. GovCloud allows us to be more specialized with secure workloads, allowing us to work together with companies that deal with what we call CUI, which is controlled unclassified information, as well as ITAR and other requirements. So, Altium 365 GovCloud offers more compliance measures and certifications tailored to meet these government requirements.
That's where this secure workload started coming in with the cloud service providers, which many SaaS companies like Altium are utilizing to meet those infrastructure requirements. This allows us to build a more secure platform locking down systems to meet those requirements. I think one of the biggest struggles with the cloud in general is its openness and aspects with open sources, right? So Altium 365 GovCloud gives us a better measure to let us know that the underlying infrastructure, which is critical for storing the data and all the other information, does meet those high standards.
Shaughnessy: Was this something that your customers asked you for?
Blasigh: Yes, our GovCloud started underneath the ITAR banner, and we restricted this specifically to not sharing information outside of the United States. We're controlling all of that data within the platform. But then, from there, it slowly progressed due to many requests for CUI security in the cloud. We are a very customer-focused company, and that's what we tried to accomplish here.
Shaughnessy: Could you walk us through how GovCloud works?
Blasigh: Sure. For customers that currently use the standard Altium 365, we have a very similar environment inside GovCloud. We separate the access to those environments, meaning we have different access controls in place for what you call the commercial side vs. the GovCloud side.
For example, one of the requirements for ITAR is that only US persons shall have access to that information, so we segregate that. Our access controls allow us to do single-sign-on (SSO) multi-factor authentication separated from our commercial Altium 365. We use the web application firewall, or WAF, which enables us to lock all of that down. Anyone trying to come in from France, China, Italy, or anywhere else worldwide will not have access. Those are the controls for the inbound access. For the outbound access, we use the network firewall in order to allow the customers to put in IP addresses that they want the traffic to leave from.
GovCloud uses whitelists, and customers can have those whitelists updated with IPs. Plus, only a limited number of our US-only DevOps team have access to it. We put a lot of controls in place in order to meet these requirements. The workspace admin would be monitoring and maintaining the workspace themselves from the customer perspective, allowing who they want in. They are responsible for managing the people they give access to; It is up to the customer to ensure that the people they give access to in their workspaces are meeting their compliance requirements. We're there to make sure to protect the environment itself. It’s up to the customer to manage the data they want to put in, who they give access to, the level of access, and how they utilize that environment.
Shaughnessy: I understand this is all set up through Amazon Web Services, correct?
Blasigh: Yes, you are correct. Altium 365 GovCloud is situated within the AWS GovCloud region in the United States, ensuring compliance and implementing various controls for all aspects of the infrastructure. We have actually completed our SOC 2, Type 2 compliance. Now, we're working towards our CMMC certification, and there are three compliance levels: Level 1, 2, and 3. We are focused on achieving Levels 1 and 2. We are working towards those certifications. We will have the CMMC Level 1 self-certification by the end of this quarter. Then we're going to start immediately working on our Level 2 certification, which is also a self-assessment.
Shaughnessy: It sounds like this would dovetail with the NIST 800 requirements.
Blasigh: That's great that you brought up NIST-800. You know, there are a few different ones, like NIST 800-53 Rev. 5. But the one we're focused on is actually NIST 800-171. At one point, DoD tried CMMC version 1.0, which was five levels and very difficult for anyone to achieve. So then they moved down to a three-level model. DoD is doing what they can to support the contractors that they've hired, as well as making sure that they're meeting these requirements.
I think that with these last couple of breaches over the last year or two, DoD is basically saying, “OK, we need to make sure that everyone's supply chain is actually secure. And so we're going to tell them they have X amount of time to get compliance done.” And so, we hear them, and we want to support our customers.
Shaughnessy: One of the points you all made in the release was GovCloud’s scalability. Tell us about that.
Blasigh: Sure. This scalability allows the company to grow and increase the amount of data they can store and meet user requirements. So as they need to collaborate, they’ll say, “Oh, wow, I can just log in here, go into this workspace that I've been invited to, and I can support the development process immediately instead of waiting for it to be downloaded or put on some sort of a shared drive or someone's local machine. You can just move over and fix it and move it back and forth.
Shaughnessy: So, there really isn’t a “sweet spot” as far as the company's size using GovCloud?
Blasigh: No, Whether you're a small or very big shop, we can speed up your time to market or time to completion of your project.
Shaughnessy: So, what is the migration process like for somebody who already has Altium 365? How big a process is that?
Blasigh: That will depend on the data and the amount of data. If you’re moving over to GovCloud, you’ll work with our CSM teams to create the workspace and get the data moved over. And again, the complexity is dependent upon what you already have in place, what you're working with, and if you’re working with SVN within your company already. It’s very dependent on that information.
Shaughnessy: Can someone turn the security off inside GovCloud?
Blasigh: No, if you’re in GovCloud and you don't really want that restriction, you can't just turn it off. It’s integrated into the product. That's one of the things that's going to be a balancing act. These restrictions have been put in place to make sure that the information doesn't get leaked accidentally.
And even if a company doesn't have government workloads, they still may not want their IP to get released outside of the United States.
Shaughnessy: Right. So, what’s next? Where do you all see GovCloud moving in the next few years?
Blasigh: Yes, we’re always working to improve the platform, whether it's efficiency or functionality. Can we provide more functionality without risking or reducing the security posture? We’re fortunate to have some great visionaries here at Altium. We have a great team to take those visions from pen and paper to concept and production. And we're always looking at all of the avenues. “Okay, what does this do? Does this open up anything? Does this increase the risk for our customers in any asset?” There’s a constant collaboration between the developers between the security teams.
Shaughnessy: Is there anything else you want to mention that we haven't discussed?
Blasigh: I think we’ve covered everything.
Shaughnessy: Thanks for speaking with me, Bruno.
Blasigh: Thank you, Andy.
For additional content from Altium, be sure to download The Printed Circuit Designer’s Guide to… Design for Manufacturing by David Marrakchi. You can also view other titles in our full I-007eBooks library.
Suggested Items
Keysight, Instrumentix Partner to Launch Complete Trade Monitoring Solution for Financial Markets
11/21/2024 | Keysight TechnologiesKeysight Technologies, Inc. expanded its financial capital markets portfolio through a partnership with Instrumentix to introduce a cutting-edge trade solution.
Gartner Forecasts MENA IT Spending to Grow 7.4% in 2025
11/20/2024 | Gartner, Inc.IT spending in the Middle East and North Africa (MENA) region is projected to total $230.7 billion in 2025, an increase of 7.4% from 2024, according to the latest forecast by Gartner, Inc.
ASMPT: Highly Flexible Die and Flip-chip Bonder for Co-packaged Optics Production
11/20/2024 | ASMPTThe high-precision AMICRA NANO die and flip-chip bonder has been specially developed for the production of co-packaged optics where which optical and electronic components are integrated in a common housing. With its exceptional process stability and a placement accuracy of ±0.2 μm @ 3 σ, this innovative bonding system is ideally equipped for the communication technology of the future.
New Ultrafast Memory Boosts Intel Data Center Chips
11/19/2024 | IntelWhile Intel’s primary product focus is on the processors, or brains, that make computers work, system memory (that’s DRAM) is a critical component for performance. This is especially true in servers, where the multiplication of processing cores has outpaced the rise in memory bandwidth (in other words, the memory bandwidth available per core has fallen).
Sluggish Telecom Market Growth Prompts Operators to Become Full-Stack Technology Suppliers
11/18/2024 | IDCWorldwide spending on telecommunications and pay TV services will reach $1,544 billion in 2024, representing an increase of 2.4% year-on-year, according to the Worldwide Semiannual Telecom Services Tracker published by International Data Corporation (IDC).