GrabCAD Shop Security Whitepaper
The GrabCAD Shop Platform
GrabCAD Shop is a work order management application used by model shops : those organizations with dedicated operators that provide 3D printing and other model making services to engineers and designers throughout the company. GrabCAD Shop is a web application that is supported on Google Chrome and Firefox browsers.
This paper will outline the industry-leading measures that Stratasys has taken to ensure that our users’ data is secure.
How it Works
The main objects managed by a GrabCAD Shop include :
- Work Order
All users in GrabCAD Shop are invited members by an Administrator (shop admin) in the organisation using their email address. The invited user receives an email and must log in to GrabCAD Shop to join their ‘Company’ with their email and password to perform actions granted by shop admin.
Depending on the role, a user can perform different functions in GrabCAD Shop. The application supports 3 major roles - operator, admin, and requestor.
- The admin can set up their GrabCAD Shop by defining technologies, machines, materials, and material colors available for use within their model shop.
- Requesters can only submit orders based on the admin setup.
- Operators can then manage these order requests and use the application as a tool to ease the management of the model shop. These roles also allow for data security, only users with appropriate roles can view and access the data in their Shops.
Users, based on their role, can then upload models and files that are needed to create an order for files to be printed. An order in GrabCAD Shop consists of one or more model files, supporting documents and all the necessary information required for the operator to complete that order. The operators then use the ‘order’ to communicate the status of prints, clarify requirements and update delivery information. All files submitted to a GrabCAD shop are available to users who uploaded them, all the Shop operators and admins.
All models, files and comments on a specific order use secure https URLs and are encrypted using industry standard AES encryption.
Data Center Security
GrabCAD Shop stores all data using Amazon Web Services (AWS). With AWS, the data is stored redundantly across multiple devices in environmentally controlled facilities. AWS infrastructure and controls are subject to annual SAS-70 Type II audits and AWS information security. AWS management processes and controls have achieved ISO 27001 and PCI DSS Level 1 certification. The Stratasys software team that builds GrabCAD Shop is located in Cambridge, MA and all of our AWS data centers are located in the United States.
Network and Application Security
GrabCAD Shop ensures that all data is encrypted while in transit with TLS 1.2 and is developed in accordance with OWASP best practices. Stratasys engineers are constantly testing applications for common and application specific vulnerabilities that could be exploited. Stratasys engineers ensure that network and application are secure by constant maintenance, regular penetration testing by third parties and a bug bounty program as external verification.
GrabCAD Shop grants access to stored data internally using the “principle of least privilege” through appropriate roles and only on a “need to know” basis, and manages its systems in line with security industry best practices. Stratasys software and support engineers working on GrabCAD Shop platform do have access to your data to troubleshoot, fix issues and perform routine maintenance such as backups. Such transfers do occur exclusively within the GrabCAD Shop data environment.
Cancelling Your Account
In the event that a user's access to GrabCAD Shop is revoked by respective admin, data is still available to other users with appropriate roles within the shop. On deletion of a shop, admin can always request all data to be deleted also by emailing the request to firstname.lastname@example.org.