How Can You Make Sure PCB Design Data Is Both Accessible and Secure?
As a grandfather, one of the great joys of my life is to play with any of my five grandchildren. On top of their fun list is to play on the teeter-totter at the playground. They usually enjoy it until grandpa gets on one side and they try to lift me. Then the poor little tykes get a harsh lesson in leverage, balance, and just how heavy grandpa is.
In PCB Design, it is all about balance. IPC-2221 reminds us that the design process comes with its tradeoffs. When specific parameters are modified the resulting performance changes either enhance or degrade the overall PCB. There are tradeoffs with PCB Data Management. lack of data is never a problem. Most likely, it is just the opposite. Your strategy for managing that amount of data becomes more critical as your database grows. A famous quote from Abraham Lincoln comes to mind: “Give me six hours to chop down a tree, and I will spend the first four sharpening the axe.” The pressing question for you is, are you trying to chop down your proverbial tree with a dull axe?
Know your strategy before starting. A major part of that is maintaining the balance between Database security and access—it is time to sharpen our axe.
A little review, we have seen the importance of our and what it represents to our companies. The essential elements in each system are to follow the SMART Rule of Singularity, Managed, Architecture, Reviewed, and Tailored. This issue of security and access fall under the Managed pillar. More precisely, the area of Management regarding Roles and System Permissions.
PCB Design Data Security
The question of security is vital and is a growing concern with ever-developing electronic systems. More companies are storing high proprietary information for their PCB Designs. Many times this includes specialized components or data that are company secrets.
To manage a secure system such as that, you must have PCB design software that supports such a system. Without it, you are trying to chop down a tree with a nail file.
One of the very best software packages developed just for this purpose has come from Altium, which includes and the new Concord Pro systems. These are now the shining example of exactly how such a vital system is controlled and secured. Since everything starts and ends with that data, the integrity of the data determines the integrity of the design.
There must be in place a comprehensive Access Management Plan.
What is Access Management? According to Techopedia,
“Access management (AM) is the process of identifying, tracking, controlling, and managing authorized or specified users' access to a system or application.”
In basic terms, it focuses on two questions: Who can access certain information? What exactly can these users do?
There are two types of Access systems: Role Based Access System (RBAS) and Level-Based Access System (LBAS). Both systems have their pros and cons, but the very best PCB Data Management systems I’ve seen have had one of these two types.
Role Based Access System (RBAS)
The Role Based Access System is one that first identifies the specific roles involved in the PCB design process, and each of those roles has particular responsibilities, in turn needing exclusive access to certain information.
The downside of an RBAS system is, first, the required identification of the roles involved. I found that the first requirement in the RBAS system does take some trial and error before you get it correct. What is best is the practice of having a good baseline— -your starting point—then continually improve on that. The second problem is the identification of the specific working parameters on needed roles. Through that, you can identify the required levels of access to the system. Lastly, there is the problem of how to control each of the individuals to only act within those specific roles and controlled parameters.
Level Based Access System (LBAS)
Another standard method of Database Access is called the Level Base Access System (LBAS). This security system is similar to the RBAS, with the difference being that levels are used rather than roles. Each level has a ranking allowing specific permissions with ever-increasing stages of access to the database. The advantage of the LBAS type is that you have much better control over where a particular individual could work simply by their access level.
If you are wondering where you have heard of this type of system before it is the same system used by every branch of the military with their Security levels, I served in the Army in the Military Intelligence field. To conduct my work, I was required to obtain and hold a Top Secret Government Clearance. That Level gave me access to certain information.
Another advantage of the LBAS system is that simply by increasing someone’s level that opens up the information and the responsibilities of that level. Coming up, we will see that only 4-5 levels are needed to cover the most complex Databases fully.
Closely connected to those roles and levels is system permissions—what can explicitly be done. For some levels, only the ability to view specific data is needed; others require the ability to modify or update data, and finally, others need full access to create items. Then, of course, there is the system administrator who has full access with full permissions and capabilities.
For example, the administrator would have access to all areas of the system concerning structure and architecture. The librarian would have the responsibility and access to component creation from the ground up. Next would be those who work on the schematic and the PCB Design and only need access to the components. No matter what access system you use (RBAS or the LBAS), know what each role or level can do.
Many times this question of security does not become an issue until its too late and an issue has already occurred. Then, of course, it’s on everyone’s priority list. It’s best to address the issue of security before it becomes a problem. After that, it’s too late.
Would you like to find out more about how Altium can help you with your next PCB design? Talk to an expert at Altium. As always, you can also read up more about how Altium Designer’s®PCB libraries and data management help prevent intellectual property theft.