Issue:
There is a need to better understand BIM 360/ Autodesk Construction Cloud (ACC) data retention in the following areas:
Backup and restoration testing processes.
Data security and encryption by Autodesk.
Backup schedules.
Restoration test schedules.
Solution:
Autodesk BIM 360 is designed and built using best-in-class cloud software practices and powered by Amazon Web Services (AWS), the world’s leader in cloud infrastructure.
Data Encryption and Privacy:
BIM 360 is designed with privacy in mind. All files uploaded to BIM 360 are stored in the cloud on encrypted storage. The storage solution uses 256-bit advanced encryption (AES-256). Network traffic containing sensitive information, such as credentials and session tokens, is transmitted securely and encrypted using Transfer Layer Security (TLS) encryption technology.
Access Control:
Our cloud infrastructure is hosted in top-tiered data centers managed by our trusted partner, Amazon web services. We use role-based access-control methods that restrict privileged access to information resources based on the concept of least privilege. Entry authorization requires approval by management responsible for confidentiality, integrity, and availability.
Physical Data Center Security:
All data is stored in secured data centers powered by Amazon Web Services. Various security controls protect data centers from unauthorized physical access and environmental hazards.
Data Replication:
Customer data is replicated between data centers in separate locations. Replication prevents the possibility of data loss or delay in service if failover to a backup data center is required. Data is replicated within 15 minutes. In addition, separate database backups are taken at least daily.
Disaster Recovery:
BIM 360 maintains a high level of operational excellence, so unplanned outages are unlikely to impact you. If there is any unplanned outage, our Cloud Operational personnel are available 24/7 to work as quickly as possible to restore full access to the service as soon as possible. The data centers are designed to tolerate system and hardware failures with minimum impact.
Vulnerability Scans, Penetration Testing, and External Audits:
Our dedicated Cloud Security team conducts regular security scans, penetration testing, and external audits of BIM 360 services. Security scans and penetration testing cover a wide range of vulnerabilities defined by the Open Web Application Security Project (OWASP) and SANS Top 25.
Identity Federation Standards & Two-Factor Authentication:
BIM 360 supports SAML (Secure Assertion Markup Language) to facilitate Single Sign On providers. We also support Two-factor authentication to add a second level of authentication to a user account during sign-in.