Enabling secure CAD and PDM migration on AWS for a global tire manufacturer
The Challenge
The client, one of the world’s largest manufacturers of tires and rubber products, including industrial materials and sporting goods, is headquartered in Tokyo, Japan. Its Americas division manages complex engineering and manufacturing operations.
The client relied on an on-prem hosted PTC Windchill PDM to manage product data and create associative manufacturing BOMs derived from engineering CAD data. The legacy setup presented several security and compliance challenges:
- Lack of centralized access control: Difficulty enforcing least privilege and managing access across global employees, contractors and partners.
- Data security risks: Sensitive CAD design data was stored without strong encryption, making it vulnerable to unauthorized access.
- Risk of data leakage: Limited ability to restrict downloads or clipboard use created risks in contractor and remote engineer environments.
- Limited auditability: Insufficient monitoring and logging of access events made compliance reporting difficult.
The Objective
The client chose AWS as its cloud provider and HCLTech as its transformation partner under the 1PLMCloud offering to address these security shortcomings.
- Establish centralized identity and access management with role-based controls.
- Protect CAD and PDM data with encryption and secure access methods.
- Prevent data leakage in remote engineering use cases.
- Ensure auditability with full monitoring and logging of user activity.
The Solution
HCLTech modernized the PDM and CAD environment on AWS with security-first design principles, leveraging native AWS services:
Identity and access management
- Integrated Amazon AppStream 2.0 with AWS IAM Identity Center for centralized authentication and single sign-on.
- Applied fine-grained IAM policies to enforce least privilege access for employees and contractors.
Secure data access and leakage prevention
- Deployed Creo on Amazon AppStream 2.0, ensuring CAD workloads run in a secure, managed environment.
- Disabled clipboard and local download features in AppStream to prevent unauthorized data extraction.
Data protection and encryption
- Used Amazon FSx for persistent storage of CAD data with encryption at rest enabled through AWS KMS.
- Secured all in-transit data with TLS encryption.
Monitoring and auditability
- Enabled Amazon CloudWatch for centralized monitoring of infrastructure resources.
- Activated AWS CloudTrail to log all API activity and access events, strengthening audit and compliance posture.
The Impact
- Stronger security posture: Centralized IAM and encrypted storage eliminated on-prem access and data protection risks.
- Reduced data leakage risks: Contractors and remote engineers worked securely with CAD data without local downloads.
- Improved compliance and audit readiness: CloudTrail logs and CloudWatch monitoring provided complete visibility into user activity.
- Streamlined access control: Role-based policies simplified user lifecycle management and onboarding.
- Business productivity with security: Engineers accessed secure CAD environments globally, without compromising data security.
AWS services used:
- Amazon EC2
- Amazon S3
- Amazon EBS
- AWS Datasync
- Amazon CloudWatch
- Amazon VPC
- AWS Backup
- AWS IAM
- Amazon AppStream2.0
- Amazon FSx
- AWS CloudFormation
