Reeny Sondhi, Chief of Product Security, talks about product security
Autodesk is at an extremely exciting point in its business model transformation which presents tremendous opportunities to our customers via the power and capabilities of the cloud. As we move to the cloud, securing and protecting our customer’s investment in our products is a high priority for Autodesk.
Autodesk’s product security function includes building security in our product lifecycle throughout design, development, testing, deployment as well as maintenance of our desktop and cloud products. It also includes managing the compliance posture of our products vis a vis industry standards.
Our approach to product security is based on four main principles:
Build security into products by following secure development practices throughout the product lifecycle. Proactively use secure software development practices to build our products, helping make our products more resilient to threats, increasing the cost of developing exploits for attackers and helping us secure our customers as well as customer assets.
Detect, monitor and prevent attacks in the cloud to contain risks. Use best in breed technology for active monitoring and threat intelligence provide defense in depth for our hosted cloud offerings.
Respond effectively to reduce customer risk. We recognize that no matter how stringent we have been in building defenses, attackers may still find a way to compromise them. Making sure we can respond effectively needs to complement anything we are doing proactively. We work to prioritize and address security weaknesses so we can quickly make available a remedy to our customers or apply the remedy in our cloud environment. Additionally, communicating transparently with our customers so that they can take steps to protect themselves is a critical part of product security.
Comply with industry regulations and standards. We use third party attestations to make sure we are focusing on all the right elements and activities to secure our environments. Our philosophy is that compliance should be a by-product of good security.
Effective product security is about building threat resilient products from the get go while utilizing best in class tools and intelligence for detecting advanced threats and enabling active governance to continuously protect our customers and their assets in the cloud. It is a foundational component of trust for any product participating in the IT infrastructure.