Security Whitepaper
Security is at the core of Autodesk Construction Cloud
Confidentiality, integrity, and availability of your data is vital to your business operations, and we take that responsibility seriously.
The Autodesk Construction Cloud platform is designed and built using best-in-class cloud software practices and powered by Amazon Web Services (AWS), the world’s leader in cloud infrastructure.
Autodesk has selected industry standard SSAE-16 AT 101 SOC 2 attestation and ISO 27001, ISO 27017 and ISO 27018 certifications to validate our security posture. *Autodesk Construction Cloud is scheduled to be included in Autodesk’s next annual SOC2 and ISO audit.
For more information on our accreditations please refer to our Trust Center.
Data Encryption and Privacy
Autodesk Construction Cloud is designed with privacy in mind. All files uploaded to any of the Autodesk Construction Cloud platform products are stored in the cloud on encrypted storage. The storage solution uses the 256-bit advanced encryption (AES-256). Network traffic containing sensitive information, such as credentials and session tokens, is transmitted securely encrypted using Transfer Layer Security (TLS) encryption technology.
Access Control
Our cloud infrastructure is hosted in top tiered data centers managed by our trusted partner Amazon web services. We use role based access control methods that restricts privileged access to the information resources based on the concept of least privilege. Authorization to access requires approval by management responsible for confidentiality, integrity and availability.
Physical Data Center Security
All data is stored in secured data centers powered by Amazon Web Services. The data centers are protected from unauthorized physical access and environmental hazards by a range of security controls.
Disaster Recovery
Autodesk Construction Cloud maintains high level operational excellence to ensure you are not impacted by unplanned outages. If there is any unplanned outage, our Cloud Operational personnel are available 24/7 to work as quickly as possible to restore full access to the service as soon as possible. The data centers are designed to tolerate system and hardware failures with minimum impact.
Vulnerability Scans, Penetration Testing and External Audits
Our dedicated Cloud Security team conducts regular security scans, penetration testing and external audits of Autodesk Construction Cloud services. Security scans and penetration testing cover a wide range of vulnerabilities defined by the Open Web Application Security Project (OWASP) and SANS Top 25.
Two Factor Authentication
Autodesk Construction Cloud supports two-factor authentication to add a second level of authentication to a user account during login.