Skip to main content

Security Whitepaper

Download PDF

 

Security is at the core of Autodesk Construction Cloud

 

 

Confidentiality, integrity, and availability of your data is vital to your business operations, and we take that responsibility seriously.

The Autodesk Construction Cloud platform is designed and built using best-in-class cloud software practices and powered by Amazon Web Services (AWS), the world’s leader in cloud infrastructure.

Autodesk has selected industry standard SSAE-16 AT 101 SOC 2 attestation and ISO 27001, ISO 27017 and ISO 27018 certifications to validate our security posture. *Autodesk Construction Cloud is scheduled to be included in Autodesk’s next annual SOC2 and ISO audit. 

For more information on our accreditations please refer to our Trust Center.

 


 

data-encryption

Data Encryption and Privacy

Autodesk Construction Cloud is designed with privacy in mind. All files uploaded to any of the Autodesk Construction Cloud platform products are stored in the cloud on encrypted storage. The storage solution uses the 256-bit advanced encryption (AES-256). Network traffic containing sensitive information, such as credentials and session tokens, is transmitted securely encrypted using Transfer Layer Security (TLS) encryption technology.

 


 

access-control

Access Control

Our cloud infrastructure is hosted in top tiered data centers managed by our trusted partner Amazon web services. We use role based access control methods that restricts privileged access to the information resources based on the concept of least privilege. Authorization to access requires approval by management responsible for confidentiality, integrity and availability.

 


 

data-center-security

Physical Data Center Security

All data is stored in secured data centers powered by Amazon Web Services. The data centers are protected from unauthorized physical access and environmental hazards by a range of security controls.

 


 

disaster-recovery

Disaster Recovery

Autodesk Construction Cloud maintains high level operational excellence to ensure you are not impacted by unplanned outages. If there is any unplanned outage, our Cloud Operational personnel are available 24/7 to work as quickly as possible to restore full access to the service as soon as possible. The data centers are designed to tolerate system and hardware failures with minimum impact.

 


 

vulnerability-scans

Vulnerability Scans, Penetration Testing and External Audits

Our dedicated Cloud Security team conducts regular security scans, penetration testing and external audits of Autodesk Construction Cloud services. Security scans and penetration testing cover a wide range of vulnerabilities defined by the Open Web Application Security Project (OWASP) and SANS Top 25.

 


 

two-factor-authentication

Two Factor Authentication

Autodesk Construction Cloud supports two-factor authentication to add a second level of authentication to a user account during login.