Skip to Main Content

Ansys Security

 

The Ansys Security program is the benchmark for engineering analysis software. Companies depend on us to secure assets, respond to security incidents and protect their data. Customer trust is imperative; this information below outlines our security programs and compliance standards.

Industry-leading Certifications & Compliance

Ansys guarantees a restricted access control following industry standards and with role-based authorization and constantly monitor usage to prevent any types of threats.

  • We maintain effective logical access control measures over its systems and networks, consistent with industry standards.
  • Based upon job responsibilities and level, the team provides user account access granted on a need-to-know basis, consistent with role-based authorization.
  • Elevated accounts maintain separation of rights and allow access to sensitive administrative or management functions of systems.
  • Regular and consistent monitoring to identify inappropriate, unnecessary, or unpermitted access or usage.

Ansys and its subsidiaries and affiliates take your data’s protection seriously. We are constantly improving and working with our partners to improve safety and meet the industry-leading safety standard. This includes:

  • Cryptography safeguards data when at rest.
  • Data classification standards employ data categorization, allowing the team to track and monitor data over its lifecycle.
  • Data retention efforts work to delete and destroy data as it expires.
  • Global privacy notifications, explaining to customers how Ansys processes their personal data, updated annually. (www.ansys.com/privacy)
  • Ansys employees receive security training upon hire and then annually after that. Such training includes data protection; phishing, including phishing simulation tests; social engineering; insider threats, and security outside of the office.

Do you want to know more about how Ansys takes care about security? Talk to us!

Ansys Cloud Direct uses proprietary methods and industry-standard to ensure data is encrypted at every step of the process (both during transit and at rest).

  • Encryption is used during upload and downloads over HTTPS and encryption-at-rest with AES-256
  • Simulations always executed in customer-specific private subnets on dynamic, private clusters
  • Encryption keys are securely stored in separate locations
  • Ansys Cloud Direct encrypts data before it leaves the desktop, and it is kept encrypted.
  • Supported standards include custom file encryption @ AES256 and HTTPS TLS1.2

The Ansys Cloud Direct Service application is deployed in multiple regions to ensure the best availability and worldwide data center security:

  • In case of service interruption, critical data isn't lost due to replication.
  • Physical security is deployed to secure datacenters with access requests and approval. Security includes the facility’s perimeter and building entrance with two-factor authentication (biometrics), professional security officers, cameras inside the data center and patrol, and security scans. Learn more about it.
  • Isolated Compute regions consist of only enough resources needed to execute a job successfully. It's deployed across numerous regions. The customer is offered a choice of which region to use for running simulation jobs. All customer data persist in the customer-specified area and is never copied outside of the geography.
  • Isolation of environments and clear segregation of resources, access privileges, and a full audit of the activity log.

Our cybersecurity management follows industry guidelines, including ISO and NIST frameworks, for internal assessments. We work with many third-party evaluations and audits throughout the year to guarantee our customers market-leading certifications.

  • Ansys is issued a SOC 2 Type II attestation report.

SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.

  • We’re also ISO27001 & ISO27017 certified.

Ansys Gateway powered by AWS secures each data location with AWS Access Control List (ACL) controls. All customer data remains generated and stored in the customer’s AWS environment and is secured with encrypted data connections. The customer's data never leaves the customer's network.

Ansys Gateway powered by AWS will not store customer data outside the customer-specified account except for the customer profile meta-data stored in the control plane’s database. In this case, the Ansys database for the control plane is in the United States. All customer simulation data is stored in the customer’s AWS account. All virtual machines used for computing begin in the customer-specified AWS account. Their data residency persists solely based on the customer’s parameters and decisions they make and as defined by them for their AWS Account(s) and corporate policies.

Ansys Gateway powered by AWS will not store any data on a customer’s behalf, and therefore there is no data retention and deletion requirement. Each customer is solely responsible for its data retention and deletion policy and procedure. Please see the following link: https://www.ansys.com/legal/privacy-notice

Ansys conducts a yearly threat modeling exercise for the Ansys Gateway powered by AWS product.

The goal is to determine whether the application uses AWS and product defenses correctly and ascertain potential security weaknesses.

Below are the key points arising from the threat model process.

  • One of the benefits of hosting a system comprising mainly AWS PaaS components is that AWS addresses many security controls. For example:
    • Anti-malware and system security updates are both addressed automatically by AWS
    • Ansys out-of-band updates to the underlying EC2 instances when the AWS Update Manager has not yet addressed these vulnerabilities
  • AWS allows us to implement a WAF, network denial of service protections, reducing the potential for availability disruptions
  • As needed, local redundancy is built-in via Elastic Beanstalk and autoscaling for AWS solutions
  • The control plane of this system is segmented using private subnets and VPC definitions to ensure confidentiality and integrity
  • TLS 1.2 is used by default for all network traffic, encrypting all transmission of information
  • Ansys Gateway powered by AWS is issued a SOC 2 Type II attestation report.
  • SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.
  • Contact us to learn more.