cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Help us improve the PTC Community by taking this short Community Survey! X

Cybersecurity Concerns / Large Customer

Go to solution
victor1790
9-Granite
9-Granite
‎May 29, 2020 09:29 AM
‎May 29, 2020 09:29 AM

Cybersecurity Concerns / Large Customer

Hi All, I have some questions that were brought from a customer cybersecurity team, hope you could help me clarify..     

 

Based on the document “FAD_ChalkSecurityOverview_Apr_2020”, this looks like PTC built a SaaS solution on AWS. However:

  1.       How is PTC’s Chalk service setup in AWS? Does PTC uses AWS as IaaS or PaaS or SaaS?  
  2.       It mentioned that the Chalk service uses AWS’s Cognito for access control.  How will admin and user be authenticated?  Any MFA used?
  3.       Does it has PEN test report from a 3rd party
  4. PTC has placed the user access control responsibilities onto their customers.  So how will the user account, password/MFA policy be managed and how will the user access be monitored?  For any information stored in the Chalk, who will be responsible for deleting them when no longer needed?   

Hope somebody could help me.

 

Regards

 

VF

Preview file
272 KB
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
tmccombie
21-Topaz I
21-Topaz I
(To:victor1790)
‎May 29, 2020 10:59 AM
‎May 29, 2020 10:59 AM

Hi @victor1790 

 

I've asked for clarification on number 1 from our product team. I'll do my best to answer the rest:

 

2.  Chalk user authentication and user identity is managed by Amazon Web Services (Cognito). Additionally, different roles are assigned to users within the Chalk application for managing access. Chalk offers SAML-based SSO if the customer prefers to manage user authentication themselves. Vuforia Chalk admins invite users to the system by email, both for direct and single sign-on (SSO) authentication. Access to any user data requires successful authentication. When using the Vuforia Chalk SAML-based SSO capability, customers can rely on their own Identity Management System (IdMS) for User Identity Authentication. User management (granting SSO-federated users access to Chalk, removing users from Chalk access, modifying their personal information, etc) is managed through the Chalk Admin Center, irrespective of the authentication provider (SSO or direct with Chalk). There are authorization rules to restrict based on role-based privileges.

 

3.  Yes, vulnerabilities are scanned as part of internal and third-party penetration testing which has been performed for all software components.

 

4. Customers can enable MFA, enforce password limits, etc by using federated authenticaion (SSO). I think the answer to #2 covers this question as well. 

View solution in original post

Notify Moderator
4 REPLIES 4
tmccombie
21-Topaz I
21-Topaz I
(To:victor1790)
‎May 29, 2020 10:59 AM
‎May 29, 2020 10:59 AM

Hi @victor1790 

 

I've asked for clarification on number 1 from our product team. I'll do my best to answer the rest:

 

2.  Chalk user authentication and user identity is managed by Amazon Web Services (Cognito). Additionally, different roles are assigned to users within the Chalk application for managing access. Chalk offers SAML-based SSO if the customer prefers to manage user authentication themselves. Vuforia Chalk admins invite users to the system by email, both for direct and single sign-on (SSO) authentication. Access to any user data requires successful authentication. When using the Vuforia Chalk SAML-based SSO capability, customers can rely on their own Identity Management System (IdMS) for User Identity Authentication. User management (granting SSO-federated users access to Chalk, removing users from Chalk access, modifying their personal information, etc) is managed through the Chalk Admin Center, irrespective of the authentication provider (SSO or direct with Chalk). There are authorization rules to restrict based on role-based privileges.

 

3.  Yes, vulnerabilities are scanned as part of internal and third-party penetration testing which has been performed for all software components.

 

4. Customers can enable MFA, enforce password limits, etc by using federated authenticaion (SSO). I think the answer to #2 covers this question as well. 

Notify Moderator
victor1790
9-Granite
9-Granite
(To:tmccombie)
‎May 29, 2020 11:06 AM
‎May 29, 2020 11:06 AM

Hi @tmccombie

 

thank you very much for your help. With regards to your answers:

 

3.- Can PTC share this reports (PEN) or provide a document where the PEN test are referenced?

 

4.- What happens when a customer ends its subscription? How is their information handled? Does PTC delete it? Is there any document referring this?

 

Thanks again!

 

VF

 

 

 

 

0 Kudos
Notify Moderator
tmccombie
21-Topaz I
21-Topaz I
(To:victor1790)
‎Jun 02, 2020 10:38 AM
‎Jun 02, 2020 10:38 AM

Hi Victor

 

1. We use AWS as a PaaS and IaaS provider with Chalk being SaaS

 

3. You can email VuforiaComplianceTeam@ptc.com  for a copy of our SOC 2 report

 

I'm getting clarification on 4 and will update you once I have it. 

 

 

Notify Moderator
tmccombie
21-Topaz I
21-Topaz I
(To:tmccombie)
‎Jun 03, 2020 11:16 AM
‎Jun 03, 2020 11:16 AM

For number 4, please see below.

 

When a customer's subscription ends, their account will go into “Suspended” where they would no longer have access to the Chalk Admin Center. Their data footprint is low (i.e., Company Info, User List and Session Activity) - but we can purge the data and export that data if requested by the customer.

Notify Moderator
Announcements

Contact Community Management
Top Tags