Datasheet
Cadence OnCloud Security
The Cadence OnCloud platform has layered security protection. It follows Defense in-Depth (DiD) principles in the protection of systems and data. Cadence uses industry security frameworks, standards, and processes to manage its security and risks.
Overview
Application and Software
Cadence software development teams follow shift-left security practice within the SDLC early and often as part of SecDevOps. Continuous security assessments are applied during development operations by integrated security tools at the source code repository, build, and artifact level. Scheduled and ad-hoc builds integrate Static Application Security Testing (SAST) to highlight areas in need of secure code review for sanitization, input validation, encryption standards, and other security flaws. Open-source software (OSS) security is enforced through vetted components within a closed build environment. Once the artifacts for software distribution are assembled, they are scanned with Software Composition Analysis (SCA) tools to complete supply chain assurance. Released products undergo Dynamic Application Security Testing (DAST) and manual penetration by internal and external vendors to expose misuse cases and identify weaknesses within the software. Cadence software deployed to hybrid cloud environments is protected with Real-time Application Security Protection (RASP), DDOS, and WAF controls.
Network
The Cadence OnCloud hybrid environment implements hardened security template designs and standards to ensure consistently applied security settings and controls for software deployment in the cloud. Secure cloud infrastructure is implemented with state-of-the-art edge protections for stateful inspection, global availability, redundancy, monitoring, and the separation and protection of customer data in this multi-tenancy environment.
Device and Infrastructure Server
All endpoints are deployed with an Endpoint Detection and Response (EDR) tool to identify malicious activities, communications, and standard signature-based threats. Endpoints are protected behind serverless APIs and provide user access to custom tool environments. Workloads are processed on dedicated instances to segregate customer data.
Data Protection
Strict user data separation and access controls are enforced throughout the shared tenancy. Data is encrypted at rest and in transit.
IAM Authentication and Access
Single Sign-On (SSO), MFA, and role-based access are all configured for Cadence OnCloud.
Security Operations and Incident Response (IR)
Continuous Threat Monitoring and Behavior Analytics ensure cloud security baselines are enforced and maintained. SOC teams actively manage and respond to security incidences and behavioral abnormalities.
Continuous Vulnerability Assessments and Management
Endpoints undergo monthly patching and scheduled vulnerability scans. Cloud infrastructure and serverless components are monitored for upgrade requirements. Component inventory is continuously monitored for new exploits and vulnerabilities.