Ultimaker Cloud security

Ultimaker Cloud contains user-submitted information across several services. These services support functionality in Ultimaker Cura, Ultimaker Connect and other products.

Information submitted to Ultimaker Cloud is kept private and will be shared with Ultimaker or trusted third parties only after the user gives explicit consent. More information can be found in the chapters about data sharing and classification.

Information submitted to Ultimaker Cloud is encrypted in transit and at rest. More information can be found in the chapters about network and data center security.

Data sharing 

Ultimaker Cloud hosts separate types of information: public, private, and private until consent is given.

  • Public information refers to information like your username, which is publicly visible to other users when using services like the Ultimaker Marketplace and Ultimaker Community
  • Private information refers to information such as your email address, password, or usage patterns. This information is not shared with other parties
  • Private until consent is given applies to data being shared with third parties that integrate with the Ultimaker Cloud by means of OAuth 2.0. Prior to giving consent users will be presented with a screen that explains which data they are sharing and who they are sharing it with

More details about how Ultimaker handles customer data and privacy can be found in the Ultimaker privacy policy.

Data classification 

Ultimaker differentiates between product and process data. Product data is related to the printed object and process data is related to the process of printing this object. Ultimaker services are designed in such a way that the two data types are processed separately and independently from each other. This means that customers can choose to only upload process data to Ultimaker Cloud and keep their product data on-premise.

Network security 

All cloud-based data, including, but not limited to 3D files, G-code, Ultimaker Connect group statuses, and Ultimaker Marketplace source files, use HTTPS connections with industry standard 4096-bit RSA encryption. You can find a full report here.

Note: Connections between workstations running Ultimaker Cura and Ultimaker Connect within a local area network are not encrypted.

Data center security 

Ultimaker Cloud stores its data on the Google Cloud Platform (GCP). With GCP the data is stored redundantly across multiple devices, across multiple environmentally controlled facilities. These facilities use multiple levels of biometric security for physical access, as well as full encryption and sharding of all data at rest. All Ultimaker Cloud data centers are in the European Union.

Note: Ultimaker does not use any consumer services from Google and has contracts in place to ensure all Ultimaker data are kept private. Ultimaker uses the Virtual Private Cloud (VPC) functionality of GCP to segregate all network traffic. More details about security and privacy at Google Cloud can be found here.

Reliability

Ultimaker Cloud inherits the reliability of Google Cloud. More details can be found here. In addition data is backed up every three hours, encrypted and stored offline. In the unlikely event of data loss Ultimaker will be able to recover the data accordingly.

Note: Backup is not available for any data intentionally deleted. Once you have deleted your data this cannot be recovered.

Application security 

Ultimaker cloud applications and services are subject to continuous maintenance and automated security testing. These procedures ensure data center software is up-to-date, application dependencies are up-to-date and scanned for known vulnerabilities and exploits.

Internal controls 

Ultimaker grants access to data stored in the cloud by using the “principle of least privilege” through appropriate access control roles on a “need to know” basis. Sensitive information is redacted in application logging to ensure engineers cannot get access to this information.

Application code has been reviewed by at least one other engineer than the original author to ensure quality and lack of vulnerabilities. Furthermore, automated deployments prevent engineers from running application software manually in production without going via the proper processes.

Cancelling your account

If an Ultimaker account is canceled, the account’s data will be deleted as part of the cancelation process. If you wish to migrate or download your data, you can arrange for this service prior to cancelation. Deleted data is unrecoverable by design.

For more detailed information about security in the Ultimaker Cloud, or to cancel your account contact us at any time by submitting a request.

Responsible disclosure 

At Ultimaker, we consider security of our Cloud platform a top priority. No matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, please let us know as soon as possible via security@ultimaker.com. Please do not take advantage of the vulnerability and do not reveal the problem to others. To allow us to resolve the issue, please do provide us with sufficient information to reproduce the problem.

See the attachment for a downloadable PDF version of this document:

Was this article helpful?
3 out of 3 found this helpful

Comments

0 comments

Article is closed for comments.