Cadence OnCloud Security

Cadence software development teams follow shift-left security practice within the SDLC early and often as part of SecDevOps. Continuous security assessments are applied during development operations by integrated security tools at the source code repository, build, and artifact level. Scheduled and ad-hoc builds integrate Static Application Security Testing (SAST) to highlight areas in need of secure code review for sanitization, input validation, encryption standards, and other security flaws. Open-source software (OSS) security is enforced through vetted components within a closed build environment. Once the artifacts for software distribution are assembled, they are scanned with Software Composition Analysis (SCA) tools to complete supply chain assurance. Released products undergo Dynamic Application Security Testing (DAST) and manual penetration by internal and external vendors to expose misuse cases and identify weaknesses within the software. Cadence software deployed to hybrid cloud environments is protected with Real-time Application Security Protection (RASP), DDOS, and WAF controls.

The Cadence OnCloud hybrid environment implements hardened security template designs and standards to ensure consistently applied security settings and controls for software deployment in the cloud. Secure cloud infrastructure is implemented with state-of-the-art edge protections for stateful inspection, global availability, redundancy, monitoring, and the separation and protection of customer data in this multi-tenancy environment.

All endpoints are deployed with an Endpoint Detection and Response (EDR) tool to identify malicious activities, communications, and standard signature-based threats. Endpoints are protected behind serverless APIs and provide user access to custom tool environments. Workloads are processed on dedicated instances to segregate customer data.

Strict user data separation and access controls are enforced throughout the shared tenancy. Data is encrypted at rest and in transit.

Single Sign-On (SSO), MFA, and role-based access are all configured for Cadence OnCloud.

Continuous Threat Monitoring and Behavior Analytics ensure cloud security baselines are enforced and maintained. SOC teams actively manage and respond to security incidences and behavioral abnormalities.

Endpoints undergo monthly patching and scheduled vulnerability scans. Cloud infrastructure and serverless components are monitored for upgrade requirements. Component inventory is continuously monitored for new exploits and vulnerabilities.