Data sharing between semiconductor companies and EDA software companies has been critical to the advancement of the industry. But it’s had security issues and associated loss of trust along the way. For instance, there have been cases of customer designs shared as a testcase finding their way into a product demo without the consent of the customer. How did this happen? There was no malicious intent. The primary cause was that the shared data was not controlled within a secure vault and there was no tracking of how the data was used and by whom. There was also no clear way to return the data that was sent or ensure that all instances of the data were deleted. This has led to major B2B trust issues which then leads to longer bug fix cycles because data is not easily shared. A new approach is needed. Read on to see how NetApp is working to improve secure B2B data sharing for the semiconductor industry.
Why the Industry Needs Secure and Trusted B2B Data Sharing
As I have shared in previous articles, data is the ever-growing lifeblood of semiconductor design. Double digit data growth between 7, 5 and 3nm design nodes is straining design infrastructure. At the same time the value of that data is increasing. Data once deleted after successful or failed analysis is being saved so AI/ML models can train or learn from past design runs. Data shared for the joint development of AI/ML models is just one example of the importance of robust secure B2B data sharing solutions.
Let’s examine some of the key reasons for B2B data sharing in the semiconductor industry. These items won’t necessarily make big headlines, but they represent a crucial process to advance chip design. The following points highlight some scenarios of interest.
EDA vendor debug
EDA vendors will always require access to customer designs for software debug – this need will never go away. Concerns around sharing testcase data results in delays to gain access to the data, creating longer debug and resolution times. I have even heard stories of EDA teams trying to guess the cause of a problem when access to data was not an option. Rapid access to data is critical for fast issue resolution of issues and for meeting time to market goals.
EDA tools are rapidly building AI-enabled solutions. Machine learning (ML)/deep learning (DL) can reduce algorithm complexity, increase design efficiency and improve design quality. Training complex ML and DL models requires massive amounts of data. And in most cases, it is data EDA vendors don’t have. The data EDA vendors need is their customer’s design data. Secure data sharing is critical to the rapid advancement of AI in the semiconductor industry. The challenge is the volume and proprietary nature of the data further complicates sharing.
We have an NDA in place, so we’re covered, right? Most data sharing NDAs require that data be returnedand/or deleted once it is no longer needed. Verifying that all copies of sensitive data were fully deleted in compliance with an NDA is difficult at best.
Modern chip design is a team sport. IP providers, library vendors, tool vendors and design services teams all work together to meet critical design timelines and design goals. Secure data sharing to facilitate collaboration is critical for this process to work.
Can we change the way we think about secure data sharing?
Let’s talk about the roles and responsibilities of Data Owners and Data Users.
- Data Owners should be able to share data into a data user’s secure walled off datacenter while still retaining complete visibility and control over WHO can access the data and WHAT systems can access the data. There should be visibility into how often the data is accessed with the ability to highlight anomalous data access patterns. Data Owners should be able to monitor the security attributes of the systems that have access to the data
- Data Users should be able to use or share data in their own secure walled off datacenter where they have access to their own resources and tools. They should be able to access the data for approved processes such as test case debug, AI model development and for design collaboration. Data sets are often so large that it is impractical to expect the Data Owners to host the compute and storage resource for development. So, it is often critical to have access to the data in Data User’s own datacenter.
The NetApp Approach
NetApp’s ONTAP storage operating system is used by all of the top semiconductor and EDA companies. ONTAP is also used in all of the 3-letter acronym government facilities today for data sharing. This means that B2B secure data is most likely already a possibility. Because NetApp’s ONTAP storage operating system runs in all of the commercial clouds, B2B data sharing can be done datacenter-to-datacenter, datacenter-to-cloud or cloud-to-cloud, all with the same controls and monitoring. You can learn more about ONTAP from this prior post.
You can also get a broad view of NetApp’s approach to security here. There is a very useful technical report available from NetApp. A link is coming.
First, let’s take a look at some of the capabilities that allow NetApp to enable secure B2B data sharing for the semiconductor industry.
- Support for Zero-Trust security architectures
- Virtual Storage Machine (SVM) – this enables data to be walled off on a shared storage system. This is effectively a secure multi-tenant data storage environment. SVM allows for role-based access that allows controlled access to allow Data Owners to monitor the storage environment even inside the Data User’s datacenter for real time auditing
- Secure data transfer via SnapMirror or FlexCache means no more downloading and untar’ing data.Data is automatically transferred from one ONTAP filer to another with data encryption both at rest and in flight. An added benefit is the data is always up to date in the case of rapidly changing data sets
- Data encryption both with encrypted or unencrypted drive with external key manager is supprted
- Secure data shredding is supported
- NFS and SMB security with Kerberos is supported
- Military grade data security credentials are supported. ONTAP is EAL 2+ and FIPS 140-2 certified
- File-level granular event monitoring with integration is security information and event management (SIEM) partners is available and supports:
- Log management and compliance reporting
- Real-time monitoring and event management. This provides visibility of WHO is accessing the data, what systems are accessing the data and how often the data is being accessed.
- Integration into third party security tools like:
- Splunk-based system monitoring to report changes to the system
- Cloud Secure technology also monitors for anomalous access patterns alerting the Data Owners of suspicious access patterns
The B2B Data Owner has the ability to securely transmit data, revoke data, monitor the usage and access pattern of data, monitor and alert when the secure Zero-Trust infrastructure has been changed, etc.
I’ve only scratched the surface here. NetApp offers a lot of capability to create a trusted, secure environment. NetApp is working to improve secure B2B data sharing for the semiconductor industry.
The views, thoughts, and opinions expressed in this blog belong solely to the author, and not to the author’s employer, organization, committee or any other group or individual.