Cloud & Infrastructure
IT Strategy
How Do Engineering Firms Manage Secure Access to Project Files Across Office, Site and Home?

March 24, 2026

Home
News
How Do Engineering Firms Manage Secure Access to Project Files Across Office, Site and Home?
Share News Article
Twitter
LinkedIn
Facebook

An engineer on-site needs to check the latest structural drawings. A director working from home needs to review a model before a client call. A graduate in the office is coordinating with a contractor who needs access to a specific set of documents. All of this is happening simultaneously, across different devices and locations, and the files involved are sensitive, large, and constantly being updated.

This is the daily reality for most civil and structural engineering practices in London. Managing it well requires more than a shared folder and a prayer. It requires a considered approach to how files are stored, who can access them, from where, and how changes are tracked and controlled.

Get it wrong, and the consequences range from version control disasters to genuine security incidents involving sensitive client data and proprietary structural designs.

This article covers how engineering firms are approaching this challenge, and what a properly structured solution actually looks like.

In this article:

  • Why engineering file access is more complex than most businesses
  • The Common Data Environment, and why it matters
  • VPN vs cloud: understanding the difference
  • Version control: the problem most firms underestimate
  • Securing access for site teams and external collaborators
  • What good remote access actually looks like in practice
  • The questions worth asking your IT provider

Why engineering file access is more complex than most businesses

Most businesses deal with documents and spreadsheets. Engineering firms deal with those too, but also with large BIM models, CAD files, point cloud data and structural analysis files that can run to several gigabytes each. These files behave differently from standard business documents: they can't always be edited collaboratively in real time, they take longer to sync, and they place significant demands on network connections and storage infrastructure.

At the same time, engineering projects involve multiple stakeholders: structural engineers, civil engineers, architects, contractors, clients and specialist consultants. Each needs access to some files, but not necessarily all of them. Managing permissions across that group, and keeping access rights updated as project teams change, is an operational challenge that many firms handle inconsistently.

According to the UK BIM Framework, best practice in information management centres on a single source of truth for project information, with clear protocols around who can access, edit and approve data at each stage. In practice, many firms fall well short of this; not because they don't understand the principle, but because their IT infrastructure doesn't support it properly.

The Common Data Environment, and why it matters

A Common Data Environment (CDE) is the structured, centralised system through which project information is shared and managed. It's a concept central to BIM Level 2 compliance and is increasingly expected by public sector clients and larger contractors.

In practical terms, a CDE is not just a shared folder. It defines workflow stages for documents, from work in progress through to shared, published and archived states, and enforces approval processes before information moves between those stages. This prevents engineers from working from files that haven't been formally issued, and creates an auditable record of who accessed and approved what.

Platforms like Autodesk Construction Cloud, Bentley ProjectWise and Egnyte are commonly used as CDE platforms in structural and civil engineering. Each has different strengths depending on the software your team already uses: a firm running primarily Revit and AutoCAD will find Autodesk Construction Cloud integrates most naturally, while ProjectWise is typically preferred in heavier civil engineering and infrastructure environments.

The key point is that a CDE only works if it's properly configured and consistently used. A platform that's set up but not enforced quickly becomes another folder structure that everyone works around.

VPN vs cloud: understanding the difference

For many firms, the conversation about remote access starts with the question of VPN versus cloud. The answer is not always straightforward.

A Virtual Private Network (VPN) creates an encrypted tunnel between a remote device and the firm's on-premise server infrastructure. It's a well-established approach and can work well, but it has limitations for engineering work. VPN performance degrades significantly when engineers are transferring large files over it, and it creates a single point of failure: if the VPN connection drops, work stops. For site teams using mobile connections, this can be a persistent frustration.

Cloud-based access; where project files are stored on platforms like Microsoft Azure, SharePoint or a dedicated engineering cloud solution, eliminates the VPN bottleneck. Files are accessed directly from the cloud rather than tunnelled back through an office server. This generally performs better for remote and site-based access, particularly for read-only review of large models.

The trade-off is that cloud solutions require careful configuration to ensure security. Files sitting in a cloud environment are only as secure as the access controls and authentication processes around them. Multi-factor authentication (MFA), role-based access permissions and audit logging are non-negotiable in a properly configured cloud setup. Without them, you're trading one set of problems for a different one.

Many London engineering firms now operate a hybrid model: on-premise infrastructure for the most sensitive data and day-to-day studio work, with cloud solutions handling collaborative access and site connectivity.

Version control: the problem most firms underestimate

Version control is where remote access arrangements most commonly fail in engineering environments. The scenario is familiar: two engineers are working on different versions of the same drawing, one on site and one in the office. Without a properly enforced version control system, both save changes, and the firm ends up with conflicting files that are difficult to reconcile.

In BIM workflows, this problem is compounded by the size and complexity of model files. Unlike a Word document, a Revit model can't simply be compared line by line. Identifying where two versions diverge and which is authoritative can take significant time.

The solution isn't just technical: it's process and infrastructure working together. File naming conventions, check-in and check-out protocols, and clearly defined roles for who can issue and approve documents all matter. But those processes need to be supported by infrastructure that enforces them rather than allowing engineers to bypass them by saving locally or emailing files between colleagues.

A well-configured CDE platform handles much of this automatically. But it needs to be the single point of access, not one option among several.

Securing access for site teams and external collaborators

Site access presents a specific challenge. Engineers and site managers working on construction sites may be using company laptops, personal devices, or tablets, often over mobile data connections. Ensuring those devices meet security standards and that access is revoked promptly when someone leaves a project requires active device management rather than a set-and-forget approach.

Mobile Device Management (MDM) tools allow IT teams to enforce security policies on devices accessing firm data, apply updates remotely, and wipe devices if they're lost or stolen. For firms where engineers regularly work on site, MDM is an important layer of protection that many overlook.

External collaborators, like contractors, specialist consultants, and clients, are another area of risk. Sharing project files via email or generic file-sharing links offers no audit trail and no control over what happens to those files once they leave the firm. Properly configured CDE platforms allow external access through controlled, permissioned links with defined expiry dates and access levels, keeping the firm in control of its data throughout the project lifecycle.

What good remote access actually looks like in practice

A well-structured remote access setup for a civil or structural engineering firm typically involves several layers working together:

Centralised file storage 

Project data lives in one place, whether on-premise NAS with cloud sync, or a dedicated engineering cloud platform. Engineers are not storing project files locally on their machines as a matter of course.

Role-based access controls 

Each person can see and edit only what they need to. Access is reviewed and updated when project teams change.

Multi-factor authentication 

All remote access, whether via VPN or cloud, requires MFA. This is a basic but often overlooked protection.

Audit logging 

The firm has visibility over who accessed what and when. This matters both for security and for professional liability.

Clear version control protocols 

Supported by the platform, not just documented in a policy that nobody reads.

Device management 

Particularly for site-based and remote workers, ensuring devices meet security standards before they connect to firm data.

None of this requires cutting-edge technology. It requires the right configuration of tools that most engineering firms already have access to, or could access through their IT provider.

The questions worth asking your IT provider

If you're not sure whether your current setup meets the standard above, a few questions are worth putting to your IT provider:

Where are our project files actually stored, and who controls access to that storage? 

How is access managed when an engineer leaves a project or leaves the firm? 

What happens to our data if our VPN or cloud provider has an outage? 

Do we have audit logs showing who accessed project files and when? 

Are devices used by site teams and remote workers managed and secured?

If the answers are vague, or if the honest answer to some of these is "we're not sure," that's a useful starting point for a conversation. The infrastructure for doing this well exists and is not prohibitively expensive: but it does need to be properly set up and maintained.

For more on the cybersecurity side of protecting sensitive engineering data, our article on what your engineering firm's data security actually looks like is worth a read. And if version control and remote access are concerns your firm is actively dealing with, our guide to how to keep an eye on your IT infrastructure covers the monitoring side of keeping things running smoothly.

Managing secure file access across office, site and home is one of the more complex IT challenges facing engineering practices, and one where getting it wrong has direct consequences for project delivery and data security. Lyon Tech supports civil and structural engineering firms across London with IT infrastructure designed for the way engineering teams actually work. Find out more about our IT support for engineering firms.

Write to us,
we will get back to you soon

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Cloud & Infrastructure
IT Strategy

How Do Engineering Firms Manage Secure Access to Project Files Across Office, Site and Home?

March 24, 2026

Home
News
How Do Engineering Firms Manage Secure Access to Project Files Across Office, Site and Home?
Share News Article
X
LinkedIn
Civil and structural engineering teams rarely work from a single location. Project files need to be accessible from the office, from site, and increasingly from home, but accessible doesn't mean unprotected. This article covers the main approaches engineering firms use to manage secure file access across multiple locations, the common pitfalls around version control and data security, and what good looks like in practice.

Jump straight to...

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

An engineer on-site needs to check the latest structural drawings. A director working from home needs to review a model before a client call. A graduate in the office is coordinating with a contractor who needs access to a specific set of documents. All of this is happening simultaneously, across different devices and locations, and the files involved are sensitive, large, and constantly being updated.

This is the daily reality for most civil and structural engineering practices in London. Managing it well requires more than a shared folder and a prayer. It requires a considered approach to how files are stored, who can access them, from where, and how changes are tracked and controlled.

Get it wrong, and the consequences range from version control disasters to genuine security incidents involving sensitive client data and proprietary structural designs.

This article covers how engineering firms are approaching this challenge, and what a properly structured solution actually looks like.

In this article:

  • Why engineering file access is more complex than most businesses
  • The Common Data Environment, and why it matters
  • VPN vs cloud: understanding the difference
  • Version control: the problem most firms underestimate
  • Securing access for site teams and external collaborators
  • What good remote access actually looks like in practice
  • The questions worth asking your IT provider

Why engineering file access is more complex than most businesses

Most businesses deal with documents and spreadsheets. Engineering firms deal with those too, but also with large BIM models, CAD files, point cloud data and structural analysis files that can run to several gigabytes each. These files behave differently from standard business documents: they can't always be edited collaboratively in real time, they take longer to sync, and they place significant demands on network connections and storage infrastructure.

At the same time, engineering projects involve multiple stakeholders: structural engineers, civil engineers, architects, contractors, clients and specialist consultants. Each needs access to some files, but not necessarily all of them. Managing permissions across that group, and keeping access rights updated as project teams change, is an operational challenge that many firms handle inconsistently.

According to the UK BIM Framework, best practice in information management centres on a single source of truth for project information, with clear protocols around who can access, edit and approve data at each stage. In practice, many firms fall well short of this; not because they don't understand the principle, but because their IT infrastructure doesn't support it properly.

The Common Data Environment, and why it matters

A Common Data Environment (CDE) is the structured, centralised system through which project information is shared and managed. It's a concept central to BIM Level 2 compliance and is increasingly expected by public sector clients and larger contractors.

In practical terms, a CDE is not just a shared folder. It defines workflow stages for documents, from work in progress through to shared, published and archived states, and enforces approval processes before information moves between those stages. This prevents engineers from working from files that haven't been formally issued, and creates an auditable record of who accessed and approved what.

Platforms like Autodesk Construction Cloud, Bentley ProjectWise and Egnyte are commonly used as CDE platforms in structural and civil engineering. Each has different strengths depending on the software your team already uses: a firm running primarily Revit and AutoCAD will find Autodesk Construction Cloud integrates most naturally, while ProjectWise is typically preferred in heavier civil engineering and infrastructure environments.

The key point is that a CDE only works if it's properly configured and consistently used. A platform that's set up but not enforced quickly becomes another folder structure that everyone works around.

VPN vs cloud: understanding the difference

For many firms, the conversation about remote access starts with the question of VPN versus cloud. The answer is not always straightforward.

A Virtual Private Network (VPN) creates an encrypted tunnel between a remote device and the firm's on-premise server infrastructure. It's a well-established approach and can work well, but it has limitations for engineering work. VPN performance degrades significantly when engineers are transferring large files over it, and it creates a single point of failure: if the VPN connection drops, work stops. For site teams using mobile connections, this can be a persistent frustration.

Cloud-based access; where project files are stored on platforms like Microsoft Azure, SharePoint or a dedicated engineering cloud solution, eliminates the VPN bottleneck. Files are accessed directly from the cloud rather than tunnelled back through an office server. This generally performs better for remote and site-based access, particularly for read-only review of large models.

The trade-off is that cloud solutions require careful configuration to ensure security. Files sitting in a cloud environment are only as secure as the access controls and authentication processes around them. Multi-factor authentication (MFA), role-based access permissions and audit logging are non-negotiable in a properly configured cloud setup. Without them, you're trading one set of problems for a different one.

Many London engineering firms now operate a hybrid model: on-premise infrastructure for the most sensitive data and day-to-day studio work, with cloud solutions handling collaborative access and site connectivity.

Version control: the problem most firms underestimate

Version control is where remote access arrangements most commonly fail in engineering environments. The scenario is familiar: two engineers are working on different versions of the same drawing, one on site and one in the office. Without a properly enforced version control system, both save changes, and the firm ends up with conflicting files that are difficult to reconcile.

In BIM workflows, this problem is compounded by the size and complexity of model files. Unlike a Word document, a Revit model can't simply be compared line by line. Identifying where two versions diverge and which is authoritative can take significant time.

The solution isn't just technical: it's process and infrastructure working together. File naming conventions, check-in and check-out protocols, and clearly defined roles for who can issue and approve documents all matter. But those processes need to be supported by infrastructure that enforces them rather than allowing engineers to bypass them by saving locally or emailing files between colleagues.

A well-configured CDE platform handles much of this automatically. But it needs to be the single point of access, not one option among several.

Securing access for site teams and external collaborators

Site access presents a specific challenge. Engineers and site managers working on construction sites may be using company laptops, personal devices, or tablets, often over mobile data connections. Ensuring those devices meet security standards and that access is revoked promptly when someone leaves a project requires active device management rather than a set-and-forget approach.

Mobile Device Management (MDM) tools allow IT teams to enforce security policies on devices accessing firm data, apply updates remotely, and wipe devices if they're lost or stolen. For firms where engineers regularly work on site, MDM is an important layer of protection that many overlook.

External collaborators, like contractors, specialist consultants, and clients, are another area of risk. Sharing project files via email or generic file-sharing links offers no audit trail and no control over what happens to those files once they leave the firm. Properly configured CDE platforms allow external access through controlled, permissioned links with defined expiry dates and access levels, keeping the firm in control of its data throughout the project lifecycle.

What good remote access actually looks like in practice

A well-structured remote access setup for a civil or structural engineering firm typically involves several layers working together:

Centralised file storage 

Project data lives in one place, whether on-premise NAS with cloud sync, or a dedicated engineering cloud platform. Engineers are not storing project files locally on their machines as a matter of course.

Role-based access controls 

Each person can see and edit only what they need to. Access is reviewed and updated when project teams change.

Multi-factor authentication 

All remote access, whether via VPN or cloud, requires MFA. This is a basic but often overlooked protection.

Audit logging 

The firm has visibility over who accessed what and when. This matters both for security and for professional liability.

Clear version control protocols 

Supported by the platform, not just documented in a policy that nobody reads.

Device management 

Particularly for site-based and remote workers, ensuring devices meet security standards before they connect to firm data.

None of this requires cutting-edge technology. It requires the right configuration of tools that most engineering firms already have access to, or could access through their IT provider.

The questions worth asking your IT provider

If you're not sure whether your current setup meets the standard above, a few questions are worth putting to your IT provider:

Where are our project files actually stored, and who controls access to that storage? 

How is access managed when an engineer leaves a project or leaves the firm? 

What happens to our data if our VPN or cloud provider has an outage? 

Do we have audit logs showing who accessed project files and when? 

Are devices used by site teams and remote workers managed and secured?

If the answers are vague, or if the honest answer to some of these is "we're not sure," that's a useful starting point for a conversation. The infrastructure for doing this well exists and is not prohibitively expensive: but it does need to be properly set up and maintained.

For more on the cybersecurity side of protecting sensitive engineering data, our article on what your engineering firm's data security actually looks like is worth a read. And if version control and remote access are concerns your firm is actively dealing with, our guide to how to keep an eye on your IT infrastructure covers the monitoring side of keeping things running smoothly.

Managing secure file access across office, site and home is one of the more complex IT challenges facing engineering practices, and one where getting it wrong has direct consequences for project delivery and data security. Lyon Tech supports civil and structural engineering firms across London with IT infrastructure designed for the way engineering teams actually work. Find out more about our IT support for engineering firms.

About Lyon Tech
About Lyon TechCivil and structural engineering firms depend on high-performance, always-available systems to deliver projects on time. Lyon Tech provides specialist IT support for civil and structural engineering firms across London — helping practices keep their hardware running at full capacity, their project data secure, and their engineers focused on the work that matters. Learn more about our IT support for engineering firms.
Explore more

Sign up for monthly updates

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thin white curved line forming loops and waves on a black background.

Related Articles

Construction in 2025: Which AI Tools are Most Useful?

Read More

Revit in 2026: Features, Performance Gains, and Infrastructure Demands

Read More

Vectorworks vs ArchiCAD: a Guide for Architects

Read More
Cloud & Infrastructure
IT Strategy
Architecture, Engineering and Construction Industries
Senior Leadership