Twitter Updates

    follow me on Twitter

    Friday, May 29, 2009

    Backup Software as a thief-catching device?

    This is kind of random, but here's an article about how the backup software on a laptop led to the capture of the bloke who stole it: http://perens.com/works/articles/Burglar/

    Make sure you automatically backup those pictures!

    www.dataknoxx.com
    Posted by at No comments:

    Wednesday, May 6, 2009

    Cloud File Storage Solution




    As a follow-up to my last post, I have been looking at what solution would provide the most secure, extensible, and easy-to-use solution to storing documents online for small businesses. Here is what I have come up with to this point.

    Most solutions that I have seen or read about involve either implementing WebDAV, custom web service-based API's, or a combination of the two. They both have their advantages and disadvantages:

    WebDAV
    Advantages are that no custom development is required on the protocol side, it's a widely-used standard, so it would be interoperable with many systems and clients, and it is easily secured.

    It is an interesting solution because, as it's named Web-based Distributed Authoring and Versioning, it was intended for content-management systems but appears to have been extended to general file-storage. Therefore, it may not have the complete feature-set that is required by users when storing and sharing their files.

    Custom APIs
    Custom APIs definitely have the advantage that you can program them to do anything you want without breaking a standard like WebDAV. However, the upfront and maintenance costs may be prohibitive and anything you develop would not be interoperable with other systems.

    The Solution
    So, looking at these two options, I would opt for WebDAV. For a proper solution, it would have the following requirements:
    1. Be Secure
    • SSL-based transport
    • Strong Authentication
    • Encrypted on disk
    2. Integrate with daily usage
    • Be mountable as a drive in Windows
    • Synchronize automatically (assuming local file cache)
    • Automatically mount without user interaction
    3. Be Searchable
    • Search is where it's at. Perhaps a local searchable index would be a solution to this requirement.
    The authentication is a large requirement and from what I can tell, most providers are simply using password-based authentication. I think that to be truly secure, the authentication must be certificate-based. That would help make it more seamless, too because the user would not have to necessarily enter a password. The simple presence of the certificate would provide strong evidence that the user (or the user's machine) has access to the files. Obviously, certificate plus password would provide the strongest level of authentication being that it is two-factor.

    So, what I am thinking is this:
    • WebDAV-based solution with Apache, mod_ssl (for secure transport and authentication), mod_dav (for WebDAV support)
    • Client-based certificate for machine-based authentication
    • Ability to mount the system as a drive
    • Local Index for search
    • Optionally, a web-based console for remote file access
    Other "wish list" items may include:
    • Ability to share documents, or a subset of documents with partners. They could access the system web-based using short-term certificates.
    • Local file cache to optimize speed.
    • A device that plugs into a local network that handles all of the above functionality and presents a file share. This is where the rubber hits the road!
    I would be interested to hear what others think on this topic. Be it requirements, possible solutions, or experience with these solutions.
    Posted by at No comments:
    Labels: , , , ,

    Friday, May 1, 2009

    Initial Thoughts on Online Document Storage

    This represents my currents thoughts on the topic of online document storage.  It's Friday night and I've got Ted Turner on CNN, so perhaps my thoughts are not the most coherent.  
    Nonetheless, here goes:

    When I talk to many small business owners about online services, they want to talk about their documents.  The common requirements tend to include:
    1. Be able to have quick and reliable access to their documents
    2. Access the documents from everywhere
    3. Share documents with business partners 
    4. Do all of this in a very secure manner.

    So basically they want to have their cake and eat it too.

    The discussion inevitably guides itself towards online document storage.  Google Docs, Windows Live, etc.  It seems perfect: Your documents are available from anywhere, you can share them with others, and it's relatively easy.

    So I ask: Why don't you sign up then?

    The answer varies from: "Well, you know Google is indexing my documents." to "I don't want Microsoft holding all of my docs." to "I don't trust those sons of a *gun*!"

    So, the short answer: TRUST

    My question for providers of online document storage: How do you convince your clients that 
    a) Their data is safe from intruders? 
    b) Their data is safe from you? 
    c) Their data is safe from system failure?

    Further thoughts that I may write about later include providing a service to your clients that's seamless, flexible, and secure.

    In the mean time, any thoughts are welcome.

    Posted by at 4 comments:
    Labels: , ,
    Subscribe to: Posts (Atom)