Web-based solutions and security

[1eyedkunt]

So we're considering some different technological options for project/knowledge/contact management at my work and it seems to me that there are a lot of web-based solutions that might work for us. However, our operations manager is completely paranoid about storing anything off of our servers, or even letting people have home access to our system

Comments

[icarus88]

From Usual Suspects (more if others respond):

From a very generic standpoint, security (not just computer security) is all about tradeoffs, not absolutes. The more directions you allow access from, the more likely you'll run into a hole or security issue.

The tradeoffs are going to be specific to each person's case (whether you allow files on laptops, access via web, etc.). In the case of people who are in charge of such things, it's often a question of what the person in charge has to be responsible for. It's just as often that the responsibilities why people will argue against such things more than the budget.

[1eyedkunt]

thanks hun!

[netik]

It depends on the nature of the business, it's data, and what the acceptable level of risk is in storing the data offsite.

With Google, you're storing data in a system which will exceed any availability, security, or storage standards that your office manager can execute. The problem is, is that your data will be stored (over an encrypted transit) at a 3rd party's site which is under no obligation to secure your data or stop it from being served up to any law enforcement agency who asks for it.

I consult on these sorts of things, for a nominal fee ;)

[1eyedkunt]

yeah, we could certainly use a consultant on this, but I don't think anyone's willing to spring for it, so we're using the flying-by-the-seat-of-our-pants method. fun!

dinner soon!