Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Secure DropBox Alternative For a Small Business?

Posted by timothy on from the unknown-lamer-favors-afs dept.

First time accepted submitter MrClappy writes "I manage the network for a defense contractor that needs a cloud-based storage service and am having a lot of trouble finding an appropriate solution that meets our requirements. We are currently using DropBox and I am terrified of seeing another data leak like last year. Some of our data is classified under International Traffic in Arms Regulations (ITAR) which requires that all data to remain inside the US, including any cloud storage or redundant backups. We tried using Box as a more secure replacement but ended up canceling the service due to lack of functionality; 40,000 file sync limit, Linux-based domain controller compatibility issues and the fact that the sync application does not work while our computers are locked (which is an explicit policy for my users). I've been calling different companies and just can't seem to find a decent solution. Unless I'm severely missing something, I'm just blown away that no one offers this functionality with today's tech capabilities. Am I wrong?"

8 of 274 comments (clear)

  1. You are kidding right? by MerlynEmrys67 · · Score: 5, Informative

    You want "Someone Else" to manage your data that is classified under ITAR? Uhmmm... Why don't you build your backup solution - put links in to remote data centers and handle the problem correctly and professionally. The last thing we need is some external entity getting a hold of this stuff because you don't want to have the budget to do things right instead of at a consumer level.
    Gah - I can't believe this is even a question

    --
    I have mod points and I am not afraid to use them
    1. Re:You are kidding right? by ravenswood1000 · · Score: 5, Informative

      Try Owncloud or Ajaxplorer for your own cloud solution maybe.

    2. Re:You are kidding right? by Trepidity · · Score: 4, Informative

      For something Dropbox-like in UI that you can point to your own servers, some options are:

      * Git-Annex Assistant: Despite its name, git is sort of an implementation detail you can ignore. It doesn't actually revision-control all your files, so you don't get huge bloat with binary files that are edited. One nice thing it does is integrate syncing with offline storage, so you can e.g. set up a remote server to sync to live, *and* set up a USB-connected hard drive to sync to when it's attached. When the USB drive is offline git-annex will still remember what files were on it.

      * Sparkleshare: a front-end that does version-control all your files, which might be preferable if you are sharing small-ish files where you might want to recover a previous version (e.g., text documents). Less good than Git-Annex Assistant if you're sharing huge media files, possibly better if you aren't.

      See also this Slashdot discussion from two years ago.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  2. Never going to find one by Archfeld · · Score: 5, Informative

    I've worked contingency operations and recovery for data under federal regulations. You will NEVER find a service that will provide the kind of security, financial and geographical restrictions that you really need. That is the single most compelling reason why banks have backup data centers...

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
  3. Calm down people... by krbvroc1 · · Score: 4, Informative

    I'm sure he does not mean 'Classified' information. He means classified under ITAR. It was probably a poor choice of word to use classified rather than categorized.

  4. AWS GovCloud by Anonymous Coward · · Score: 5, Informative

    I know that Amazon Web Services have several cloud-based sites that are certified to not allow traffic out of the US (I work there currently). I don't know how it fits your other needs, but there are a number of government agencies that use them.

    Look here -> https://aws.amazon.com/govcloud-us/

  5. ITAR is tighter than that by GumphMaster · · Score: 4, Informative

    Some of our data is classified under International Traffic in Arms Regulations (ITAR) which requires that all data to remain inside the US, including any cloud storage or redundant backups.

    It is much tighter than that. You must ensure that only "US Persons" have access to that data without appropriate export licences/approvals/agreements. Can you guarantee that no foreign national, dual citizen, or employee of a foreign company is working at your cloud host or in any data centre that might be housing your data?

    --
    Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
  6. Re:I call bull by Wintermute__ · · Score: 5, Informative

    Sadly, I think this guy might be for real. Notice he didn't say "classified", merely "ITAR-restricted". Those are nowhere close to the same thing. Yet, if you get caught messing up with ITAR data, it's still up to a million-dollar fine per instance I believe. Reason enough to tell your lusers "No, you may not use Dropbox" and block it at the firewall.

    Defense contractor - I'm thinking sub-contractor or sub-sub-contractor. There are so many small companies with no budget and less clue handling this kind of dangerous but not classified data out there, it's scary.