? for network admins - cloud based apps?

[JBKGator]

I am hearing rumors at my workplace that a new policy is forthcoming that will essentially prohibit the use of cloud based applications. Not sure of the details, etc. but I have heard that definitely applications such as Evernote and Dropbox will no longer be allowed.

Have also heard that there is a possibility that the policy may prohibit use of any web-based application as well.

I am a heavy user of Evernote, and other cloud based tools. While I recognize the potential security concerns with data kept on the web, the productivity these tools provide are incredible.

Just curious how other companies manage this issue. Are there ways to make these applications secure enough to be used in a corporate system?

Appreciate your thoughts and experiences with this issue.

[helix139]

Quote:

Originally Posted by JBKGator

I am hearing rumors at my workplace that a new policy is forthcoming that will essentially prohibit the use of cloud based applications. Not sure of the details, etc. but I have heard that definitely applications such as Evernote and Dropbox will no longer be allowed.

Have also heard that there is a possibility that the policy may prohibit use of any web-based application as well.

I am a heavy user of Evernote, and other cloud based tools. While I recognize the potential security concerns with data kept on the web, the productivity these tools provide are incredible.

Just curious how other companies manage this issue. Are there ways to make these applications secure enough to be used in a corporate system?

Appreciate your thoughts and experiences with this issue.

Sharepoint and internal wikis are probably the closest you'll get. You could always develop your own internal cloud-based services, but the storage demands can be quite large, and in many industries regulations will require more controls that would make the system quite cumbersome.

[orangeblueorangeblue]

We don't care at our company. That said, I hired our IT guy and told him we don't care about this

We have some sensitive code, but nobody here is posting full codebases to Dropbox or whatever (incidentally, I hate Dropbox). We have a github for all of our open source stuff and internal cvs for the rest.

As mentioned above, the only safe way to handle this is to run the app on an intranet accessible from within the firewall. This - of course - brings a lot of obstacles and frustrations, like needing VPN just to get your code off of a machine.

Version control apps like SVN also allow authentication/user based rights, so you could essentially have Everynote/Dropbox functionality on a company machine with password requirements. Actually, it would be way less obnoxious than a Dropbox-like integration.

[orangeblueorangeblue]

To expound a little bit on that, we basically have a fileserver machine running SVN and our Windows machines run TortoiseSVN, Macs run Versions and the Ubuntu machines just connect directly.

The integration is seamless; I'm running Windows so I just have a folder that is connected directly to the fileserver. With my credentials I can connect from home or from my phone if necessary.

[Ericgraves]

SVN repository would be great. There is actually a free online book about repositories, setting them up and managing them, that is pretty good.

You can run it over a SVN+ssh and store the private keys on the machine allowing for pretty seamless integration.

[orangeblueorangeblue]

You can certainly do SSH with PPK, but for most companies a simple password is best; plus, SSH doesn't allow for seamless integrated OS folders.

[Ericgraves]

Well maybe not 100% seamless, but I do have a folder that is integrated into my file system just like any other file. I just have to type "svn up" in the command line and the folder is up to date. I am not sure what you mean past that, I could probably write a sub routine which would update type run svn up whenever I received the email telling me the svn had been updated which would make it 100% seamless. Maybe I don't understand your statement exactly.

Anyway, here is the book http://svnbook.red-bean.com/ on how to set up these servers.

[orangeblueorangeblue]

What I'm saying is Tortoise, et al will authenticate automatically. Typically this is done via HTTP rather than SSH, but if there's a SSH methodology that will login with a private key then that sounds even more secure. I just haven't seen this.

You can really quickly write a SVN hook that will automatically update after a commit ... you should pass that along, it's been a lifesaver for me.

[orangeblueorangeblue]

post-commit:


REPOS="$1"
REV="$2"
cd [SVN DIRECTORY HERE]
sudo svn up