7

As a hosting company we have gathered a busload of information over the years that are pretty much confidential. This information includes code, graphics, ERD diagrams, SEO strategies and so much more. As our company expanded, we have now reached a point where we need to store this information for the entire company to access. However, the employees of the company (less than 10) are all in different countries (with 2 at most in the same cities).

We need to store this information online so everyone can access it. A wiki came to mind as the best solution, but to be honest, as secure as our servers are, I'd rather host it completely seperate from our hosting servers and getting a dedicated server account just for these purposes seem a bit extreme.

So my question is: how do others store intellectual property online and should things like code be stored online, or rather archived on a laptop? My particular concern is, if we put all the passwords to all our servers online, and someone gets in, not only do they have access to everything from bank accounts, to servers, but they know exactly how we do business and could sell this information to our competition, or just copy us or intercept our plans.

Any ideas or am I being paranoid?

AviD
  • 72,138
  • 22
  • 136
  • 218
rockstardev
  • 173
  • 4

3 Answers3

10

You're not being paranoid at all. First and foremost you must consider requiring a VPN (and maybe 2 factor authentication) to access your company data/intranet. Passwords should be stored in absolutely nothing less than an application like KeePass or LastPass.

I am a huge fan of a Wiki. But you need to draw a line between what is "the internet" and what is "our private network" - Anything you put on "the internet" should not be intellectual property. The internet is a public place no matter how you look at it.

Secure your network and your websites and data behind it will be secured also.

VPN + Wiki on Apache/IIS with proper IP restrictions + KeePass and you're good to go

LVLAaron
  • 291
  • 2
  • 3
  • Any auggestions on good wiki solutions? Even if paid? – rockstardev Feb 21 '12 at 11:18
  • I use DokuWiki because it is dead simple to install. No database required, etc. Don't know about paid solutions. – LVLAaron Feb 21 '12 at 14:02
  • Any suggestion for good VPN providers? I've decided setting up my dedicated server is too risky for someone who's never done it before, so I'd rather host it with another company. Or is that dumb too? – rockstardev Feb 21 '12 at 20:02
  • Nevermind. I ended up installing openVPN on a linux server. Works like a dream. One happy camper. Thank you! – rockstardev Feb 23 '12 at 15:54
  • Check out Duo Security or Phone Factor so you can have a second level of authentication. Message me if you want setup details with openvpn. – LVLAaron Feb 23 '12 at 20:34
3

What I typically see for high value intellectual property that needs to be accessible to a global team is:

  • A dedicated server (to reduce the risk of attack from other services or applications on - that server)
  • Its own DMZ (again, to segregate it from other servers)
  • A VPN with strong authentication controlling access to that DMZ

Then whether you decide to use a wiki or other form of information sharing is up to you.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
0

In Addition to LVLAarons Answer:
Also consider to store the files encrypted on the servers,
to prevent server admins (or hackers) from reading your files, in case they're not allowed to.

E. g. you can use:

to encrypt your files.

Lizzy21
  • 21
  • 4