Ask Slashdot: Secure DropBox Alternative For a Small Business? 274
First time accepted submitter MrClappy writes "I manage the network for a defense contractor that needs a cloud-based storage service and am having a lot of trouble finding an appropriate solution that meets our requirements. We are currently using DropBox and I am terrified of seeing another data leak like last year. Some of our data is classified under International Traffic in Arms Regulations (ITAR) which requires that all data to remain inside the US, including any cloud storage or redundant backups. We tried using Box as a more secure replacement but ended up canceling the service due to lack of functionality; 40,000 file sync limit, Linux-based domain controller compatibility issues and the fact that the sync application does not work while our computers are locked (which is an explicit policy for my users). I've been calling different companies and just can't seem to find a decent solution. Unless I'm severely missing something, I'm just blown away that no one offers this functionality with today's tech capabilities. Am I wrong?"
You are kidding right? (Score:5, Informative)
Gah - I can't believe this is even a question
Re:You are kidding right? (Score:5, Informative)
Re:You are kidding right? (Score:5, Informative)
For something Dropbox-like in UI that you can point to your own servers, some options are:
* Git-Annex Assistant [branchable.com]: Despite its name, git is sort of an implementation detail you can ignore. It doesn't actually revision-control all your files, so you don't get huge bloat with binary files that are edited. One nice thing it does is integrate syncing with offline storage, so you can e.g. set up a remote server to sync to live, *and* set up a USB-connected hard drive to sync to when it's attached. When the USB drive is offline git-annex will still remember what files were on it.
* Sparkleshare [sparkleshare.org]: a front-end that does version-control all your files, which might be preferable if you are sharing small-ish files where you might want to recover a previous version (e.g., text documents). Less good than Git-Annex Assistant if you're sharing huge media files, possibly better if you aren't.
See also this Slashdot discussion [slashdot.org] from two years ago.
Re:You are kidding right? (Score:5, Funny)
I can just see this - a high level presentation to the C level executives:
"Yes, we're planning on using Sparkleshare".
"Sparklewhat?"
"Sparkleshare, it's an open source product that ...."
"Look, we're here to discuss corporate data strategy, not your daughter's favorite website".
Re: (Score:3)
Re:You are kidding right? (Score:5, Insightful)
I've had a project canceled because they found out we were using best-of-breed RADIUS. Funk Software's Steel-Belted-RADIUS. We weren't allowed to have any funky servers. Used Windows free RADIUS instead. Lots of headaches.
You need to control problem names from the get-go. Politicians do it all the time when they name bills (Safety Measures YYY for the Children, etc). Good businessmen never ask their boss to travel to Las Vegas, they go to Clark County, NV instead. It is your responsibility to handle this kind of thing.
Re: (Score:3)
Re:You are kidding right? (Score:5, Funny)
Re: (Score:3)
I love my dogs very much, but The love for my son and his needs are much greater.
Like a lot of regular services, there are usually defence contractors who offer similar services that meet whatever national government requirements are - for 10x the price naturally.
I would think that microsoft or google (though more likely microsoft than google) offer something similar to their commercial offerings but certified for defence. If not them, then likely you're looking at either Lockheed Martin, HP, IBM and expecting to pay very large sums of money.
Re:You are kidding right? (Score:5, Insightful)
I agree with Merlyn. Are you F***ING INSANE?????? Especially after the way that the gov went batshit insane over Wikileaks and then over Snowden.
I know that "classified under ITAR" is not "Classified secret", but you'd be crazy to trust that data to any storage that you (or your company) doesn't directly control.
Disclaimer: I am not an ISSO or ISSM (though at one point I did get certified as one -- long since lapsed).
Re: (Score:3)
This is more than a little important because it means no "foreign persons" can access the data. Inside or outside the US. You can let a US person in France see the data, for example. Foreign persons is defined in 120.16 of ITAR. Check http://pmddtc.state.gov/regulations_laws/documents/official_itar/2012/ITAR_Part_120.pdf [state.gov] (listed as Page 467)
Basically, you can't give any ITAR data to any foreign person. If the for
Re:You are kidding right? (Score:5, Interesting)
ITAR simply requires State-Side storage. It doesn't have to be secure from the NSA, in fact they would probably object if it was.
There is SpiderOak, which is US based, but they don't have the ability to decrypt your data, all decryption is done at the client.
Re: (Score:2)
ITAR simply requires State-Side storage.
IIRC, ITAR compliance would not be very compliant when foreign citizens - especially citizens of named prohibited nations - have access to your data, even if it occurs on US soil. That can easily happen because cloud companies are not restricted in who they hire; they aren't even required to monitor what their employees are doing with your data. If anything happens that you, the customer, don't like, their liability is limited to what you paid for the service in th
Re: (Score:2)
If you don't think encryption helps, you are doing it wrong.
Re:You are kidding right? (Score:4, Interesting)
As many posters indicated in their comments, compliance is not even checked against your arbitrary list of technical measures. It is checked against an approved list of measures and actions that you are supposed to have and perform.
Good encryption would be a solution. You could have a server in North Korea and safely store all the secrets of portable nukes there, as long as they are well encrypted.
But the devil is in details. What does it mean "well encrypted?" What is even the criteria for "wellness" of your encryption? Would it be OK if I use ROT13? Ok, perhaps not. What if I use AES256? Now you are happy. Right? No, wrong - because I used a key that consists of all zeros. Or ones. Or something equally trivial.
But let's imagine you have a secure key. You used /dev/random, and it is random enough. Is it secure now? No, it isn't. You now have a known plaintext attack. AES may prevent you from reversing the key, but it still a block cipher - and many technical documents have similarities that can be exploited. Unless salted, every block of same plaintext will produce the same ciphertext. This is already a leak of data. Is it important? Maybe not. But there was no such leak before, and now there is a foothold. Can you guarantee that it won't get worse? Your adversary has all the resources of the state (albeit a poor one) and they are not constrained as much as you are.
This is why you never invent your own cryptosystem. NSA does that, and they approve and provide cryptosystems for various end users. If you can get NSA to approve a cryptosystem for your setup, you are golden. But chances of that are not very good. If you start building your own, nobody is even going to check what you did. If it is not approved, it's not good. DSS [wikipedia.org] workers are not cryptographers; even most of NSA personnel are not cryptographers (as we know now.) It takes an inordinate amount of effort to approve a cryptosystem for a particular use. One can have a good algorithm that is implemented with a small bug, and that bug turns it from unbreakable to reversable in milliseconds. Cryptographers know what to watch for, and even they make mistakes sometimes. Can you get away with a crypto library that you downloaded from Internet? I don't think so. It may be perfectly secure, but that's not what you will be evaluated against.
Re: (Score:2)
I'm fucking Bruce Schneier, bitch.
Re: (Score:2)
You want "Someone Else" to manage your data that is classified under ITAR? Uhmmm... Why don't you build your backup solution - put links in to remote data centers and handle the problem correctly and professionally. The last thing we need is some external entity getting a hold of this stuff because you don't want to have the budget to do things right instead of at a consumer level. Gah - I can't believe this is even a question
I agree. Putting information like this in the cloud? This guy either has no clue what he's doing or not all his dogs are barking.
Re: (Score:2)
I might get lynched by the Linux crowd, but Windows Server 2012 R2 has 'Work folders' which is basically private Dropbox you host yourself. Nothing leaves your servers/clients. You can even access the work folders via SMB (drive mapping) when in the office, and the remote function kicks in when out of network. seamless for the end users as well.
Re: (Score:2)
This was my thought. Why the fsck would a defense contractor be farming out data storage of ITAR data?
Just buy as many 4u BackBlaze boxes as you need, then you only need to worry about data leaks on your own network. Which is highly secured, right?
I call bull (Score:5, Interesting)
Re:I call bull (Score:5, Insightful)
"I manage the network for a defense contractor that needs a cloud-based storage service"
No you don't. At least I sure as hell hope you don't. Cloud + defense don't mix but since you are managing such a network, why am I telling you this? Why don't you contact 'defense' for options...
That was my first thought when I saw his message. It doesn't seem that any commercial Dropbox like service would provide enough fine grained ACL's and reliable and untamperable logging to properly secure any kind of "classified" data. It seems like keeping the data locked up in a VPN accessed fileserver would be better with restrictions on the computer that prohibit saving to local storage. Once it's on a dropbox like service, how do you keep an exec from syncing the entire restricted folder to his laptop before his overseas trip to China, thus violating the rules about keeping it on US soil?
Re:I call bull (Score:5, Informative)
Sadly, I think this guy might be for real. Notice he didn't say "classified", merely "ITAR-restricted". Those are nowhere close to the same thing. Yet, if you get caught messing up with ITAR data, it's still up to a million-dollar fine per instance I believe. Reason enough to tell your lusers "No, you may not use Dropbox" and block it at the firewall.
Defense contractor - I'm thinking sub-contractor or sub-sub-contractor. There are so many small companies with no budget and less clue handling this kind of dangerous but not classified data out there, it's scary.
Re: (Score:2)
Re: (Score:3)
my guess is it's a spook. with all the attention that leaks are getting right now, it seems totally plausible for some paid contractor to draw up some "classified documents" about snowden's child-trafficking ring or assange's cannibal cookbook, stick 'em on dropbox, and plant a horseshit story like this on a tech blog. then you just eat some popcorn and wait for the next security breach. you don't even have to get your hands dirty cracking into anything yourself.
Re: (Score:2)
Maybe it's a nuclear weapons developer, they are pretty good at clouds.
Too bloody good if you ask me. And where's my free electricity - "too cheap to meter" indeed.
AWS? (Score:5, Interesting)
AWS GovCloud (Score:5, Informative)
I know that Amazon Web Services have several cloud-based sites that are certified to not allow traffic out of the US (I work there currently). I don't know how it fits your other needs, but there are a number of government agencies that use them.
Look here -> https://aws.amazon.com/govcloud-us/
Re: (Score:2)
Yes, you can get it cheaper someplace else; you might get better service; or it might be easier to use (though it's gotten better over tiime). But nobody comes close to providing you as a sysadmin or developer with t
Cloud 0? (Score:5, Interesting)
Someone needs to write a RAID 0 style encrypted 'driver' that stores your data striped on Google Drive, Skydrive and Dropbox (and what ever else).
Re: (Score:2)
Someone needs to write a RAID 0 style encrypted 'driver' that stores your data striped on Google Drive, Skydrive and Dropbox (and what ever else).
To give you 1/3 the reliability of storing it on a single provider and making your data completely inaccessible if any of them go down?
If you want reliability, mirror it (or maybe RAID-5 or -6 if you want to tolerate one or 2 providers going down).
If you want security, use encryption.
If you don't trust your encryption, striping it across multiple providers doesn't enhance security by much since any provider could decrypt the pieces that he has (or someone could just intercept the intact datastream in transi
Re: (Score:2)
Someone needs to write a RAID 0 style encrypted 'driver' that stores your data striped on Google Drive, Skydrive and Dropbox (and what ever else).
To give you 1/3 the reliability of storing it on a single provider and making your data completely inaccessible if any of them go down?
You've never heard of parity?
Re: (Score:3, Insightful)
Someone needs to write a RAID 0 style encrypted 'driver' that stores your data striped on Google Drive, Skydrive and Dropbox (and what ever else).
To give you 1/3 the reliability of storing it on a single provider and making your data completely inaccessible if any of them go down?
You've never heard of parity?
Not in Raid 0, he hasn't.
Re: (Score:2)
My mistake. I glossed over that digit in reading.
In my defense, suggesting parity would seem the more logical response than simply trashing the idea that seems more like a joke response anyway.
Re: (Score:2)
My mistake. I glossed over that digit in reading.
In my defense, suggesting parity would seem the more logical response than simply trashing the idea that seems more like a joke response anyway.
You mean like when I said "mirror it (or maybe RAID-5 or -6 if you want to tolerate one or 2 providers going down)"? Though I probably should have said RAID-4 since that would be easier to implement. Performance would be pretty abysmal, especially for less than full stripe writes, but maybe that doesn't matter for a background sync.
Re: (Score:2)
Thats an awful idea, do you realize how bad the latency would be? What happens when one service is consistently behind the other, do you just allow the data to constantly be in an inconsistent state between your "stripes"? What happens if one provider is down-- do you allow the volume to remain "on" during the outage, and if so, where are you going to store the parity information until it comes back up?
And all of this for what benefit?
Youre basically taking the issues that arise in a mixed-hardware RAID,
Re: (Score:2)
I'm not the one that suggested striping on the Intenet. But if it had to happen, I would assume it would include parity.
Re: (Score:3)
Like BoxCryptor or EncFS?
https://www.boxcryptor.com/ [boxcryptor.com]
http://en.wikipedia.org/wiki/EncFS [wikipedia.org]
Re: (Score:2)
Someone needs to write a RAID 0 style encrypted 'driver' that stores your data striped on Google Drive, Skydrive and Dropbox (and what ever else).
I assume you say raid0 so that even if someone got the encryption keys and also managed to hack one of the providers, they'd still only have access to 1/nth of the data. As others pointed out this breaks badly if even one provider goes down.
Better would be a truecrypt style drive that did RAID6 across multiple accounts on multiple providers, which would give better reliability and still only reveal a fraction of the data (which is still encrypted) if someone hacked the provider
But really, there is likely so
Re: (Score:3)
Or just buy a storage appliance [storsimple.com] that has that kind of functionality built in and backups to the cloud in an encrypted way.
To quote one of their bullet points:
Re: (Score:2)
Sort of like freenet is. Tho more reliable as its not a single point of failure.
Re: (Score:2)
Exactly. If someone wanted to steal it they'd have to hack the cloud and your local storage.
Now go ask your mom for a cookie.
Add Encryption to Dropbox (Score:2)
You're kidding, right? (Score:2)
Re: (Score:2)
Being suspicious because their narrator has a "foreign accent" or you see "something that looks like Chinese"... is just plain stupid.
Boxcryptor is based in Germany. If that's a deal-breaker, so be it, but you didn't learn that by hearing their narrator speaking with an English accent. Being based in Europe, it's perfectly natural that they'd hire someone from England (or fluent in British English) r
Comment removed (Score:4, Funny)
Never going to find one (Score:5, Informative)
I've worked contingency operations and recovery for data under federal regulations. You will NEVER find a service that will provide the kind of security, financial and geographical restrictions that you really need. That is the single most compelling reason why banks have backup data centers...
Re: (Score:3)
How long ago? These folks [storsimple.com] seem to have an interesting solution for this kind of setup (encryption on-prem prior to being sent to the cloud and keys never leaving your control)... and also claim to be inside of at least one bank [storsimple.com]
How about ssh? Http? (Score:3, Informative)
Store it on a server at your business that you control.
Run open-source software which gives you DropBox functionality, such as BitTorrent Sync [wikipedia.org].
The only way to be sure is to host it on a server you control, using software that can be inspected.
Re: (Score:2)
BitTorrent Sync is not open-source software, nor do they appear to have plans to make it that. Maybe in time we'll have a F/OSS client for the protocol (though I don't know if they've even opened the protocol yet, so that might be an extra hurdle).
However, it may not be necessary; set up an SSH server (which gives you SFTP) for uploads, perhaps even use one of the myriads of HTTP file upload mechanisms and guard it with some simple SSL. It doesn't look like there are any problems uploading in such high
Re: (Score:2)
yeah, let me know when you have that working... until then, i'm running sync...
Sparkleshare (Score:2, Informative)
Sparkleshare is a git based program that you can configure and use entirely in-house. . I use it for hosting our IT documentation for a small city government.
Just use OwnCloud (Score:2, Informative)
You host it yourself, control the data/features. Supports LDAP authentication. Client software is pretty quick. There is commercial support if you need it. Gracefully recovers from network loss. Oh and it has the appropriate iOS and Android clients. I have been slowly rolling it out in production without any complaints so far. Hope that helps!
- Too lazy to login
SpiderOak, and you're doing it wrong (Score:3)
Of course there's always the counter argument that your data has in fact already been hacked and pretending you can keep it secure is just self deception.
Calm down people... (Score:5, Informative)
I'm sure he does not mean 'Classified' information. He means classified under ITAR. It was probably a poor choice of word to use classified rather than categorized.
VMware Horizon Workspace or OwnCloud (Score:2)
No you don't (Score:2)
needs a cloud-based storage service
You want to put classified data on someone else's servers? You're putting a HUGE amount of trust in the laziest/least ethical/most incompetent sysadmin that company hires. Why in hell would you think you "need" cloud-based anything?
-B
Re: (Score:2)
If your company is of significant size, you still put a huge amount of trust in SOMEONE SOMEWHERE that you shouldn't. If shit happens at a third party you can sue a large entity. If one of your own employees screw you over, you can only sue an individual that won't be able to cough up any kind of reasonable damage settlement.
Thats why people outsource payroll, employee performance evaluations and all that other crap.
Re: (Score:2)
About 30 years ago my job encompassed ITAR information and classified information. We would never have thought about data storage anywhere outside the company, and likely not outside the building. Of course, not so much information back then was digital, and cloud so
Ahem. (Score:3)
Pay somebody (contractor/consultant) who knoes what he does. Seriously, man. Ask for a 10 page concept with the tree best options fulfilling all your specific requirements (which you probably did not mention here), and offer him to implement it if you like one of these.
My 2 cents on this: To me it is completely non-obvious how dropbox could have ended up in the stack of possible solutions - to little control, intransparent business model, other use case is the dominant one. I would start by looking at the obvious storage providers (amazon, telecoms, specialized local/regional/natinal storage providers), compare them by the options/price they offer, look separately at software fulfilling my local needs and being capable of talking to the storage providers. Then i would create local scenarios about additional dedicated hw needed and after that i would make my choice/give the best options to my manager to select, based on business criteria.
ITAR is tighter than that (Score:5, Informative)
Some of our data is classified under International Traffic in Arms Regulations (ITAR) which requires that all data to remain inside the US, including any cloud storage or redundant backups.
It is much tighter than that. You must ensure that only "US Persons" have access to that data without appropriate export licences/approvals/agreements. Can you guarantee that no foreign national, dual citizen, or employee of a foreign company is working at your cloud host or in any data centre that might be housing your data?
Re: (Score:2)
BTW: IANAL but I am a "foreign national" that has been at the receiving end of ITAR fun and games.
AeroFS (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
SFTP (Score:2)
You're delusional. (Score:5, Insightful)
Re: (Score:2)
Dude, it's a defense contractors.
OP: tell your boss I'll do it for $4.5M/yr.
Re: (Score:2)
Stronger policy (Score:2)
"I manage the network for a defense contractor that needs a cloud-based storage service and am having a lot of trouble finding an appropriate solution that meets our requirements. We are currently using DropBox and I am terrified of seeing another data leak like last year. Some of our data is classified under International Traffic in Arms Regulations (ITAR) which requires that all data to remain inside the US, including any cloud storage or redundant backups.
If you want Dropbox's functionality; I sugg
Re: (Score:2)
Contact your site/organizations Security Officer (Score:3)
To get a ruling on whether you may do what you want. Otherwise, as others have noted, you may be very deep waters (not only will you be in violation, but anyone in the organization using the service will be, and you will have induced them to do it. Think serious civil as well as criminal consequences).
From a technology angle, it may be "possible" if the folks in charge sign off.
"All" you need to do is encrypt the data before it goes offsite, encrypt it well enough that the data is protected commensurate with its value, etc.
For commercial users, https://jungledisk.com/ [jungledisk.com] provides a very usable interface and GUI. Of course, if the client isn't trustworthy (and you have to take their word for it ;>) that goes out the window even if the algorithms are secure themselves ;>
I use it for some SOHO confidential data; it wouldn't be the end of the world if the data were disclosed, but we have committed to make good faith effort(s) to keep it secure, so we do (rather than moving files to subs via email, etc.). Not all subcontractors could handle sftp and friends.
CLASSIFIED or REGULATED under ITAR? (Score:3, Informative)
Encrypted Dropbox? (Score:2)
Is there a way you could encrypt the files or folders that are shared via dropbox, so that only people you have authorized (via a key) could decrypt them?
look for fedramp compliance (Score:3)
Two words that don't go together yet (Score:2)
Dropbox + security? Sorry, they don't go together.
Don't people remember the day when everyone could get into anybody else's dropbox account without a password? The dedupe hack where people were getting instant access to other people's files on dropbox with the file hash - a quick way to download movies but has more sinister applications. How about the problem where you get the illusion of locking people you've shared stuff with before out by changing the password, but it doesn't actually lock them out?
It
Syncplicity? (Score:2)
I don't know much about it, but my employer, probably a larger company than yours, specifies that we should use EMC's Syncplicity Enterprise (http://www.syncplicity.com/products/enterprise-edition) for secure cloud storage. It offers the option of keeping the storage in-house. Worth a look.
Owncloud or similar self-hosted (Score:2)
There is commercial support and some commercial extras but you can use the open version to try it out first (or indefinitely if that's all you need).
SparkleShare? (Score:2)
We use SparkleShare because we have our own git server anyway. Not sure how robust the security is compared to something specifically built for security (EG it's not like it has multi factor authentication).
Still as others have pointed out what the fuck are you doing with a cloud based service as a defense contractor. We do open source software and the only stuff we're storing in sparkleshare is scratch work, images, document templates and random crap that anyone could steal and we wouldn't care anyway.
Accellion (Score:2)
I managed accellion for web based and sftp file transfers, it's pretty mature, not too expensive. Check
www.accellion.com
The setup I used was a virtual server on vmware with an encrypted file system from a file server on our SAN.
The link for government services is at:
http://www.accellion.com/why-accellion/for-government [accellion.com]
BitTorrent Sync (Score:2)
You can limit it to VPN and sync folders peer-to-peer. It monitors and syncs changes for you, and is great for making a redundant backup/dropbox-type distribution system.
AWS GovCloud (Score:2)
This is exactly what the system is designed for: https://aws.amazon.com/govcloud-us/ [amazon.com]
My 2 cents (Score:2)
Whatever you chose should really be run over a VPN for external usage. Period.
I'd look at using ownCloud - and you can get commercial support if it is required. I used to work for a company which used Novell iFolder and that was pretty good - but looking into that a little more it seems like Novell has a new thing called Filr which seems to tick the boxes (especially from a Manager perspective).
Buy a drop box server cluster. (Score:2)
Literally email dropbox and tell them you need to purchase some of their servers.
If you're seriously using this feature and price isn't a big deal, they'll sell the literal servers which can be insulated within your own network with slightly different settings so it isn't immediately obvious to probes what sort of software you're using.
The first rule of computer security is physical security.
This is very very key. If you really want your data to be secure. You have to have physical possession of it. It cann
Synology CloudStation is the closest thing. (Score:2)
Synology have been moving from the personal to the enterprise space as of late with their "DiskStation" NAS line of products. Some of their high end "NAS" boxes can get pretty powerful. There is a function of the DiskStation is called "Cloud Station", essentially a Dropbox clone.
Basically what you would be doing is having your own on-premises 'Dropbox appliance'. It is very easy to setup/integrate with it's user-friendly interface for the admin, and then all you really need to do then is forward the ports
Help I am Classified Clueless (Score:3)
I think I see the problem (Score:3)
Stop right there, I think I've spotted the problem.
Build one yourself (Score:2)
bittorrent sync (Score:2)
it's not open-source, if you care about that, and it's still in beta (what isn't these days?), but it's free, secure and it works well.
Office 365 (Score:2)
Office 365 isn’t cheap but it has SkyDrive Pro included, which is protected by multiple U.S. data centers, and is only in the U.S.
DIY (Score:3)
Setup your own storage at your office. Don't trust public companies for your data.
If you dont/cant do it yourself, hire someone to come in and doit. And audit the hell out of what they do.
I just can't believe this (Score:3)
I completely do not understand anyone storing even remotely confidential data, much less security-related data, on servers hosted by another organization.
Email it to you gmail acct (Score:2)
Email the data to your gmail account. That's what I do.
Re: (Score:2)
Re:Encrypt data, store anywhere (Score:4, Informative)
This isn't about security, it's security theater, it's not the safety of the data that matters, it's all about the box ticking. The box that must be ticked is 'data must not leave the US'.
If you try to apply any rationale to the existence of this box, you'll end up with something like 'The data can't leave the US because as we all know there are no bad guys on US soil, foreign powers cannot buy airplane tickets, and the internet has border police that stop foreign traffic that has the evil bit set.'
Re: (Score:2)
HORIZON WORKSPACE!
https://www.vmware.com/products/desktop_virtualization/horizon-workspace/overview.html [vmware.com]
Re: (Score:2)
VPN, a Samba share with required domain authentication, and inside the share a Truecrypt volume (or volume(s) plural).
Re: (Score:2)
4: Maybe the best solution is for the OP's firm to spend the dough, and create a remote recovery site here in the US.
Unmanned remote sites are not hard to make, they can be stored in a secure area (there are lots of unmarked data centers used as co-locs with each customer having cages for both their equipment and their dancers.)
Get with a FISMA certified provider. Get a backend SAN, or a SAN dedicated for backups. Add a read-only domain controller and a CIFS data mover.
Call it done. Data stays encrypted
Re: (Score:2)
Filr is amazing. You get everything Dropbox provides but the data stays on your file servers and all your existing ACLs are respected.