Outline is our guide to IT topics related to data and data security. We present a brief outline of our ideas and experience here, please contact us on This e-mail address is being protected from spambots. You need JavaScript enabled to view it if you'd like to discuss any items with us further.
Secure Email - You wouldn't write a payslip on a postcard
It is not commonly understood that most email travels in a manner open, readable and searchable by every internet switch and server that transfers it from sender to recipient.
Sending confidential information like this is a little like sending a payslip, or account statement, written on the back of a postcard rather than sealed in an envelope. It is likely that the postmen, the sorting office, and the person who picks your post up have no interest in reading all the postcards they handle but it's an uncomfortable thought all the same.
Major mail systems such as Lotus Notes and Microsoft Exchange can be set up to offer encrypted mail options, but it's not so hard to offer secure email on a desktop by desktop basis if only a few people in the office need this ability.
Not every message needs to be sent securely, but each may be optionally signed with a secure digital signature and/or encrypted. A digital signature provides authentication for the recipient, "I am certain this message was sent by the named sender and has not been tampered with since it was sent", encryption ensures that only the intended recipient can read it.
Secure email is unnecessary for the majority of email traffic, but the ability to switch it on when needed if exchanging draft accounts, pre-release results, bid or contract notes or other confidential information can be invaluable.
| Wikipedia - Email Privacy: | http://en.wikipedia.org/wiki/E-mail_privacy | ||
| Wikipedia - S/MIME: | http://en.wikipedia.org/wiki/S/MIME |
Cloud Backup - Great for a little data, not so great for lots of data
There are currently many tools being given away, included in the box and sold on their own for backing data up to the cloud (Internet storage). Given the movement for on-line everything, why isn't this sufficient for all backup and data disaster recovery needs?
Simply put, it depends how much data you want to store and how quickly you might need to retrieve it. For a few hundred megabytes of data it is cheap, quick and easy. By the time you are storing tens of gigabytes it can be expensive, very slow and hard to leave.
A basic broadband connection with a speed of 2 MBits/second download, 256 KBits/second upload, and a clear internet can download 900 MBytes per hour and upload 115 MBytes per hour. This assumes perfect 100% no-slowdown, no-interruption internet access at this speed.
If you wished to protect 10 GBytes (10,000 MBytes) of data, it would take a little over 3 full days (86 hours) to upload and a little over 11 hours to download. 100 GBytes would take the best part of a month to upload and nearly 5 days to retrieve. Would you be happy to put your business on hold for a week to retrieve your data?
If you need to protect less than 2 GB of data, free or bundled accounts are easy to find and easy to try. We use them for family sharing, swapping files between machines and so on. (We like Dropbox, 2 GB free, all major platforms supported.)
If you need to protect up to 10 GB - 20 GB of data, cloud storage may work for you as long as you know what you are getting and have planned for any delays uploading and downloading the data.
For more than 20 GBytes, we recommend thinking very carefully about whether bulk cloud data storage is right for you. If recovery speed is not critical or you would only need to recover small items a few at a time, and you are happy to pay a premium for someone else to manage your storage, the cloud could be a good solution. Watch out for monthly storage costs if your online storage starts to climb above 50 GB, 500 GB physical disks are less than £50 on the high-street.
The problem comes when you store just a few GB online at first and 18 months later you suddenly realise your storage has grown so big it is no longer good value, no longer protecting your business properly, but too big and too slow to easily move somewhere else.
| Active Rescue for Data: | http://www.coexpansive.com/active-rescue-intro | ||
| Dropbox: | http://www.dropbox.com/ |
Password Management - One password to rule them all
These days we need PINs, codes and passwords for everything: email, banking, online shopping, SIM cards, Wi-Fi access, you name it and it needs a password. Some are numbers, some need to be at least 8 characters, some cannot contain spaces. There is no sane way to remember complex, secure passwords for all the systems you access that need them.
One bad way to deal with this is to try and use the same password for everything. Bad squared is the same easily guessable password everywhere. Bad cubed is putting sticky post-it notes with passwords written down near your PC.
A good answer is a password manager. You only need to remember one high-quality pass-phrase to access the password manager and the password manager stores the rest of your PINs, codes and passwords. Good password managers can automatically create new passwords when you need them and can respond to web requests so you don't need to re-type the passwords yourself.
Password managers do require a little effort to get them started and to use them on a regular basis, but the reward in having much higher quality passwords unique to every site, with only one phrase to remember, makes the effort easily worth while.
We like KeePass because it is free, open source and available on Windows, Mac, Linux, iPhone, Android and Windows Mobile so one key safe can be shared and used by all of these platforms using an all-platform file sharer such as Dropbox.
A good comparison of some of the other popular password managers can be found at the LifeHacker website.
| KeePass: | http://keepass.info/ | ||
| LifeHacker: | http://lifehacker.com/5529133/five-best-password-managers | ||
| Dropbox: | http://www.dropbox.com/ |