How do you handle your sensitive data?

[CRServers]

We are currently running over 100 hardware appliances and servers at our operation, some with different CP's for virtual hosting, VPS's, dedicated servers, routers, switches, firewalls, power strips, etc.

All this hardware implies an incredible amount of sensitive data that is necessary to have at hand at all times and at all places.
IP's, switches info, routers info, passwords, software installed on each server, Linux procedures, etc. etc. etc. etc.

We need an "Administration Online Knowledge Base" so all (or any) our staff can react quickly to solve any problem that might arise, even if the guy "that knows" is on vacation.

We use HostBill as our Billing and Support software right now, it has a public knowledge base, but it lacks an admin-only KB.

To handle all this we have several TXT and Xcel files right now, but we would love to have an online solution... where we would be certain that it will be safe and available to our staff at all times from anywhere they might be.

So, how do you handle your business private data?

Any recommendations will be greatly appreciated.

Regards,

 

[CRServers]

Wow!
No answers to this post so far .....
I hope it is not because this was a dumb question :shaky:

Well, I have been reviewing and testing GroupWare and Collaboration software. I installed several on our servers, and after a couple of hours of testing and investigation, I have decided to give OfficeZilla a try!

Here are my reasons for choosing it:
1- Very simple interface
2- Free
3- Hosted elsewhere (if something happens to our system, it wont go down with it when we need the info)
4- Secure

Regards,

 

[DataShack]

I have a friend that recently fired a technician because he accidently sent a vendor password list to a customer. So you also need to take into account security as well as availability.

You might want to look at Password Manager Pro. It can interface with your devices and randomly generate one use passwords. Then, if you lose an admin, you don't need to go in and change a bunch of stuff.

You might also try google docs. I know it's pretty simplistic but it's available, reasonably secure, and hosted offsite.

 

[Artashes]

Have you considered Google Wave? I know Google has turned its back on, but it has recently received second life as it moves to become an open source application.

 

[CRServers]

You might want to look at Password Manager Pro.

You might also try google docs.

Thanks for your recommendations DataShack. I will look into Password Manager Pro.

After using OfficeZilla for a couple of days, I've noticed that the system goes offline consistently Maybe there are fixing things or have technical problems right now. But I decided that we cannot rely on a service that might go down when we need the info.

After testing all applications reviewed at http://php.opensourcecms.com/scripts/show.php?catid=4&category=Groupware , I have settled with Feng Office.

Wow! I cannot say enough about this application. Beautiful and modern interface with all the functionality I need (except password management) and it is Open Source. It is worth looking into.

Regards,

 

[CRServers]

Have you considered Google Wave?

Thanks for the tip. I just looked at Google Wave. I find it simple to use, but basically orientated at open communities.

Also the warning "Google Wave is no longer being developed as a standalone product" makes you think twice about trusting your sensitive information to it.

Regards,

 

[Artashes]

Thanks for the tip. I just looked at Google Wave. I find it simple to use, but basically orientated at open communities.

Also the warning "Google Wave is no longer being developed as a standalone product" makes you think twice about trusting your sensitive information to it.

Regards,

Rodrigo, the Apache Software Foundation is taking in Google Wave as a project:
http://www.google.com/support/wave/bin/answer.py?hl=en&answer=1083134

Google won't just let Wave die a worthless death, too many startups and developers are working with it. It will actually be more interesting as an open source application now.

 

[CRServers]

the Apache Software Foundation is taking in Google Wave as a project

Great!
But I'm sold on Feng Office.
We are already getting all our stuff in there.

Regards,

 

[Sushantg]

Sensitive data can be handled by encrypting or by encoding.

 

[Artashes]

Sensitive data can be handled by encrypting or by encoding.

How? What's your strategy?

 

[handsonhosting]

We use a number of different methods here in our company. Much like yourself, we deal with hundreds of servers and our staff are not in a single central office. Each level of staff are limited on what they can see and what they can do. Only a select few people have full control over every aspect of the company.

You had mentioned that you were looking for a stable and secure environment in which to post sensitive data, but then you went on to say that you're using OfficeZilla and it's not housed at your facility. This pretty much breaks EVERY kind of security that you thought you had in place.

For our company we use a dedicated server that is locked down from the public. We use iptables and .htaccess files to stop any prying eyes also. If any of our staff are not at their normal IP (or their IP has changed) they must contact a senior member to get their new information added to the system. It does create a lot of extra checks and steps, but when it comes to potentially exposing root passwords to hundreds of machines, those extra 5 minutes are worth every second!

In the past we used a VPN and a key system. Each system admin would have a digital readout on their keyring and when logging into the VPN they must enter the code on the keyring. This number changed every 90 seconds and once logged in, they could remain logged in for a maximum of 60 minutes before having to log out.

All system admins have their own specific logins to a central server, and all root/shell access to other machines must be initiated through a selection of 5 servers that admins can log into. All entries are echoed to a log file so all information can be tracked.

Security is a HUGE concern.

With regards to the knowledgebase for your admins, why not setup a password protected Wiki or KNowledgebase for your internal staff rather than trying to have everything in one system?

 

[CRServers]

You had mentioned that you were looking for a stable and secure environment in which to post sensitive data, but then you went on to say that you're using OfficeZilla

We decided not to use OfficeZilla for the reasons exposed by you and some others.

Now we are using Feng Office on our own VPS server used just for this software and with tight security measures.

Thanks for your very interesting points on this topic.

Regards,

 

[HostLeet]

With regards to the knowledgebase for your admins, why not setup a password protected Wiki or KNowledgebase for your internal staff rather than trying to have everything in one system?

What Conor suggested is definitely a good idea. You can also place passwords and documents on an encrypted external hard drive, that will require a login and password in order to get access to the files inside anytime it is plugged into a computer. This has worked good for me, but then again, I don't have 50 employees under my belt that have to share this info, so I'm the only one with full access to any and all company sensitive data, for now. :shh:


Conor, it sounds like you run a state-of-the-art operation over there at HandsOnHosting! When I get that big I will come to you for advise and counseling! :thumbup:

 

[CRServers]

why not setup a password protected Wiki or Knowledgebase for your internal staff

We are using HostBill's Knowledgebase right now, and that's exactly what I suggested them to do.
They have a public KB only right now, and changing it to a Public/Clients-Only/Admins-Only KB seems not too far fetched to implement.
Let's hope they listen to my suggestions ....

In the mean time, I'm trying to get all our staff into using our secure and hidden Feng Office server. Not an easy task... but worth it :rolleyes2

Thanks for all the sugestions!

Regards,

 

[handsonhosting]

Hostleet - any time you want to talk shop, I'm all ears! I think everyone can learn something when a discussion is in progress! We run a tight ship, but much like the Titanic, nothing is unsinkable. There's always room for improvement somewhere!

Rodrigo - We use the Public/Private feature within WHMCS on our website for our knowledgebase. We have about 600 articles exposed to the public and at least that which can only be accessed by clients. Our staff policies, procedures and shortcut commands on how to do "X" are not included in those knowledgebases and never will be.

As for swapping people over to a new system, you just have to cut the chord and they HAVE to use the new system. Doing something by dipping your toes in the water rarely gives the exposure that someone needs. Have a small test core of users, see if it works, if so, everyone gets thrown in. Sure you'll hear the bitching for a day or two, but if it's a better system, it's a better system.

 

[CRServers]

As for swapping people over to a new system, you just have to cut the chord and they HAVE to use the new system.

You are right!
Thanks for the tips.

Rodrigo