As programming teams become less and less centralized, services such as Dropbox, Beanstalk, and Yammer make it easier than ever to share source code, intellectual property and confidential information. Presumably these companies are operated by technologists that are just as curious as their customers that entrust their content to these services? How do software teams know they they can entrust their confidential information when the employees of these services presumably have some level of administrative access that could allow them to peek at source code, screen shots, and other confidential information being shared by co-workers?
views:
99answers:
6
+4
A:
Ask yourself, how much of your intellectual property you entrust to Google, and your mail provider (if not Google). On the advent of cloud-operating systems, this is a question that while nice to think about academically, starts to loose any reason. We already entrust much more information to different internet sources not even knowing about it.
Kornel Kisielewicz
2009-12-18 22:22:49
Agreed, we entrust a lot of data to Google and sites all over the internet. The only real protection we have in that respect is safety in numbers, but that's a weak guarantee.
Jeremy Morgan
2009-12-18 22:26:10
Precisely why sending any work-related email to an colleague's home gmail account is absolutely forbidden at my company.
Crashworks
2009-12-18 22:29:14
...what is kind of funny, because most companies have lower level security measures than Google...
Kornel Kisielewicz
2009-12-18 22:31:00
@Crashworks: I hope you forbid any external work related email then, and not just Gmail. A user's home computer is more at risk of being hacked or compromised than Gmail ever will be.
Chris
2009-12-18 23:03:57
Yes, it's a general fatwa on sending work email to home addresses, or storing work email on a home PC (eg no locally caching Exchange). We just use GMail as an example in the policy document to hammer home the rationale -- that you are effectively handing over private data to some third party.
Crashworks
2009-12-19 00:06:15
A:
This is a very good question. I don't think there is any way to guarantee your code won't be lifted. If you have a legal agreement with the company that covers you from a legal standpoint, but it doesn't stop someone from actually doing it. It would also be very difficult to prove they were the ones who lifted it.
Your safest bet if you're really concerned with your IP is to avoid services like these. No matter what if someone wants it bad enough they'll get it, but putting it on these types of services could tempt others and you know never know who is looking at your data.
Jeremy Morgan
2009-12-18 22:24:43
+2
A:
Depending on what you're doing, you may be able to encrypt your data. If you don't then allow your key to get out, you're safe.
This should be feasible for backups, but perhaps not for interactive editing.
David Thornley
2009-12-18 22:49:32