phinance99 0 Posted June 17, 2012 Share Posted June 17, 2012 My company has just decided to block Evernote access due to security concerns. Since Evernote data is submitted and stored externally, they are concerned that proprietary information might be compromised.Have you considered developing features that would allay such fears? Perhaps a fully encrypted Evernote would make the company's security personnel happy.Perhaps Evernote accounts could be optionally tied to a "sponsor company" (eg., an employee of XYZ could have an account sponsored by XYZ) where the sponsor company could own a "skeleton key"that allowed them to decrypt and review all employees' sponsored accounts for compliance/legal reasons. Link to comment
Level 5* GrumpyMonkey 4,319 Posted June 17, 2012 Level 5* Share Posted June 17, 2012 My company has just decided to block Evernote access due to security concerns. Since Evernote data is submitted and stored externally, they are concerned that proprietary information might be compromised. Have you considered developing features that would allay such fears? Perhaps a fully encrypted Evernote would make the company's security personnel happy. Perhaps Evernote accounts could be optionally tied to a "sponsor company" (eg., an employee of XYZ could have an account sponsored by XYZ) where the sponsor company could own a "skeleton key" that allowed them to decrypt and review all employees' sponsored accounts for compliance/legal reasons. Hi. Welcome to the forums! At this point, none of those features are available, and I think Evernote employees have expressed reservations about the encryption of Evernote databases, and Evernote seems to have set up the sponsored system without a "skeleton key" type system explicitly to make sure that the owner of each account is the only one who can access the data within it. I don't see any indications that they plan to change either position, but you never know. Probably one of the best places to get a sense of where the discussion stands now on the forum is this thread. It is long, but full of stuff. (P.S. Thanks to Owyn for having the foresight and initiative to post a link to the current location after a topic renaming broke the link) Link to comment
Level 5* Metrodon 2,184 Posted June 17, 2012 Level 5* Share Posted June 17, 2012 For many Enterprises, storing data in someone else's cloud is never going to be acceptable. Dave Engberg, Evernote's CTO has said on here a few times that they have no plans to develop a self hosted or appliance model. What they do seem to be supporting is some joint billing and potentially some admin tools. Link to comment
Level 5 jbenson2 2,147 Posted June 17, 2012 Level 5 Share Posted June 17, 2012 Even though there have been significant changes, I don't foresee them changing to an encryption model. Here is a timeline with snap-shots of the changes in Evernote's goals over the past couple years.2010 - December 29 - an excerpt from Phil Libin (CEO)"Our goal is to be the permanent, trusted and ubiquitous place for all your lifetime memories. We're committed to making Evernote fit into every part of that life - school, work, family, hobbies, etc. The focus will always be on you, the person experiencing that life, not on your friends, or your teachers, or your boss. There's already enough stuff that focuses on those."http://discussion.ev...dpost__p__718692011 - April 4 - Dave Engberg (CTO) mentioned the "large laundry list" corporations usually insist upon for enterprise development.Plus this comment:"Basically, a bunch of the people who built Evernote have a lot of experience in the "Enterprise software sales" business, and it's completely 180-degree different than Evernote's "freemium" personal memory service. It's hard to do both business models under the same roof, in my experience."http://discussion.ev...dpost__p__83685During the next 12 months between April 2011 and April 2012, there was a public change in their position. They began moving from a individual consumer-focused product to a multi-user program that could handle collaboration and sharing notes in a corporate environment.2012 - April 27 - ComputerWorld reported that CEO Phil Libin saidEvernote will launch a business program in the coming months, allowing administrators to better control security and data... Until now, Evernote mainly targeted individuals and schools, but that is going to change. "We are launching an official business program," Libin said,Enterprise use of Evernote is through end users instead of official channels, Libin said.The goal is to adopt the tool for corporate IT systems, although a white label version is out of the question. "Absolutely not, we'll never do it," Libin said, adding that he thinks that offering a white label version is too much of a distraction. Companies will not be able to run an Evernote server behind the corporate firewall. Libin called it a "slippery slope" saying that he refuses to be a consultant that constantly adjusts its product for the customer.http://www.computerw...ol_for_business2012 - April 30 - Heather (Support) said:"Our "Enterprise" version is he next logical evolution of Sponsored Groups - yes, we're adding some extra features that corporations have asked for to make their Evernote-lives easier, but we're not changing the core service."http://discussion.ev...post__p__136447. Link to comment
Level 5* gazumped 11,665 Posted June 17, 2012 Level 5* Share Posted June 17, 2012 ...decided to block Evernote accessThe OP's company takes security seriously - as they should - but may not have thought through the options fully. What about Dropbox/ LiveDrive/ G-Drive / and all the other cloud-based storage and 'Office' solutions out there? Why single out Evernote for attention? If staff are bound by an internal Policy not to store company material on external servers, why not rely on that for all potential breaches?the sponsor company could own a "skeleton key" that allowed them to decrypt and review all employees' sponsored accounts for compliance/legal reasons...and what happens to the employees' own account on joining this company - are they allowed/ obliged to use the corporate account during working ours for private purposes? How does that connect with the employee's personal account? Would the company have access to all the pre-existing personal information too?-And what about mobile applications? Will the staff be searched for mobiles on a regular basis?There are some arguments that if staff use EN for business purposes -even "personal" business purposes like organising a meeting- they should be prepared for corporate supervision. On the other hand if companies apply too many strict rules, it encourages some employees to start looking for the loopholes... Link to comment
Level 5* jefito 5,589 Posted June 18, 2012 Level 5* Share Posted June 18, 2012 I think it's likely that they're blocking all of the other cloud services, and not just Evernote. Link to comment
BurgersNFries 2,407 Posted June 18, 2012 Share Posted June 18, 2012 Perhaps a fully encrypted Evernote would make the company's security personnel happy.Encrypting the EN database prevents EN from indexing the notes. Since that's one of the draws of EN, that would pretty much downgrade EN to just a cloud storage system. There are already a bunch of those. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.