Spike0 0 Posted December 4, 2013 Posted December 4, 2013 We are concerned about using Evernote for our engineering team because we do not know how secure the data is...even [and maybe especially] from inside Evernote systems [your own engineers/employees. We currently store very sensitive data in the app we use for notes but would like more of the redundancy and flexibility that Evernote might give us.How is data on your systems secured? Can someone inside Evernote access the data? Even in an emergency?
BurgersNFries 2,407 Posted December 4, 2013 Posted December 4, 2013 We are concerned about using Evernote for our engineering team because we do not know how secure the data is...even [and maybe especially] from inside Evernote systems [your own engineers/employees. We currently store very sensitive data in the app we use for notes but would like more of the redundancy and flexibility that Evernote might give us.How is data on your systems secured? Can someone inside Evernote access the data? Even in an emergency? Security has been discussed a lot on the board already. Please use the search function, if you want more info. In a nutshell, your data is not encrypted on your computers (unless you put your database in an encrypted volume) and is not encrypted on the Evernote servers. The exception is if you encrypt the data in the notes. Again, this has been discussed, so please use the search function.
Level 5* GrumpyMonkey 4,320 Posted December 4, 2013 Level 5* Posted December 4, 2013 We are concerned about using Evernote for our engineering team because we do not know how secure the data is...even [and maybe especially] from inside Evernote systems [your own engineers/employees. We currently store very sensitive data in the app we use for notes but would like more of the redundancy and flexibility that Evernote might give us. How is data on your systems secured? Can someone inside Evernote access the data? Even in an emergency? Hi. As BNF said, this has been discussed at length. I have my own thoughts about sensitive data, especially if it isn't your own. In the case of Evernote, you may want to consider the local notebook option. See my posts here: http://www.christopher-mayo.com/?p=288 http://www.christopher-mayo.com/?p=1081 However, in answer to your specific question about employee access, employees at Evernote can access your data. Here is the privacy policy (sorry, it is in Japanese because their site frustratingly feeds me this because of my language settings -- you can find your way to the English page). I would read it carefully. http://evernote.com/intl/jp/legal/privacy.php As for encryption, Evernote does not do it, and here are the reasons (in 2010). http://discussion.evernote.com/topic/10431-is-anyone-worried-about-our-data-not-being-stored-encrypted/?p=48994
evernote-fan 34 Posted December 5, 2013 Posted December 5, 2013 Of course, EN employees can access the data theoretically when they are not encrypted. The questions are: 1. Can every employee see the data or only some admins? 2. Are they obliged by their employment agreement not to view the data?
Level 5* GrumpyMonkey 4,320 Posted December 5, 2013 Level 5* Posted December 5, 2013 Of course, EN employees can access the data theoretically when they are not encrypted. The questions are: 1. Can every employee see the data or only some admins? 2. Are they obliged by their employment agreement not to view the data? 1. I am sure there is something more "official" written about this, and I know that physical security has been strengthened over time, but this is what you can find out from Podcast #1 (around 26:00): They need two-factor authentication to access the data center, they have cameras and other security, and only four keys to get access the servers (Phil doesn't have them). http://blog.evernote.com/2009/03/18/evernote-podcast-1/ 1. In Podcast #10 they address the issue of physical security again, and compare Evernote to your email service, saying they aim to be that secure. http://blog.evernote.com/2009/08/27/evernote-podcast-10/ 1. Employee access to accounts is limited, but I don't have a link on hand at the moment for that. They have to be able to access your data for various reasons (including if they receive a valid request from the govt.) and they may not be able to tell you every time, but in principle, I think they limit this access to extraordinary situations, and they have a policy of asking you for permission first. 2. I don't know. I have not seen their employee agreement.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.