Cloud storage service provider SpiderOak is taking on Dropbox, Box and other more established services with what it calls the first truly secure data backup and collaboration cloud for businesses.
There are three service levels for SpiderOak Blue, the company's new cloud storage service, which span small-to-midsize and enterprise-class businesses.
SpiderOak has had a consumer cloud storage service -- SpiderOak Orange -- since 2006 that allows consumers to back up, share and sync their data. SpiderOak's claim to differentiation is its "zero-knowledge" privacy standard, which allows users to create their own passwords so that the SaaS provider couldn't read a customer's unencrypted data even if it wanted to.
However, SpiderOak CEO Ethan Oberman pointed out that if a SaaS provider allows users to reset passwords, then it basically negates the security. "Anyone who can allow you to reset a password can get access to that password," he said.
Its new SpiderOak Blue business-class cloud places the ability to manage and reset passwords in the hands of a user company's IT administrators.
SpiderOak Blue offers a virtual appliance that places all management control into an open-source virtual machine that runs on a user company's internal infrastructure. That enables full control of all data flowing in and out of an organization through SpiderOak.
The cloud storage service then creates a central repository for management and provisioning of company data, which saves IT departments the task of administering each user account individually, Oberman said.
Companies retain complete ownership and administration of all their data, knowing that SpiderOak employees can never view the data for any reason, Oberman added.
Richard Stiennon, chief research analyst with IT-Harvest, said SpiderOak is now the only cloud storage service built from the ground up with security in mind. In a recent blog on Forbes, Stiennon wrote that other cloud storage providers "are scrambling to build security features in after the fact."
One "even talks about how they have policies in place to prevent their own employees from looking at customer data. We all know how that works out. Policies are not security. Neither are passwords," he said. "Full encryption and keys in the hands of the customer are the only way to protect data in the cloud."
SpiderOak's three services are:
- SpiderOak Blue for SMBs, which allows businesses to view all data, including information inside a built-in data auditing interface. Companies can reset passwords and view in-depth reporting inside the web-based management console.
- SpiderOak Blue OpenLicense (OL), which is aimed at universities and school, includes all the features of SpiderOak Blue but places data ownership into the hands of end users. Company administrators handle general information -- including user statistics and the amount of data stored per account. However, SpiderOak Blue OL does not provide any method of changing or resetting user passwords -- end users remain responsible for their passwords.
- SpiderOak Blue Plus, which is designed for large enterprises and includes a virtual appliance that places all management control into an open-source virtual machine (VM) that runs on company infrastructure, enabling full control of all data flowing in and out of an organization through SpiderOak.
SpiderOak Blue Plus offers user account integration with Microsoft Active Directory, OpenLDAP, and RedHat Directory Server. Directory group membership provides SpiderOak account entitlement. It also offers integrated password management via either LDAP bind or RADIUS (e.g. RSA SecurID).
Users on company-defined LDAP groups are automatically visible inside SpiderOak's web-based management console.
Pricing for SpiderOak's Blue service starts at $400 per terabyte of capacity, regardless of how many users or systems access the data.
Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian or subscribe to Lucas's RSS feed. His e-mail address is firstname.lastname@example.org.