How Secure Is EditMe?
Monday, April 6, 2009
Prospective customers frequently ask us this question. They want to use EditMe to store top secret information about their new business idea, sensitive internal process documentation for their company, or customer information that they've agreed not to share. The question itself is difficult to answer objectively, kind of like, "How good is the pie over at Village Pizza?" But its definitely something we can talk around, which is the purpose of this post. There are a number of areas that, combined, make up the relative "security" of a web-based service. I'll cover where EditMe stands on each of these.
Stability of the Company
EditMe has been doing what its doing since 2003, longer than any competitor that I know of. It is a privately owned company with 100% employee ownership (we are not funded by outside investors). The company is profitable and carries no debt. The business was created with itself as the goal. In other words, we're not waiting around for someone to buy us. We're happy and have no plans to do anything else. It may seem silly to say all this, but there are an awful lot of Web 2.0 companies who can't honestly say any of these things. Any company that has taken outside investment money is by definition tied to an exit strategy, which may or may not result in operations ongoing in their current form.
Security of the Data Center
Like most web-based services, EditMe does not operate its own data centers. The main EditMe web service is hosted on Amazon's AWS cloud computing platform. Services used include EC2 (virtual server instances), EBS (virtual disk storage) and S3 (cloud storage). Amazon is one of the largest and most respected online retailers on the Internet and knows a thing or two about running a data center. Amazon literally reinvented Internet hosting with their breakthrough AWS service, and they continue to raise the bar faster than any competitor can catch up. Amazon has released this statement about their security processes. EditMe chose to host with AWS for its unparalled flexibility, utility pricing and capability for instant growth.
Backups
EditMe performs two separate and redundant backups. First, each EC2 instance stores data an EBS volume (essentially a hard drive in the cloud). All EBS volumes are backed up every two hours in the form of incremental volume snapshots which are stored by AWS on S3 (cloud storage). These snapshots are stored for 48 hours. While volume snapshots provide the most effiecient backup method for both capture and retreival, they are technically complex and are managed by AWS "behind the curtain". To be absolutely sure no customer data is lost, daily backups of all sites are also made to S3 and stored for 10 days. Because any level of automation can fail with a false-positive, these backups are checked and tested by a human three times per week.
Site Access
EditMe provides customers with a broad range of security options that can be applied to their site. Properly configured, EditMe sites can be very secure. Customers who wish to store sensitive information on their site and keep out prying eyes are advised to:
- Configure the site's security settings to require login before viewing site content. Your site's content is publicly visible by default.
- Don't enable public registration. This would allow anyone to come to your site and register for access. Public registration is off by default.
- Use difficult passwords. If somebody guesses your login, no amount of security will keep them out.
- Enable the SSL/HTTPS requirement available in Standard and better plans for at least the login form, if not for the entire site. This protects against hackers who might otherwise be able to view site data as it passes through the Internet. EditMe's SSL certificate uses the same level of encryption employed by many online banking sites.
EditMe staff will only view your secure site if required by a support ticket or private forum post initiated by the customer. If you don't want EditMe staff to view your site, simply let us know when asking for support.
Spam Prevention
EditMe employs a proprietary Captcha system to prevent spammers from writing scripts that post comments to or edit your site. If you choose to allow the public to contribute to your site, you are highly discouraged from disabling these Captchas. They have proven to be an extremely effective comment spam deterrent.
Anonymity
Finally, unless you send out links to your site or submit it to search engines, nobody will know it exists. EditMe does not provide an automated directory of customer sites like many of our competitors do. Though we do maintain a list of obviously publicly-facing sites (as a mechanism to help our customers gain wanted traffic and search indexing), any site that requires a login or isn't obviously intended to be public-facing is excluded.
Hopefully this information addresses the concerns of both existing and would-be customers who are uneasy about using a hosted service to store potentially sensitive information. There is no absolute when it comes to security, but EditMe, along with our data center and backup providers, do what we can to protect the safety of customer data. If you have any additional questions, please let us know and we'll update this document.
Blog Categories » Most Recent Posts
Sign up for EditMe's monthly newsletter.
Most Popular Posts
- Google's New Web Collaboration Tool: Where Wave Fits
- _ShowFeed: Display RSS Feeds In Any EditMe Page
- Why You Shouldn't Generate Your Wiki Content
- Wiki Tools Are Not All the Same: Six Key Differentiators
- Amazon vs. Spamhaus - Where are my wiki notifications!
- Trend Micro is Blocking All Mail from Amazon's Cloud... Just 'Cause
- Ways to Wiki: Business Process Documentation
- Find Designers At Haystack
- Google and Yahoo: Don't Spend Time on Meta Keywords
- When Introducing an Internal Wiki, Don't Lead with Change
