For any company working in new product development, protecting information is key. It might take years to develop a new product, but being first to market can still make or break the success of a product. Thus, the need to keep information confidential, safe, and secure is paramount. Losing data to theft, error, or computer failure can tun into huge problems. So, what are some ways we can keep information and files regarding your new product safe?
The non-disclosure agreement (NDA) is a contract that lays out how confidential information will be treated and protected when two parties need to share information of a sensitive nature. You can outline what how confidential information will be identified and how long it must be kept confidential. Signing these documents should not be treated lightly – it’s a legal document. Although you never want to end up in court, that’s exactly the occasion for which these documents are designed.
Even if you have an NDA with someone, sometimes it’s still prudent to avoid divulging certain details, if possible. However, I would try to refrain from saying anything like “You’re on a need to know basis, and you don’t need to know.” Doesn’t sound as cool as you think…
In these digital times, how do you keep your information secure from prying eyes?
For large files (>10MB), I like to use a cloud-based service like ShareFile, UbuntuOne, or YouSendIt. These datacenters use 256-bit SSL data traffic encryption as well as some pretty secure on-site protections like cages, steel doors, fingerprint ID, off-site backup, and sharks with head-mounted laser beams (well, I’m not positive about the sharks).
For smaller files, you can simply encrypt the file for email using password protected zip files or encrypt the whole email using OpenPGP or S/MIME public-key techniques. Security folks liken an email to sending a postcard through the mail – anyone can read it. Encryption is the process of putting a sealed envelope around it. So far, though, encrypted email hasn’t caught on with the masses, but I really wish it would. It would make sending documents like Project Status Updates, Meeting Minutes, and tax forms so much more private. To use it, simply go to keyserver.ubuntu.com (or use a Key Certificate application like Kleopatra) and search for the recipient’s email address (they have to have a PGP key). Import the certificate and send the email. Mozilla Thunderbird is great at this – Microsoft Outlook is not. Then, the recipient responds to your email by encrypting it with your public PGP key. My PGP Key is 0D040100. If you want to use it, I’d happily oblige.
What version was that again?
I use revision control to track changes between certain files, like CAD models or software. I’ve used CVS for years, but Subversion is also an option. Install it on a linux file server or used a cloud-based solution like Codesion. Check the file out from the server, and commit the new version when you’re finished or just at a good intermediate step. The real advantage is in the tagging functionality. Tag a directory of CAD files when they’re first released for prototyping. Then, as certain models in the directory are tweaked, committed, and tagged for later prototypes, you can always go back to an earlier version. This functionality has been around in software development for a long time, but revision control is also critical in the development of medical devices.
Back it up
It’s far too common for laptops to be lost or dropped, for hard-drives to fail, or for data to simply become corrupted. Having one copy of your project files is just asking for trouble. Thus, I keep all of my data files on a centralized, linux-based file server. Files are located in one place, on mirrored hard-drives, and incrementally backed up six times per day, seven days per week, four weeks per month, and three months deep using rsync scripting. Plus, with a linux server, it’s simple enough to add OpenSSH and VPN connectivity for remote access to all of your files. The machine doesn’t have to be glamorous or speedy; a 6-year-old workstation will do nicely in a pinch.
Take it outside
Backing up data to a second drive or central file server is a great way to protect against local computer problems like corruption or hard-drive failures. However, it doesn’t do a great job in the event of something more catastrophic like theft, fire, or inquisitive young children. So, on a weekly basis, I create an incremental backup to an encrypted external hard-drive and take that drive offsite. A fire- and flood-resistant safe might also do the job. Or, you could use a cloud-based service like Carbonite or Dropbox to store your data, but read those EULA’s closely and/or encrypt the data before uploading it if you’re not comfortable with the cloud.
Did I miss something? What are you doing to keep your and your client’s data safe?