need a secure way to share documents
I'm looking for a reasonable+ means of securing a document that needs to be shared online or via e-mail.
The data resides on my home computer, but I am asking about delivering a document to a couple of recipients, what is a decent solution and how secure is it.
- basic option is to add a password to a Word document and e-mail it, I use gmail, recipient uses corporate e-mail.
- 2nd option I am considering is posting the document on a website, then the user can just download it.
So looking for a reasonably secure method of delivering the document electronically.
From a usage standpoint, I prefer to post online and download the document (mostly it would be opened and printed), thinking that this is more efficient and a better end user experience (users goes to the link and downloads it), whereas "storing" everything on e-mail to me is not only a cheesy way of doing this but might actually be considered less secure as now there are multiple copies stored on e-mail and likely the person would download to their machine (and likely ultimately download to multiple machines).
If the document were compromised, it would be very bad. Our competition would very much like to get their hands on this and if they did, it would sink our operation.
The risk of the competition finding where this document is seems to be very, very low, and they actually don't know it exists. But they can reasonably assume that a document of this nature probably exists and so they are determined to find it. Basically there's no reasonable way of them finding it without leaks on our part, so I'm essentially just asking a quick security assessment of the two options I've listed, and possibly what would be a reasonable next higher level of security (I looked at securing a .pdf document and that seemed fairly involved to a security novice, so at the moment I'm just using a password on a MS office document).
The data resides on my home computer, but I am asking about delivering a document to a couple of recipients, what is a decent solution and how secure is it.
- basic option is to add a password to a Word document and e-mail it, I use gmail, recipient uses corporate e-mail.
- 2nd option I am considering is posting the document on a website, then the user can just download it.
So looking for a reasonably secure method of delivering the document electronically.
From a usage standpoint, I prefer to post online and download the document (mostly it would be opened and printed), thinking that this is more efficient and a better end user experience (users goes to the link and downloads it), whereas "storing" everything on e-mail to me is not only a cheesy way of doing this but might actually be considered less secure as now there are multiple copies stored on e-mail and likely the person would download to their machine (and likely ultimately download to multiple machines).
If the document were compromised, it would be very bad. Our competition would very much like to get their hands on this and if they did, it would sink our operation.
The risk of the competition finding where this document is seems to be very, very low, and they actually don't know it exists. But they can reasonably assume that a document of this nature probably exists and so they are determined to find it. Basically there's no reasonable way of them finding it without leaks on our part, so I'm essentially just asking a quick security assessment of the two options I've listed, and possibly what would be a reasonable next higher level of security (I looked at securing a .pdf document and that seemed fairly involved to a security novice, so at the moment I'm just using a password on a MS office document).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
havard, just need to clarify what you are saying . . . if I have a document that's stored here: www.mywebsite.com/documents, and the user goes to that site and sees an index of documents, is that "on a website" ?
I guess I don't understand what is "an ftp site" that's "not on a website" . . .
but this sounds like another good layer of security, and avoids versions piling up in e-mail
I guess I don't understand what is "an ftp site" that's "not on a website" . . .
but this sounds like another good layer of security, and avoids versions piling up in e-mail
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Havard, ok, makes more sense now. I will investigate the ftp://mywebsite and post another question if needed
ASKER
just what I was looking for, thank you all
You're welcome :)
ASKER
sorry, quick follow-up . . .
I like the ftp solution and did a quick set up of a user.
the hosted service on cpanel wanted to put them in public_html/[user_name].
but I created a folder on public_ftp/[directory_name
so does this mean it's "not on the web" and only available via ftp, so entry credentials are the host ip address, the user name, and then the password ?
I kind of like this solution, as I don't have to fiddle with password protecting the file, I can just dump the files there (although I realize this would be an extra layer of security).
I like the ftp solution and did a quick set up of a user.
the hosted service on cpanel wanted to put them in public_html/[user_name].
but I created a folder on public_ftp/[directory_name
so does this mean it's "not on the web" and only available via ftp, so entry credentials are the host ip address, the user name, and then the password ?
I kind of like this solution, as I don't have to fiddle with password protecting the file, I can just dump the files there (although I realize this would be an extra layer of security).
I would have thought it would have gone to public_ftp. but by having in public_htm you will need to write a .htaccess file to block people which is not what you want. I would force it to the public_ftp side. you should be able to call your hosting company and they should be able to walk you through setting up a ftp site and user without any trouble. A different way to go would also to use Google docs and only give out the login to that to the right people. I have a restaurant chain that uses Google docs for all there training manuals etc.
ASKER
Havard, I was able to change it to public_ftp, it just defaulted to public_html.
so does this count as "an ftp site" ?
google docs is also a good functional solution but I'm just nervous about the security there.
so does this count as "an ftp site" ?
google docs is also a good functional solution but I'm just nervous about the security there.
best thing is to test it. just type it in the browser and you should not be able to see it. If you type ftp:// then it should prompt for a password. see:
http://dataroom.coles.com/ vs. ftp://dataroom.coles.com/
for an example.
http://dataroom.coles.com/ vs. ftp://dataroom.coles.com/
for an example.
ASKER
yes, I think I'm good, thanks !
glad to hear that
best of luck
best of luck
ASKER
gewinjansen, gpg4win looks really good, probably my next step up beyond the simple password. How would my partners "supply me with their encryption keys / certificates", especially if they are operating in a home (non-corporate) environment ?