March 21, 2012

SpiderOak: Blue for Enterprise

by with 124 comments

Imagine yourself the CIO of a major company, walking down the street and thinking (as CIOs tend to), “gosh, I love SpiderOak, but it’s just too awkward to use across my company!”

At this point, I teleport in. “But wait!” I exclaim. “We’re now working on a solution just for you and your business! SpiderOak Blue!”

More seriously, we understand centralized management and provisioning will make or break a product geared for the business market; after all, who has time (or the money to pay for the time) to go and individually administer each unique SpiderOak user account? What if Bob and his laptop both wind up under the bus? How will you get Bob’s work data back?

Here at SpiderOak Business Labs, we’ve looked at the problem from the perspective of data ownership. Our consumer oriented product places ownership in the hands of the end-user. The user is the only one with the keys to unlock and look at plaintext data. And whereas this is the perfect scenario in the consumer world, it breaks down in a business setting where ownership of the data belongs to the company. And even still, perhaps you are a university wanting to purchase accounts for your student body in bulk. Of course you want the ability to maintain the accounts but also have no visibility into the plaintext data itself. We have worked hard and been successful in suitably covering all of the above cases and more.

So how does all this work? How does SpiderOak allow companies to retain ownership of the data while never having plaintext visibility? To answer that question, we turn to our ‘Zero-Knowledge’ privacy policy and encryption methods – all of which make this an interesting system to support. We’ve developed two distinct methods – both of which keep SpiderOak ‘Zero-Knowledge’ while letting the organization retain full-knowledge.

If you then add the complexity and pain around managing both individual user accounts as well as companywide deployments, you add yet another layer. So – we have created a system where administrators gain full control of SpiderOak from one central location.

With no further ado, dear and humble reader, may I introduce to you…

SpiderOak: Blue

What does this get you? Let’s take a look at the feature list.

Base Features:

  • The same capabilities and meaningful privacy guarantees as our consumer product (‘Zero-Knowledge’ privacy standard)
  • Central, easy-to-use web-based management console allowing user provisioning, group permissions, space management, and user reporting
  • Selective enable/disable of web and mobile access to SpiderOak accounts.
  • Bulk creation and management of user accounts (along with editing and downloading via CSV)
  • Detailed reports on user activity and problems across your deployment
  • You only buy space, and divide it among your users as you see fit. No silly per-user or per-device fees, or charging you extra to backup a server. Plain and simple pricing.
  • Ability to follow policy-set permissions in the Windows Registry (on Windows), or as a text file in /etc (Linux) or /Library (Mac)
  • Easy-to-deploy MSI installers for 32-bit and 64-bit Windows

SpiderOak: Blue OpenLicense

This product is based on our current OpenLicense program. In fact, a large part of Blue came from addressing limitations in the current OL program.

  • Data Ownership Model: The end user, not the organization. A user who forgets their password needs a new account.

SpiderOak: Blue

This is our ‘standard’ tier of Blue service.

  • Data Ownership Model: The organization.
  • Password resets possible via browser-driven ‘Zero-Knowledge’ encryption in the management interface.
  • Non-’Zero-Knowledge’ user data auditing interface

SpiderOak: Blue Plus

This is the top-shelf enterprise-grade SpiderOak, for those with ultimate management needs. Everything that follows here is made possible by our Blue Virtual Appliance, which puts all management control into an open-source virtual machine running on your infrastructure. You get full control over the data flowing into and out of SpiderOak from your organization, while we stay completely ‘Zero-Knowledge’.

  • You host your organization’s private keys. Key escrow lets you have full and complete control over the data by enabling you to hold onto the master private keys (which are normally generated via a key derivation scheme based on the user’s password).
  • User account integration with Microsoft Active Directory, OpenLDAP, and RedHat Directory Server. Define LDAP groups, point the appliance at them, and those users automatically show up on SpiderOak.
  • Integrated password management via LDAP or RADIUS. Due to use of key escrow technology, passwords for Blue Plus are only for authenticating users. Via the magic of the virtual appliance we can authenticate against your organization’s existing authentication infrastructure. SecurID? No problem!
  • ‘Zero-Knowledge’ (to us) web and mobile access. This VM can also host a local copy of the web access portal – providing on-the-go access to your users while we remain ‘Zero-Knowledge’.
  • Through the magic of the above web access, the user auditing / administrative data restoration console is also Zero-Knowledge from our perspective.


SpiderOak Blue is now available through a limited release. We have been working with several large enterprises through the beta period and will continue towards general release. If you’re curious about the product, please send an email to and we will get back to you soon.

  1. Awesome! Dropbox is verboten at my company but people are clamoring for a secure sync/sharing solution. Any hints on the secret handshake? :-P

  2. Will there be any minimum space limit or just the normal? Any restriction on max number of users ?

  3. @Jr: Currently, data de-dupe will only be within individual accounts still, and not among the users of an enterprise.

  4. This sounds amazing, it would be great to have some of these features for those of us who also handle our household's data backup from several systems.

  5. I think de-dupe should be a must. At my company users share folders, so I would need any user backup own files and shared, so they would also be capable of restoring them individually (no need to ask IT for a server file restore).

  6. Perfect for what I need. But I just rolled out the classic spideroak setup with shared account for all machines.
    I was not too impressed with the proposed cost structure.

  7. Very exciting – this seems to solve a long-time problem between my data center and remote customers. I can hardly wait (but I will, since anything less would be a compromise I am not willing to make).

  8. My org just talked to someone in sales about this and they mentioned that de-duplication was going to be part of the Blue offering. If that isn't correct then that is disappointing and makes the pricing less attractive for sure.

  9. Will this allow me to buy a large bulk of storage to backup a server (we use SBS2008) and then selectively give access to folders? I was looking a while back for a service that I could do something like that with, so I'm hoping Blue will be what I was looking for.

    Ideally I could backup the whole server to protect the data, and then I could give remote offices access to specific folders. Say Team1 gets access to a sync'd copy of the Team1 folder from the server backup. Management gets access to the management folder, and a manager on Team1 would have access to both via their account.

    Would be perfect for my traveling users to be able to have access to an updated sync of their specific shares while also having that data online and backed up securely.