March 21, 2012
SpiderOak: Blue for Enterprise
Imagine yourself the CIO of a major company, walking down the street and thinking (as CIOs tend to), “gosh, I love SpiderOak, but it’s just too awkward to use across my company!”
At this point, I teleport in. “But wait!” I exclaim. “We’re now working on a solution just for you and your business! SpiderOak Blue!”
More seriously, we understand centralized management and provisioning will make or break a product geared for the business market; after all, who has time (or the money to pay for the time) to go and individually administer each unique SpiderOak user account? What if Bob and his laptop both wind up under the bus? How will you get Bob’s work data back?
Here at SpiderOak Business Labs, we’ve looked at the problem from the perspective of data ownership. Our consumer oriented product places ownership in the hands of the end-user. The user is the only one with the keys to unlock and look at plaintext data. And whereas this is the perfect scenario in the consumer world, it breaks down in a business setting where ownership of the data belongs to the company. And even still, perhaps you are a university wanting to purchase accounts for your student body in bulk. Of course you want the ability to maintain the accounts but also have no visibility into the plaintext data itself. We have worked hard and been successful in suitably covering all of the above cases and more.
If you then add the complexity and pain around managing both individual user accounts as well as companywide deployments, you add yet another layer. So – we have created a system where administrators gain full control of SpiderOak from one central location.
With no further ado, dear and humble reader, may I introduce to you…
What does this get you? Let’s take a look at the feature list.
- The same capabilities and meaningful privacy guarantees as our consumer product (‘Zero-Knowledge’ privacy standard)
- Central, easy-to-use web-based management console allowing user provisioning, group permissions, space management, and user reporting
- Selective enable/disable of web and mobile access to SpiderOak accounts.
- Bulk creation and management of user accounts (along with editing and downloading via CSV)
- Detailed reports on user activity and problems across your deployment
- You only buy space, and divide it among your users as you see fit. No silly per-user or per-device fees, or charging you extra to backup a server. Plain and simple pricing.
- Ability to follow policy-set permissions in the Windows Registry (on Windows), or as a text file in /etc (Linux) or /Library (Mac)
- Easy-to-deploy MSI installers for 32-bit and 64-bit Windows
SpiderOak: Blue OpenLicense
This product is based on our current OpenLicense program. In fact, a large part of Blue came from addressing limitations in the current OL program.
- Data Ownership Model: The end user, not the organization. A user who forgets their password needs a new account.
This is our ‘standard’ tier of Blue service.
- Data Ownership Model: The organization.
- Password resets possible via browser-driven ‘Zero-Knowledge’ encryption in the management interface.
- Non-’Zero-Knowledge’ user data auditing interface
SpiderOak: Blue Plus
This is the top-shelf enterprise-grade SpiderOak, for those with ultimate management needs. Everything that follows here is made possible by our Blue Virtual Appliance, which puts all management control into an open-source virtual machine running on your infrastructure. You get full control over the data flowing into and out of SpiderOak from your organization, while we stay completely ‘Zero-Knowledge’.
- You host your organization’s private keys. Key escrow lets you have full and complete control over the data by enabling you to hold onto the master private keys (which are normally generated via a key derivation scheme based on the user’s password).
- User account integration with Microsoft Active Directory, OpenLDAP, and RedHat Directory Server. Define LDAP groups, point the appliance at them, and those users automatically show up on SpiderOak.
- Integrated password management via LDAP or RADIUS. Due to use of key escrow technology, passwords for Blue Plus are only for authenticating users. Via the magic of the virtual appliance we can authenticate against your organization’s existing authentication infrastructure. SecurID? No problem!
- ‘Zero-Knowledge’ (to us) web and mobile access. This VM can also host a local copy of the web access portal – providing on-the-go access to your users while we remain ‘Zero-Knowledge’.
- Through the magic of the above web access, the user auditing / administrative data restoration console is also Zero-Knowledge from our perspective.
SpiderOak Blue is now available through a limited release. We have been working with several large enterprises through the beta period and will continue towards general release. If you’re curious about the product, please send an email to email@example.com and we will get back to you soon.