Avoiding cloud storage for my small business

[y3llowduk]

Hi All,

 

I run a small business from home of which I have some family members on-board with to help. The documents and files we use (small) are stored on my host Windows 10 desktop with some basic shares setup on the local network so other family members can use their own PC's/Laptops to access the files. At the moment I have several local user accounts for my family members on my host PC which allows me some basic control as to who can see what on the shares and it works quite well. I can add and remove local user accounts as I please.

 

I'm going to be taking on some people very soon and they need access to said files, but they will be working remotely of course. I need to set up a secure way of them accessing these shared files on my PC.

 

I do not want to use a cloud service, I want to own and manage all my own data. I don't care if it will solve this issue, I'm against using any cloud service. Setting up a complex dedicated server for this purpose seems a bit overkill at this point (I have played with FreeNAS etc. in the past) so I was wondering what the best way is of sharing my shares SECURELY over the internet? Do I need to create VPN from within windows or is that not secure?

 

Tia!

[Electronics Wizardy]

How many tb are we thinking?

 

 

Really, cloud is the way to go. Reliable, pretty cheap, secure.

 

If you want a self hosted cloud like solution look at nextcloud, but really, just go O365 or gsuite here, its a much better solution.

[y3llowduk]

3 minutes ago, Electronics Wizardy said:

How many tb are we thinking?

 

 

Really, cloud is the way to go. Reliable, pretty cheap, secure.

 

If you want a self hosted cloud like solution look at nextcloud, but really, just go O365 or gsuite here, its a much better solution.

I just can't bring myself to use a cloud service... part of it is just that I enjoy being the owner of the data rather than any practical reason... just more fun haha. It's a small amount of data. 500GB at the moment. I've played with nextcloud a little in the past, but doesn't the server need to be run on a Ubuntu host? Really want to use my Windows 10 desktop as the host... or could I run the nextcloud server on a VM on my desktop? I'm a bit scared of Linux... the whole commands thing I find really frustrating.

[Electronics Wizardy]

Just now, y3llowduk said:

I just can't bring myself to use a cloud service... part of it is just that I enjoy being the owner of the data rather than any practical reason... just more fun haha. It's a small amount of data. 500GB at the moment. I've played with nextcloud a little in the past, but doesn't the server need to be run on a Ubuntu host? Really want to use my Windows 10 desktop as the host... or could I run the nextcloud server on a VM on my desktop? I'm a bit scared of Linux... the whole commands thing I find really frustrating.

You can run a vm on your desktop for next cloud if needed. But also if you self host, what is your backup plan. What if your desktop fails and needs new parts? What if your home internet has issues? What if you need to restore backups from last week. Those really aren't issues on cloud solutions.

 

BUt really cloud storage will be much more reliable and secure, and less to worry about. 

[Guest]

Something I would suggest looking into on top of all this, is a Database, on a centralized server, vpn and all that could be after that in the setup..  But a database would be way better for multiple users interacting at once with a set of data.. It could be a single machine in your home that you can build and configure yourself with some RAID..

[y3llowduk]

2 minutes ago, Electronics Wizardy said:

You can run a vm on your desktop for next cloud if needed. But also if you self host, what is your backup plan. What if your desktop fails and needs new parts? What if your home internet has issues? What if you need to restore backups from last week. Those really aren't issues on cloud solutions.

 

BUt really cloud storage will be much more reliable and secure, and less to worry about. 

I didn't think of the internet outage issue... but we're so small that it wouldn't really be much of an issue. Backups are all nicely sorted on my desktop with the previous versions feature as well as RAID etc....

 

Urgghhh maybe I should suck it up and just get 365. I'll have to look into how central file sharing works with their cloud services... as I don't actually want any users to have their own private storage areas, it all just needs to be one big shared area (with controlled access to certain folders mind you)

[Electronics Wizardy]

1 minute ago, y3llowduk said:

I didn't think of the internet outage issue... but we're so small that it wouldn't really be much of an issue. Backups are all nicely sorted on my desktop with the previous versions feature as well as RAID etc....

 

those aren't a full backup solution. RAID is not a backup. What if the filesystem is corrupted. or the pc is stolen? or the PSU kills all the drives. Or malware gets on the system.

 

2 minutes ago, y3llowduk said:

Urgghhh maybe I should suck it up and just get 365. I'll have to look into how central file sharing works with their cloud services... as I don't actually want any users to have their own private storage areas, it all just needs to be one big shared area (with controlled access to certain folders mind you)

Go play with it. for O365 there is sharepoint so you can have users store files there and viewed by everyone.

 

Id let people have their own storage. Then its still backed up in the cloud, and managed by the owner, but temp docs or in progress files are viewable by everyone.

 

Also with O365 you get email and office included, and you probably need to buy that anyways.

[TargetDron3]

I don't trust cloud services.  Here's a few reasons why

 

1. Your data is now at the mercy of the provider.  Providers, even as big as Microsoft have issues.  We are using OneDrive here more as a local machine backup, not a file server, but we have bouts where we can't access data because a datacenter is down or having issues.  

 

2. Many cloud providers claim the data can't be seen by the provider, but that is bulls#*t.  They have the decryption keys.  It's built in by government requirements.  If you don't think the providers aren't mining the info uploaded to them, I have beachfront property in Arizona to sell you.  Amazon hasn't been caught doing this, but all of those Amazon Basics items were created based off of items that 3rd party vendors were selling on their platform and Amazon went to the mfgers in China and undercut the original businesses selling the items.  The moral is if there is a way for these big companies to make MORE money off of you and your data, they are going to do it. 

 

3. Security of your data.  You as a small business that isn't making waves, isn't a target.  Amazon, Microsoft, DropBox are all targets.  As with the Solarwinds hacks( another report just came out that they were compromised by China), big companies with reach into other companies are BIG targets for data theft.

 

4. Miss a payment? Does your company do ANYTHING that isn't in vogue with the current political climate at the data hoster?  Guess what, they'll cut you off in a second and tell you to eat a turd sandwich and you can't get your data back, you should have had backups!!

 

Spend the money on another computer, install unraid or Truenas core on it, set up a VPN and put your shares on it.  Back up to another computer every night for a simple solution that doesn't cost a lot of money or incur ongoing expenses. 

 

I hate the whole concept of cloud services for data storage, aside from setting up your own cloud with NextCloud or Owncloud. 

[Jisagi]

5 hours ago, TargetDron3 said:

I don't trust cloud services.  Here's a few reasons why

 

1. Your data is now at the mercy of the provider.  Providers, even as big as Microsoft have issues.  We are using OneDrive here more as a local machine backup, not a file server, but we have bouts where we can't access data because a datacenter is down or having issues.  

 

2. Many cloud providers claim the data can't be seen by the provider, but that is bulls#*t.  They have the decryption keys.  It's built in by government requirements.  If you don't think the providers aren't mining the info uploaded to them, I have beachfront property in Arizona to sell you.  Amazon hasn't been caught doing this, but all of those Amazon Basics items were created based off of items that 3rd party vendors were selling on their platform and Amazon went to the mfgers in China and undercut the original businesses selling the items.  The moral is if there is a way for these big companies to make MORE money off of you and your data, they are going to do it. 

 

3. Security of your data.  You as a small business that isn't making waves, isn't a target.  Amazon, Microsoft, DropBox are all targets.  As with the Solarwinds hacks( another report just came out that they were compromised by China), big companies with reach into other companies are BIG targets for data theft.

 

4. Miss a payment? Does your company do ANYTHING that isn't in vogue with the current political climate at the data hoster?  Guess what, they'll cut you off in a second and tell you to eat a turd sandwich and you can't get your data back, you should have had backups!!

 

Spend the money on another computer, install unraid or Truenas core on it, set up a VPN and put your shares on it.  Back up to another computer every night for a simple solution that doesn't cost a lot of money or incur ongoing expenses. 

 

I hate the whole concept of cloud services for data storage, aside from setting up your own cloud with NextCloud or Owncloud. 

1. Yes sure, it's the same concept of your private finances. You use multiple way and spread the risk. You could compare a file sitting on a harddrive of a cloudprovider to the same file on a local harddrive without any backups. You sould always have backups! Just using a cloud provider doesn't mean you have a backup for all eternity.

 

2. "They have the decryption keys": Just a claim without any proof, same goes for the "government requirements". You claim it to be so, nothing more. If you're scared, just encrypt your data locally and then send it to the cloud provider just as every company does it with highly sensitive data. And please don't claim that they can decrypt everything with their magic master key to all encryption standards out there. THAT is bullshit.

 

3. See number 2, encrypt your data before uploading it.

 

4. See number 1, a cloud provider is not both storage and backup solution in one package. Offsite backups can also mean, outside of cloud provider 1 at cloud provider 2, or even locally with a mixed solution.

 

You seem to have a very deep mistrust in anything outside of your house, but on the other hand claim, having it inhouse solves all these problems. If you scared of your claimed possible decryption forced by some government, then all your vpn solution is even less secure then a locally encrypted file sent to a cloud provider. Your arguments are highly questional opinions at most, but mostly claims of risks they either don't exist, cannot be proven by any of us or are plain wrong. There are legitimate uses of cloud providers as well as local servers. Both have advantages, both have drawbacks, but none of them are as good or bad as you claim them to be.

 

EDIT:

To add my own opinion as well. I do also not trust cloud providers, but not in the way you do. I encrypt my data before I upload it and I have backups everywhere, locally and offsite. I don't trust them in a sense of them just being an offsite harddrive. It can fail and break and the data is lost. It has nothing to do with data stealing or spying, but in the sole fact that they are just another harddrive I store my data on. You never entrust your data to just 1 harddrive, but multiple ones.

[MattJenko]

I realise this is a necro, but it sounds like you have a system that works, from a management POV. You don't, however, have a backup.

What I'd do is install a small NAS offsite for backups or use something like backblaze (remember, just for backups, not really a 'cloud' solution), then use your router to set up OpenVPN access to the network for the remote workers. You can set up multiple users with their own certificates, and it will run on many modern modem/routers that you probably already have installed. My Asus router, for example, supports it.

 

Personally I'd move everything to a proper server so your desktop workstation isn't the single point of failure. How far you go depends on how much downtime in the case of a temporarily broken server will hurt. Redundant ATX PSU's aren't that bad these days, you could get some relatively commodity hardware into a basic tower with redundant power, disks and network for a couple grand or less. The advantage of a server is that it is single purpose and stable, not like a desktop, so will be less likely to experience downtime that might hurt your business.

Again, data protection is the most important thing, if you can have downtime with no ill effect there's no need to go bonkers on the machine that contains it.