Why your company should consider getting a NAS
What’s a NAS again?
“NAS” means “network-attached storage,” but this buzzphrase has come to mean more than just a backup drive for your local network. It’s also, and maybe more importantly, an easy-to-set-up personal cloud server.
You use it for document storage and sync a la Dropbox; to sync your calendar, contacts, notes, and password data; to host a secure, private Telegram- or Slack-style chat; as a code test bed; as a shared media server; even to store pictures and movies, and display or play them a la Netflix; and more. And in recent years, it’s become pretty easy for power users to set up. And it all works well. And it’s cheap. It’s insanely cool.
My business uses for a NAS on a business trip
Well, a lot of my personal uses are actually business uses. Traveling literally around the world, I am connected to my (I hope) secure and private home server, i.e., a Synology Diskstation 1019+. What apps that run on my server have I used on this trip so far? Glad you asked:
- calendar, which Everipedia’s PR firm and I both update independently
- file hosting with capabilities for:
- file sharing (this is how I transferred my latest presentation deck to a conference in South Korea)
- syncing between the NAS, laptop, and phone (which I used to look at my notes on my phone, when I gave a speech yesterday in Amsterdam; I wrote an updated version of the speech on my laptop and displayed it seamlessly on my phone)
- backing up (not only is a copy automatically saved to the NAS a la Dropbox, but the NAS itself is backed up hourly to a secure third party site that uses zero-knowledge encryption, so only I can possibly read the files that are saved there)
- a remote file editing app (like Google Docs; let a colleague see a work in progress)
- a secure password manager (used constantly) I can sync with from anywhere (even my phone; can you make a new account on your phone and input and save a secure password easily? I can!)
- secure encrypted chat (with my boys at home)
- the photo app Moments (to upload pictures, which family can see even while I’m gone)
- the to do list that displays the same list on my phone and my laptop
- a movie player (I watched a movie that streamed from home, which my boys ripped for me)
- a music player (so nice to have such easy access to my entire frickin’ digital music collection, not just while at my desktop)
I actually used all of those things myself. And here are the things that I didn’t have to use (and for that reason I didn’t have to put my privacy and security at risk):
- Google Docs
- Slack or Telegram (at least for talking to my boys)
- Instagram, Google Photos, Dropbox photo sharing, Flickr, iCloud photo sharing, Cluster, etc.
- my phone and laptop’s limited space for random large media files like movies and music; I now use about 15 GB on my phone
- a cloud-based “to do” app like Apple’s, or Asana, or whatever
I dropped all that. I don’t have to worry about how they’re violating my privacy. I can give a big old middle finger to their ridiculous privacy policies and user agreements and privacy settings. I don’t have to think about how their systems can be hacked. (I do have to think about how my own system can be hacked, though!)
What would your startup do with a NAS?
Everipedia (of which I am CIO) doesn’t have a NAS yet, if we ever will get one, and I thought, if I’m going to take some time to explain to my fellow execs the advantages and disadvantages of NASes for business, why not turn everybody else on to the idea, too?
Let me talk about startups here because I’m well aware that larger, more established enterprises have serious enterprise solutions to these problems. But until fairly recently, startups and smaller businesses have been stuck more or less with public cloud solutions.
Setting up a NAS would be a bit of pain. I’m not denying it; see the next section for discussion of that issue. So why think it would do any good for your startup? Well, check this out:
- Shared calendars. Instead of scheduling meetings via Google Calendar and wondering if they’re selling the information to your competition, or if your data could be sold by a criminal hacker who cracks the honeypot that is their giant Gcal database, you put your meetings on your own server, on shared calendars.
- Collaborate on the same documents and host them securely in your own office. Cut the umbilical cord with Google Docs. You can use it to back up Office 365 if you use that. What are they really doing with your proprietary stuff there? Frankly, it makes me feel dirty whenever I have to open up Google Docs or Sheets; but I do, because the rest of the team does. It doesn’t have to be that way.
- A related but distinguishable advantage is that all of your company’s documents can be found in one place, under the clearly-defined ownership of company. Sure, there are cloud services that will do the same thing–but not with the same granularity of control, not to mention guarantee of privacy.
- Conduct your company’s internal Slack or Telegram-style discussions just as easily, and more securely, via a chat app that you and your team set up and run. Never worry again whether it’s really encrypted. You’ll know because it’ll be up to you. I can attest that it’s just cool to have a Slack-type conversation across the world but using your own privately-owned and -controlled machine.
- Host your assets. Your company has assets: logos, design documents, videos, etc. Where do they live? If you’re a small company, either they’re on your design team’s individual machines (which is a terrible idea; what if something happens and they’re not properly backed up?), or they’re in the cloud, or they’ve already got a NAS installed. You know what’s really cool about a private cloud if you’re doing design work, video production, etc.? Everyone can sync to the machine via the Internet and the local network. You can plug yourself right into that sucker and transfer ginormous files super-fast. You can even bring a media production NAS along with you on-site if you need to do heavy video editing, collaboratively, on site. (I haven’t done this yet myself, but I’ve read about it.) You can’t do that with the public cloud cloud.
- Host your own ticketing, project management, and bug tracking software. OK, maybe you don’t really care if that stuff is in the public cloud. But I care. What if you have real, live corporate secrets lurking in your project management tool?
- Set up secure, shared Docker containers that you completely own, to make it easy to do testing and to help new developers install their dev environment quickly. Some NASes are built to work with them directly.
- Maybe your code is so sensitive that you don’t even want to put it on Github or Gitlab. (If you’re a closed-source shop, it could happen.) You know what NASes can do for you? They can serve as out-of-the-box Git servers. How cool is that?
- You can securely and easily back up all the data on your NAS, which especially for some businesses is absolutely necessary. Among other things, it can ensure that uncooperative or unresponsive employees who exit the company don’t take crucial intellectual property with them irretrievably; management has greater control of what remains in the permanent archive, so long as it was originally put on the NAS.
It’s a real live server, so of course you can install lots of other apps for your team and customers. But the above-listed items involve improving your privacy and security by moving from a public to a private cloud.
But what are the advantages, really?
If you’ve got a tech team with the skills, they could set you up with a traditional (and probably cheaper and faster) server. So what’s the big deal?
Sure, maybe ten years ago you could have set up a server and had some of this convenience, but only in recent years have systems like FreeNAS, NextCloud, Synology, and QNAP been absolutely decked out with everything you need to replace all of the above public cloud services. It’s not just that it’s easy to install your own server, it’s what you can do with it so easily now. For the last couple of decades, developers have discovered a bunch of great ideas for how to facilitate cloud-based, collaborative, and cross-platform work online, and especially in the last few years, NAS system developers (both proprietary and open source) have created similar systems for NASes.
The point, then, is that these software solutions are easier to install than ever, pretty cheap, and actually effective.
“Maybe,” you say, “but that doesn’t answer the real question: why do it yourself? Why not just keep using cloud services until you are a giant enterprise?”
Well, this is a matter of opinion, but I think it’s increasingly clear that we simply can’t trust the public cloud with either our privacy or our security. Over and over, we hear about how giant corporations are selling our data, spying on us, and letting governments spy on us. This is offensive enough in itself, but this also creates serious security issues.
While my information privacy (and my family’s) has become my driving concern, with businesses (especially tech startups), security is the more serious problem. The problem is that security is simply more difficult and more fraught than it was even ten years ago. Think about the proliferation of multiple devices, owned by the employee and not the company; each is an “attack surface.” Think of how much important, even business-critical data is spread across cloud services and protected by multiple employees with fairly random, hit-and-miss security habits.
Then consider all the horror stories you’ve heard about cloud services being hacked. Maybe you mostly trust your various vendors. Maybe you wouldn’t care about most of your data being revealed publicly or put in the hands of competitors or criminals. But hacks do happen. They are a common occurrence. And no doubt you have some data that really is sensitive. How about your cap table, salary data, and any crypto keys that are in the hands of the company?
What a NAS does, then, is that it enables you to take responsibility for cloud data services. With a good server, you can satisfy yourself, especially with staff who are really good at security, that you’re more secure and private than in a public cloud.
Of course, you do have to think about your own security if you install a company NAS, which is why I mention that it’s important that you have good security skills on board. So the natural question is: “Why think that we will be better at security with a private cloud server than various public cloud services would be?”
There are two parts to the answer. First, you can trust yourselves (unless, for some reason, you can’t). If you put your data in the cloud, you are forced to trust strangers, both their honesty and their security practices. Second, public cloud services are honeypots for criminal hackers. They’re a huge juicy target, and your stuff is there; it’s buried among a lot of other stuff, but it’s there. Especially if your NAS is properly locked down and obscured in various ways, hackers don’t have nearly as great an incentive to attack your machine, because they’ll only get your data.
Those are two important differentiators. When you replace public cloud services with your own, if you do your homework, you’ll probably end up with a much more secure systems for your business.
Also, did I mention how frickin’ cool it is to use and be in charge of your own cloud?
But are there disadvantages?
Sure, there are. There are actually several issues that might stop you. So let’s lay it all out there.
First, somebody is going to have to spend a few days buying, installing, and configuring the machine and the apps. You might or might not need to upgrade your Internet connection, modem, and router. Then there will be some ongoing maintenance and support, somebody managing NAS accounts, etc. It’s not a deadly amount of work but it isn’t trivial even for our little home NAS. Making sure your startup’s NAS is locked down and operational definitely a task. It would be something a sysadmin, devops, or networking type would do.
Then there’s the security risk involved in a poorly-configured machine, or if your company has bad security protocols (such as, to take a simple example, letting people with lots of permissions in the system use easily-crackable passwords, or letting everyone in the office have access to everything, or doing something crazy like turning off the firewall). I think my Synology NAS is pretty secure, but I’d really want to dot my i’s and cross my t’s before putting my machine into production for business purposes. Ideally, you’d have somebody with special and in-depth experience with server administration, networking, and information security. Any sufficiently experienced geek should be able to do what needs to be done, with enough time, research, and occasional consultation.
A different sort of disadvantage would occur if you had a slow Internet connection or inadequately beefy machine. You might expect collaborative document editing to work as fast as Google Docs, but if your machine or Internet connection are too wimpy, you’ll be disappointed.
There are a few other, perhaps more minor risks:
- Certain NASes might not have the full set of apps you’ll need to have on your phone. I can tell you, however, that Synology has pretty much everything I’ve needed (so far); QNAP actually has more apps than Synology in its App Center (last time I checked, or so one reliable source reported); and NextCloud has a zillion (open source) apps available.
- If the power goes out, you’re stuck until it comes back on.
- Someone at the office might get a NAS set up, but if nobody else is able to run it and the NAS person quits, you might be stuck.
- You’ll have to teach and motivate the team to use the NAS; some of them might not care so much about your company’s security, and would rather use they’re used to.
- You might (marginally) trust the reliability of the social media giants’ software over that of your NAS vendor (or the OSS that makes up the FreeNAS and NextCloud offerings).
There might be other issues; your mileage will vary.
Why not look into it some more?