Data security!

Because ODK is somehow linked to Google and is an online platform, does
anyone know how do we guarantee the safety of the information? how do we
avoid hackers to go through the data? Thank you in advance for any help.

Hi Tarek,

How do you mean ODK is linked to Google?

You have to setup your own secure Aggregate server. You can either use
Google app engine or build your own serverbto host Aggregate.

Thanks and Regards
Ronald Munjoma

··· On 6 Jun 2014 11:09, "Tarek Dib" wrote:

Because ODK is somehow linked to Google and is an online platform, does
anyone know how do we guarantee the safety of the information? how do we
avoid hackers to go through the data? Thank you in advance for any help.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thanks for your response Ronald. I already set a secure server account at
formhub. But I have a concern if it is secure, and hard for somebody to
hack the data off ODK collect on android. I have drafted an xlsForm and
upload it on formhub. and then upload the form into ODK collect on android,
to collect data. Thanks.

··· On Friday, June 6, 2014 12:40:30 PM UTC+3, Ronald Munjoma wrote: > > Hi Tarek, > > How do you mean ODK is linked to Google? > > You have to setup your own secure Aggregate server. You can either use > Google app engine or build your own serverbto host Aggregate. > > Thanks and Regards > Ronald Munjoma > On 6 Jun 2014 11:09, "Tarek Dib" <tdi...@gmail.com > wrote: > >> Because ODK is somehow linked to Google and is an online platform, does >> anyone know how do we guarantee the safety of the information? how do we >> avoid hackers to go through the data? Thank you in advance for any help. >> >> -- >> -- >> Post: opend...@googlegroups.com >> Unsubscribe: opendatakit...@googlegroups.com >> Options: http://groups.google.com/group/opendatakit?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ODK Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to opendatakit...@googlegroups.com . >> For more options, visit https://groups.google.com/d/optout. >> >

In general, to ensure the physical security of the server, and to control
access to it, you would need to set up and operate it yourself, on your
premises.

Or you can use encrypted forms http://opendatakit.org/help/encrypted-forms/
to fully encrypt the data while it resides on the server.

If neither of those secure solutions are attractive, you should hire a
website security consultant to advise you of other alternatives and discuss
the security pitfalls of each.

For example, you can use a hosting service for the web server and the
database server, with the database configured to store the data on disk in
an encrypted form. Since all image captures, etc. are stored in the
database, if you encrypt the database, this can protect your data from
casual access by data center employees that handle backing up your data.
However, because the secret key to access the database must be available to
the web server when it runs, anyone with access to the web server could
access your database.

Mitch

··· On Fri, Jun 6, 2014 at 5:28 AM, Tarek Dib wrote:

Thanks for your response Ronald. I already set a secure server account at
formhub. But I have a concern if it is secure, and hard for somebody to
hack the data off ODK collect on android. I have drafted an xlsForm and
upload it on formhub. and then upload the form into ODK collect on android,
to collect data. Thanks.

On Friday, June 6, 2014 12:40:30 PM UTC+3, Ronald Munjoma wrote:

Hi Tarek,

How do you mean ODK is linked to Google?

You have to setup your own secure Aggregate server. You can either use
Google app engine or build your own serverbto host Aggregate.

Thanks and Regards
Ronald Munjoma
On 6 Jun 2014 11:09, "Tarek Dib" tdi...@gmail.com wrote:

Because ODK is somehow linked to Google and is an online platform, does
anyone know how do we guarantee the safety of the information? how do we
avoid hackers to go through the data? Thank you in advance for any help.

--

Post: opend...@googlegroups.com
Unsubscribe: opendatakit...@googlegroups.com

Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups "ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to opendatakit...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
--
Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

It's also important to understand what you are protecting against.

On the server side, if you are worried about determined hackers,
Google App Engine is probably more secure than Formhub or your local
server. If you are worried about government subpoenas, hosting on your
local hardware is probably better than App Engine or Formhub.

On the mobile side, if you are worried about stolen devices, then
turning on Android device encryption and using form encryption is a
good option. If you are worried about malicious software, then locked
and unrooted devices with restricted user profiles are even better.

In my opinion, the best bang for buck is to use Aggregate on Google
App Engine with encrypted forms. That plus encrypted devices and
restricted user profiles on Android make for a pretty secure system.

Yaw

··· -- Need ODK services? http://nafundi.com provides form design, server setup, professional support, and software development for ODK.

On Fri, Jun 6, 2014 at 11:50 AM, Mitch Sundt mitchellsundt@gmail.com wrote:

In general, to ensure the physical security of the server, and to control
access to it, you would need to set up and operate it yourself, on your
premises.

Or you can use encrypted forms http://opendatakit.org/help/encrypted-forms/
to fully encrypt the data while it resides on the server.

If neither of those secure solutions are attractive, you should hire a
website security consultant to advise you of other alternatives and discuss
the security pitfalls of each.

For example, you can use a hosting service for the web server and the
database server, with the database configured to store the data on disk in
an encrypted form. Since all image captures, etc. are stored in the
database, if you encrypt the database, this can protect your data from
casual access by data center employees that handle backing up your data.
However, because the secret key to access the database must be available to
the web server when it runs, anyone with access to the web server could
access your database.

Mitch

On Fri, Jun 6, 2014 at 5:28 AM, Tarek Dib tdib03@gmail.com wrote:

Thanks for your response Ronald. I already set a secure server account at
formhub. But I have a concern if it is secure, and hard for somebody to hack
the data off ODK collect on android. I have drafted an xlsForm and upload it
on formhub. and then upload the form into ODK collect on android, to collect
data. Thanks.

On Friday, June 6, 2014 12:40:30 PM UTC+3, Ronald Munjoma wrote:

Hi Tarek,

How do you mean ODK is linked to Google?

You have to setup your own secure Aggregate server. You can either use
Google app engine or build your own serverbto host Aggregate.

Thanks and Regards
Ronald Munjoma

On 6 Jun 2014 11:09, "Tarek Dib" tdi...@gmail.com wrote:

Because ODK is somehow linked to Google and is an online platform, does
anyone know how do we guarantee the safety of the information? how do we
avoid hackers to go through the data? Thank you in advance for any help.

--

Post: opend...@googlegroups.com
Unsubscribe: opendatakit...@googlegroups.com

Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google
Groups "ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to opendatakit...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Mitch Sundt
Software Engineer
University of Washington
mitchellsundt@gmail.com

--

Post: opendatakit@googlegroups.com
Unsubscribe: opendatakit+unsubscribe@googlegroups.com
Options: http://groups.google.com/group/opendatakit?hl=en


You received this message because you are subscribed to the Google Groups
"ODK Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to opendatakit+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.