Wednesday, August 29, 2007

Local Workgroups and Security

As my previous post mentioned, people are catching on to IntelliGantt's Local Workgroup as a way to easily manage projects with colleagues in the office or connected via the corporate network. Today we were talking with a company about using IntelliGantt and the Local Workgroup to help a team in the US work with a development group in India. They are a large company with resources at hand, but basically it's just a fast connection between Mumbai and California with a file server visible to both.

The question that came up is security. As in 'how secure is IntelliGantt?' While we hang our hat with pride on our multi-user project management solution for teams, TeamDirection is not about to claim we have solved your security issues too. We'd much rather pass that requirement to the underlying collaboration systems like SharePoint, Groove.... and your file server.

You see, in order for IntelliGantt to work on a File Server, the person using IntelliGantt must have permissions on that file server. Specifically read/write permissions. No permissions; no joining a project; no way to be malicious. If you really don't want people outside of the project to be able to change anything, you can use the security of a Windows server to grant access only to people who need to be members of the project.

It works like this: IntelliGantt uses a folder that has been shared on the file server. When you share a folder, by default users can read from it but not write. You could grant 'Users' the permission to write as well, but this means every user account on the file server would have this permission for this folder. This can be a good thing, if you want everyone in the company to use a single shared folder for all local workgroups (it certainly makes backups easier). Or you may want to be more restrictive.

If you have a project you wish to invite only a handful of named users to, then rather than granting the generic 'Users' group read and write permissions, you can grant particular individuals read and write permissions. When someone tries to join a project, they are first asked for their email and display name. IntelliGantt then connects to the file server and asks for permission to talk. If the file server needs authentication, IntelliGantt uses the built in Windows Authentication libraries and challenges for a user name and password. If the user fails the user name and password challenge, they are not allowed in to the project.

What this means is even if someone got ahold of an IntelliGantt invitation and happened to know the email address of a member, they still could not get into the project because the basic security of the file server would prevent it.

Which really is a good way to go, we think. Which would you rather have, a project management company rolling their own security solution, or a project management company that uses what the underlying systems have to offer? SharePoint, Groove... and in this case the under-appreciated file server.

No comments: