As of our last all hands meeting we have moved our company to using NextCloud on a server in a German data center. This is the second major step in improving on our information hygiene in the company, after adopting RocketChat and leaving Slack.
I had created the cloud already last May, but we had not transitioned everyone in the company and all our work. That transition has now been made.

It allows us to avoid having to work with clients in cloud environments like Google Docs, it has OnlyOffice for online collaboration in documents, it allows to avoid file transfer services in favor of being able to provide (time limited, password protected) download links from our own server, and it has integrated STUN/TURN support so we can do (video)conference calls from within our own environment. It’s a managed server/service for a few hundred Euros per year. A key benefit is being able to nudge our clients to routines less exposed to the data hungry silos, and also to show compliance with (regularly inconsistent and differing) rules regarding which online services they do and don’t allow. Setting an example is in itself a benefit given our work on transparent data governance, data ethics and accountability.

In the coming weeks we’ll aim to get fully accustomed to our new working environment, but so far it has been pretty self-evident.

Screenshot from working with a colleague in OnlyOffice (content blurred obviously)

We are working our way through a list of things to improve our overall information hygiene, a discussion I started last spring. It involves changes at the company level (like Nextcloud and Rocketchat) and changes at the individual level (helping colleagues e.g. with password management. We moved all of us onto the same password manager, that also includes the option to share passwords from a company account). It focuses on tools and technological measures, as well as on behaviour and work routines. And it looks at both laptop and mobile devices. I’ve created a ‘information hygiene ladder’ on those three dimensions, with a different level of information security at each rung, that we can strive for. The upper end, the “I’m being targeted by a three letter agency”, we’ll never address I’m sure. But there is a wealth of opportunities to improve our information security level before that extreme stage.

5 reactions on “Moved the Company to NextCloud

  1. Much of the work and thinking around improving my and my company’s overall information hygiene was triggered by conversations I had with Arjen Kamphuis, finally prompting me into action early 2014. He disappeared during vacationing in Norway in August 2018. Later this week an art exhibition about him will open, as well as a book launched bundling his key writings on a.o. information security. I hope to be able to pick the book up and visit the exhibit coming Friday.

    • yes, at https://www.zylstra.org/blog/2019/05/increasing-information-security/, the linked to discussion in the blogpost, you see a rough ladder of 9 levels of intensity, and then there’s a few dimensions for each of those levels (individual or org level, technical or behaviour, and laptop or mobile) It’s just a structure as thinking aid, there’s no academic rigour involved in defining the levels/distinctions. For our org, only the first 5 or so levels are of interest, with 6 and 7 relevant for just a few of us.

  2. Wednesday it was 18 years ago that I first posted in this space. The pace of writing has varied over the years, obviously intensively at the start, and in the past 3 years I have been blogging much more frequently again (with a correlated drop off in my Facebook activity to 0), more than at the start even.
    This year is of course different, with most of the people I know globally living much more hyper local lives due to pandemic lockdowns. This past year of blogging turned out more introspective as a consequence. In the past few years I took the anniversary of this blog to reflect on how to raise awareness for grasping your own agency and autonomy online, and reading last year‘s it’s so full of activity from our current perspective, organising events, going places. None of that was possible really this year. I returned home from the French Alps late February and since then haven’t seen much more than my work space at home, and the changing of the seasons in the park around the corner, punctuated only with a half dozen brief visits to Amsterdam and two or three to Utrecht in the past 8 months. A habit of travel has morphed into having the world expedited to our doorstep, in cardboard packaging in the back of delivery vans.
    Likewise my ongoing efforts and thinking concerning networked agency, distributed digital transformation and ethics as a practice has had a more inward looking character.
    Early in the year we completed the shift of my company’s internal systems to self-hosted Nextcloud and Rocket.chat. When the pandemic started we added our own Jitsi server for video conferencing, although in practice with larger groups we use Zoom mostly, next to the systems our clients rolled out (MS Teams mostly). Similarly I will soon have completed the move of the Dutch Creative Commons chapter, where I’m a board member, to Nextcloud as well. That way the tools we use align better with our stated mission and values.
    I spent considerable time renovating my PKM system, and the tools supporting it, with Obsidian the biggest change in tooling underneath that system since a decade or so. It means I am now finally getting away from using Evernote. Although I haven’t figured out yet what to do, if anything, with what I stored in Evernote in the 10 years I’ve been using it daily.
    This spring I left Facebook and Whatsapp completely (I’ve never used Instagram), not wanting to have anything to do anymore with the Facebook company. I departed from my original FB account 3 years ago, which led to me blogging much more again, but created a new account after a while to maintain a link to some. That new account slowly but steadily crept back into the ‘dull’ moments of the day, and when the pandemic increased the noise and hysterics levels aided by FB’s algorithmic amplification outrage machine, I decided enough was enough. A 2.5 year process! It more or less shows how high the, mostly misplaced, sense of cost of leaving can be. And it was also surprising how some take such a step as an act of personal rejection.
    I also see my Twitter usage reducing, in favour of interacting more on my personal Mastodon instance, through e-mail (yay for e-mail) and LinkedIn (where your interaction is tied to your professional reputation so much less of a ragefest). Even though I never dip into the actual Twitter stream, as I only check Twitter using Tweetdeck to keep track of specific topics, groups and interests. This summer I from close-up saw how the trolls came for a colleague that moved to a position in national media. Even if the trolling and vitriol was perhaps mild by e.g. US standards, it made me realise again how there was an ocean of toxic interaction just a single click away from where I usually am on Twitter.
    On the IndieWeb side of things, I of course did not get to organise new IndieWebCamps like last year in Amsterdam and Utrecht. I’ve thought about doing some online events, but my energy flowed elsewhere. I’ve looked more inwardly here as well. I’ve been bringing my presentation slides ‘home’, closing my Slideshare account, and removing my company from Scribd as well. This is a still ongoing process. The solution is now clear and functional, but moving over the few hundred documents is something that will take a bit of time. I don’t want to move over the bulk of 14 years of shared slide decks, but want to curate the collection down to those that are relevant still, and those that were published in my blog posts at the time.
    I am tinkering with a version of this site that isn’t ‘stream’ (blogposts in reverse chronological order), and isn’t predominantly ‘garden’ (wiki-style pseudo-static content), but a mix of it. I’ve been treating different types of content here differently for some time already. A lot never is shown on the front page. Some posts are never distributed through RSS, while some others are only distributed through RSS and unlisted on the site (my week notes for instance). Now I am working on removing what is so clearly a weblog interface from the front page. The content will still be there of course, the RSS feeds will keep feeding, all the URLs will keep working, but the front of this site I think should morph into something that is much more a mix of daily changes and highlighted fixtures. Reflecting my current spectrum of interests more broadly, and providing a sense of exploration, as well as the daily observations and occurrences.
    Making such a change to the site is also to introduce a bit of friction, of a need to spend time to be able to get to know the perspectives I share here if you newly arrive here. I think that there should be increased friction with increased social distance. You’ll know me better if you spend time here. The Twitter trolling example above is a case of unwanted assymmetry in my eyes: it’s incredibly easy for total strangers to lob emotion-grenades at someone, low cost for them, potentially high-impact for the receiver. Getting within ‘striking distance’ of someone should carry a cost and risk for the other party as well. A mutuality, to phrase it more constructively.
    Here’s to another year of blogging and such mutuality. My feed reader brings me daily input from so many of you, around the world, and I’m looking forward to many more distributed conversations based on that. Thank you for reading!

Comments are closed.

Mentions

Likes

Reposts