Nextcloud is a leading free, open source, web based office application, offering document sharing, contacts, calendar and much more. Webarchitects provides managed Nextcloud virtual servers.
Get your organisation onto the co-operative cloud — why trust the hosting of your office documents to a remote US-based corporation?
There is no limit to the number of user accounts or groups that you can add to your Nextcloud server. So, for example, if you run an organisation with a small number of core staff and a large number of volunteers then a Nextcloud server could work out cheaper than using corporate services such as G Suite from Google or Office 365 from Microsoft as they charge per user account.
Webarchitects provide secure, private, managed Nextcloud, GDPR compliant virtual servers with HTTPS certificates, running in our data centre in Sheffield powered by green energy, and also support with desktop and mobile client configuration.
We provision Nextcloud servers using our public Ansible playbook which also installs a TURN server which enables the use of Nextcloud Talk when end points are using NAT (most networks are these days). This provides private, peer-to-peer voice and video calls between users on desktops, laptops and phones.
We can optionally (given enough disk space and RAM) also install the Collabora Online app and the Collabora Online Development Edition Docker container, on the same server. This allows the simultaneous editing of documents by multiple users using the WYSIWYG web based document editor.
Using your own, private, Nextcloud server, as opposed to Office 365 from Microsoft or G Suite (Google Docs etc.), might be the best option for organisations which need to comply with the General Data Protection Regulation (GDPR), to quote from the Nextcloud blog:
Using a free Public Cloud is certainly the worst idea you could have: do you have a clear proof that your customers consented to have their driving license uploaded on Google servers in the USA, with all the privacy and security concerns it implies? All US-based companies currently worry about GDPR, since they cannot ensure the “adequate level of protection” (General Data Protection Regulation, article 45).
Being GDPR-compliant starts with one requirement: knowing which data you have, where they are stored, and who has access to these data.
Nextcloud offers a full audit trail with audit logs including:
- user session (login, logout, user agent)
- file handling (download, upload, modify, (un)delete, tag, comment, restore old version)
- user management (creating/deleting/changing user, setting a password)
- sharing (creating, deleting, changing permissions, updating a password, setting an expiration date
To ensure various levels of legal compliance, personal data must be stored in certain countries only.
Ensuring security of personal data is one of the most important requirements of GDPR: companies must evaluate their risks and mitigate them. Main requirements include:
- encryption of data at rest, in transit and on the cloud. Your company alone must have the key. That already blocks most server-side encryption solutions and public clouds from usage: if you don’t encrypt the data first before sending it off, using Amazon S3, Google, Microsoft or other cloud services is very risky, especially in their free versions.
- ability to retrieve personal data in case of accidental or non-accidental problems, from malicious attacks to ransomware issues. 2017 was the year of ransomware but there is no reason to assume the problem is solved in 2018.
- the software used to manage data must be trustworthy. That is, verified, approved, certified or at least transparent enough (like open source).
For more details see the Guide to the General Data Protection Regulation (GDPR) from the Information Commissioner's Office.
All the disks that host our Sheffield based virtual servers are encrypted, plus the disks that they are backed up to (we keep 30 days' worth of snapshots of the disks of our virtual servers). In addition, for clients that require it, we can optionally use LUKS to encrypt the data partitions of your disks. Clients can then replace passphrases provided by us, and use their own passphrases so that we are not able to decrypt the disks. If this is done, then clients need to decrypt their disks with each reboot via the Xen shell.