Hacker News new | past | comments | ask | show | jobs | submit login

Hi, founder of Chartio here. Other than the title (which makes me a little sad) I liked your post. Its great to fully inform people of the security tradeoffs and you've done a nice job of laying out the levels and options of security that we've spent a lot of time developing.

In anything that is cloud based there is going to be some level where some hacker could get in and destroy everything. Most people on this site use cloud hosted servers, all of which would be at risk if Amazon or Rackspace got hacked. BI in the cloud is a new space and will be cautiously entered by some, but benefits will outweigh the potential risks and just as has happened in every other segment of cloud computing.

(will write more soon)

Let's go for less sad. I've changed the title a little to better reflect the intent of the post.

With regards to cloud - you're right, Amazon and Rackspace and so on are a single point of failure for a lot of businesses... but they also have a lot of people dedicated specifically to keeping their systems secure. The average startup, on the other hand, doesn't.

I'm curious, what was the reason you chose to highly Chartio out of all the companies in the cloud BI space? We actually feel that we have the best security practices in the space, mostly due to the fact that we're the only ones not doing data warehousing, where you're required to upload a copy of your database to the provider.

Luck of the draw, actually. Someone in an IRC channel I'm in mentioned it [in the context of "someone asked me to set this up, I told them heck no"], I glanced at the page, did a double-take.

It's debatable whether DWH is more or less secure than your approach - and it also depends heavily on how the DWH is done. Having to explicitly move data around also gives an opportunity to scrub it.

For the record, the proactive approach you're taking with your responses here is heartening. The goal of my posts is always, in the end, to push for something better, not just tear down what's there. Glad to see that you've an open mind towards improvements.

Thanks, I am a little less sad :)

Those guys for sure have a lot more manpower than we do (so far!) but I might also point out that security isn't totally about how many people you have working on a problem, but how simple you're able to make it. But - that's not me getting into a security argument...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact