[VexorLoophole]

My main problem with things like Asana is: How should i suggest such a thing for my company, when we will share super duper secret company stuff in there. There is simply no way to do this. Would love to see a nice and polished Team based software like asana, which doesnt feel 'unsafe' for company use.

[nulagrithom]

Well, first, you should consider whether this is actually a problem. I've had coworkers worry about this sort of thing with Travis CI, Coveralls, CodeClimate, etc, the fear being that "they'll have our code and can steal it!!" Took some time to convince them that nobody working at Travis CI gives a shit about our spaghetti code (let alone making it run with no docs!)

If you've taken a hard look at your secret squirrel company stuff and you've decided that 1) these ideas truly are trade secrets worth stealing and 2) they need to be documented in detail inside the product, then yeah, you might want to look at some kind of self-hosted option.

I suspect however that 90% of these concerns are simple hubris, much akin to "sign this NDA before we talk about my startup idea."

[freehunter]

Or we might have client data (even just client names) that we're not allowed to talk about.

If my clients knew I was telling everyone that they run my software, I'd be sunk. And probably sued.

[fbender]

Some of us just don't have a choice due to laws or export regulations.

[krisdol]

So you mean a self-hosted solution? What is inherently unsafe about it?

[myowncrapulence]

Hosting trade secrets on a cloud-based service, where any Asana employees can monitor your activity, where Chinese hackers (yes, that fear-mongering term actually applies here) can get to your trade data, pre-copyrighted/patented ideas, etc etc is a terrible idea.

If they sold the software maybe you could host it on-site, but having this on centralized servers with many other companies is incredibly risky and generates a huge target.

[sulam]

What makes you think you're going to be able to secure your snowflake instance of Asana in a heterogenous environment better than they can where the costs of getting it wrong are the death of the company?

[nine_k]

Obscurity?

An effort to break into a large cloud company storing thousands of interesting accounts has a bigger payout. Attempts to attack such a service will be made more often and with more sophistication than attacks on a smaller company only having one set of potentially interesting secrets.

If your company really values its corporate info so much, it likely already has policies and expertise to secure its own servers. If not, maybe a cloud instance is safer.

[myowncrapulence]

Exactly, I even addressed this in my argument. People react and comment before digesting fully.

[mnutt]

I don't know if Sandstorm.io has an app like Asana specifically, but they have a pretty good Trello-like app and I think it fits the criteria pretty well for mostly painless self-hosting.

[shliachtx]

That's why Microsoft has Planner (and Teams [Slack]), because companies are more likely to trust them and already have an account with them.