Upgrade StorageSecurity questions
Hi,
I work as a librarian for a health organisation and we currently use EndNote as a database to store and organise our documents and research. The problem with this is that I have the master library and I need to copy it onto USB regularly to distribute to other sites. With online syncing it looks as though Zotero would solve that problem and everyone would be able to access the shared database from their various locations.
However. I'd like to know about security as obviously we're handling some sensitive information. How secure is Zotero compared with EndNote? Do you know of any other organisations (particularly Health) using Zotero as a database rather than bibliographic software? Is this something that Zotero would be suited for, or is EndNote a better option at this point?
I work as a librarian for a health organisation and we currently use EndNote as a database to store and organise our documents and research. The problem with this is that I have the master library and I need to copy it onto USB regularly to distribute to other sites. With online syncing it looks as though Zotero would solve that problem and everyone would be able to access the shared database from their various locations.
However. I'd like to know about security as obviously we're handling some sensitive information. How secure is Zotero compared with EndNote? Do you know of any other organisations (particularly Health) using Zotero as a database rather than bibliographic software? Is this something that Zotero would be suited for, or is EndNote a better option at this point?
Zotero by itself stores data locally, so that's as safe as your computer setup. I'm assuming you refer to using Zotero for sync, though.
I know a lot of medical researchers do use Zotero and a lot of medical and nursing schools promote it, so it's certainly suited for that.
(here's e.g. Kansas U Med: http://guides.library.kumc.edu/content.php?pid=417245&sid=3410390
and Northwestern Med: https://galter.northwestern.edu/guides-and-tutorials/zotero there are many others)
but for individual labs and organizations, it really depends on the level of security you need:
Zotero does exclusively use secure connections (SSL) for any login and data transmission (actually, for anything on the Zotero webpage). No one will be able to read any data that you send to or receive from the Zotero servers.
However, the data is not encrypted on the Zotero servers, so in the (highly unlikely) even that they got hacked, it could be accessible to hackers. To give you a sense, that's similar to the level of security that gmail or other high-quality e-mail services provide.* If you wouldn't be able to send stuff over a gmail account, you probably shouldn't sync it with Zotero. If e-mail is fine, so is Zotero.
If you're outside of the US, it may matter that data is stored on US servers and as such subject to the patriot act. I know both Canadian and European data privacy folks often see this as an obstacle. If you're in the US yourself, that's not relevant since you fall under the same rules.
* Though Zotero has much stricter privacy guarantees, since its business model isn't built on selling your data.
But, yes, to use syncing you would have to be comfortable with your data being stored on external servers.
I know several hospital libraries that encourage the use of Zotero.
https://files.zotero.net/11350724611/pdf.pdf
I have double checked my privacy setting, and I am sure I have not check the "Publish entire library".
So in this case, by brute force attack and try different ID and file name, all the files on the Zotero server is open to the public......
I hope this is not true ...
(Please don't post the same message multiple times in different places. It is very confusing.)