@Midasx @jared Thanks for the input. I really appreciate it and I completely understand your points. These are topics that we have discussed at great length internally, as well.
odrive was actually born from an enterprise storage product with the entire range of enterprise-level features: on-prem storage with encryption at rest, client encryption at rest, AD/LDAP auth, auditing, multi-level ACLs, device whitelisting, remote-wipe, etc. An IT dream. As you guys probably know, though, there is always a tradeoff. Striking that balance between usability and security is tricky. You can have the most secure system in the world, but nobody will use it.
With odrive, we have started with a very user-accessible system for storage access and sharing. We have taken great pains to reduce the amount of information we need to have/store while still offering the full-range of capabilities that users expect, across an ever-expanding storage landscape. The information that is stored is treated with the utmost respect and security.
Now, I could talk until I’m blue in the face (or type until my fingers are reduced to nubs ) about our security measures, our encryption, SOC compliance, our philosophy, our devotion to our users, our commitment to security and privacy, etc…, but it really comes down to trust coupled with your own specific business requirements for security and access.
This all being said, we have an eye towards additional security capabilities, some of which were mentioned in the post that @jared linked to above. Our zero-knowledge encryption add-on is another example of this.
As you can probably tell, I like engaging in these type of discussions. It is one of the primary ways that we can make our product better and gain better insight into our diverse user base. Please feel free to continue sharing your thoughts.