keeping Spreadsheets within the office 5

[Qshake]

All -

It's apparent that we all use spreadsheets in our everyday work. Some of us work in very competitive markets so let me ask how others keep spreadsheets within the workplace?

Do you have a method?
No method, just trust?
Leave it to the overall general policy about intellectual theft?
Passwords? Are they enough?

thanks in advance for your thoughts.

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

 

[dik]

I do all my programming at home, including spreadsheets and don't use any of the firm's resources for them... so there's little question about ownership. I use them at the office and let others use them for whatever and when I leave, I leave the programs... but still am the owner of them.

Dik

 

[ACtrafficengr]

Dik, if you do the programming on company time, they have a stake in the programs. If you decided to copyright and sell, you'd have to list them as at least part-owner of the copyright.

"...students of traffic are beginning to realize the false economy of mechanically controlled traffic, and hand work by trained officers will again prevail." - Wm. Phelps Eno, ca. 1928

"I'm searching for the questions, so my answers will make sense." - Stephen Brust

 

[handleman]

Excel passwords can be hacked. Just do a search for "office password recovery". If I recall correctly there are lots of programs available for $20-$50 to retrieve passwords out of Office documents.

 

[dik]

That's why I do the spreadsheets at home and only use them for design at the office. No programming at the office.

Dik

 

[Qshake]

Posters - Lets not steer to far from the OP please.

Thanks,

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

 

[bltseattle]

As noted above there are no really good ways to protect worksheets. My workplace uses policy + trust.

IMO the right strategy to use depends on how much is invested in a particular worksheet tool. It is also like home security, if someone really wants in they can find a way but you want to make it so difficult that they will likely find an easier target.

That said, I've used passwords anytime it makes sense. I realize that someone can crack or workaround, but it eliminates blatant reuse or unauthorized access by anyone less than a programmer type who is willing to research/work-around the password.

Another strategy is to structure worksheets so that critical information to use them is needed from office staff/documents. For example, spreadsheet inputs labeled generically as "dimension 1" or "cost category A" require additional definitions to effectively use the spreadsheet. Less user friendly = less attractive to steal

I've always thought a Mission Impossible expiration function - "this file will self destruct after x days" - would be nice to have for sensitive documents.... who cares about a password if the file is wiped

 

[jmw]

Ah Qshake, you had me going for a moment there and I was about to blast our hosts for losing my last posts (or worse, they'd been red flagged for some reason) and then I discovered I had wandered into the Engineering Ethics forum.... 5-6 years a member and you double posted!


JMW

http://www.ViscoAnalyser.com

 

[dik]

Sorry QShake... I'll try not to do this again...

I often protect the sheet without using a password and freeing up the cells to be edited. Less likely that someone will accidentally mess with the sheet.

I don't mind if anyone uses the sheet...

Dik

 

[Qshake]

JMW -

I was on the fence as to putting this into the ethics but the spreadsheet was a no brainer as they say.

I apologize for the inconvenience but am definitely grateful for the increase in opinions.

Thanks,

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

 

[IRstuff]

I don't really understand what you mean by "keep." What exactly are you trying to protect?

If I want to present results, then I simply PDF the spreadsheet.

If I want to pass a spreadsheet on to someone else, then it depends on the relationship. Coworkers get the spreadsheet as is. Customers may get the spreadsheet wrapped with a VBA UI that hides the spreadsheet.

TTFN

 

[Qshake]

IRstuff -

I work for one of many consulting engineering firms and have over the years developed spreadsheets to do just about everything so as to be more efficient. So have my colleagues. Many years ago, spreadsheets were evaluated for single applications and all structurals in the company used them. Every now and then we see the same spreadsheets being used by our competitors.

What I would like to know is the best way to keep those spreadsheets in house and not with our competitors.

I am only interested in replies that are specific to the software or passwords or IT policies. In other words I don't wish to hear the trivial solutions; that the best way to keep software from walking out the door is to keep the developer from walking out the door.

TIA

Regards,
Qshake

Eng-Tips Forums:Real Solutions for Real Problems Really Quick.

 

[IFRs]

Use all server side applications and workstations without floppy or CDRW. Disallow XLS attachments to email and I think you almost have it.

 

[chapp333]

You could then glue everyone's USB ports, rendering them inoperable.

Robert

 

[GregLocock]

IFRS in which case the badman would zip the file, with a password, rename it as a .txt and then zip it again. Then email it.





Cheers

Greg Locock

Please see FAQ731-376 for tips on how to make the best use of Eng-Tips.

 

[prost]

It would seem impossible to stop the most determined thieves.

In the case in which a significant percentage of a spreadsheet's programming has been constructed offline, not charged to any contract in a person's free time, who owns it?

 

[cowski]

If, on my own time I use software I own to write an application (whether screensaver or tool to make my job easier) I would certainly argue that I own it. Of course I would have to double check all the paperwork I signed with my employer as there may be some fine print that says otherwise.

Now back to the original question: if the spreadsheet is business critical I would password protect it even if it is deemed inconvenient and easily hacked. Reason being if it ever went to court you could argue that the offender had to deliberately get around the protection to use the software. It would obviously not be something that they just wandered upon and thought was public domain. Whether such an argument would stand up in court I don't know (I'm not a lawyer) but looking at the example of CSS encryption on DVD's, I'd say it stands a chance.

 

[yakpol]

Qshake,
As it was said, the passwords are worthless if somebody really wants your spreadsheet. From time to time I get email solicitations to purchase for $30 the most expensive structural software around... Anyways, a few suggestions:
1. Place an "FBI warning" about unauthorized use of teh spreadsheet in the front page. It will make official business to think twice before including it into design.
2. Place a special file in the network that spreadsheet will read and verify at the startup. If file is not found or not the right one the VBA code will close the file. Offcourse, it's not a bulletproof solution since person with sufficient VBA knowledge will be able to disable this method.

Just some ideas...

 

[Denial]

I have been told, but have not been able to confirm, that passwords protecting VBA code are harder to crack than passwords protecting worksheets. If this is actually true, it suggests that putting some of your key algorithms in VBA rather than in standard cell formulae might make it your intellectual property a bit harder for a thief to extract.

However even if that is correct it does not prevent your thief from USING the stolen spreadsheet even if (s)he cannot see how it works.

For this second problem, I have used approaches along the following lines.

(1) Get some core part of your spreadsheet to execute in VBA rather than in spreadsheet formulae, as recommended above. Call this the core VBA.
(2) Make the execution of this core VBA conditional upon some other VBA-based operation, in such a way that the default condition is for the core VBA to not run. Call this the qualifying VBA.
(3) Set things up so that the qualifying VBA is automatically run when the spreadsheet is first opened.
(4) Embellish the core VBA so that it will print out an appropriate message if it is run without the qualifying VBA having been satisfactorily run, and will then set some key answers to #NA() or something similar. Resist the temptation to have it give wrong-but-feasible answers, as this might land you at the wrong end of the legal system.
(5) Password-protect both the VBA and the spreadsheet.

The simplest form for getting a pass/fail message from the qualifying VBA to the core VBA is to use a global public integer variable. The qualifying VBA sets this variable to a positive value if the test(s) are passed, or to zero if the test(s) are failed. Since variables are implicitly initialised to zero in VBA, the default condition is "fail" as required. The core VBA then merely has to examine this variable to decide whether to run correctly.

What sort of qualifying tests can the qualifying VBA perform? If you want to impose expiry dates on the spreadsheet, it can examine the system date. If you want to restrict execution to certain computers, it can examine the computer's MAC address. If you want to restrict execution to computers attached to the company's network, it can look for a file on some particular network server. If you want to restrict to certain network users, there are probably appropriate environment variables set by your network login processes, or you can have Registry entries set. And so on.

Any method that restricts execution to nominated MAC addresses or nominated users requires that a list be maintained somewhere. For small, relatively static, lists, this can be in the VBA code itself. For longer or more dynamic lists, it would need to be in some network file.

A couple of other comments. Whatever you implement you should ensure that you do not tell people what you have done: the method relies in part on your thief not knowing what needs to be cracked. Also, it is not a bad idea to put some sort of expiry date on software even if you are using MAC addresses as your principal test: firstly a thief who half-cracks your system will hit a later disappointment; secondly your valid users will eventually be forced to ask for refreshed versions, thereby enabling you to ensure they all upgrade to your new improved version.

None of this is perfect. But you can use it to give your thief a run for his/her money.

Did it work in my case? I'll never know.

 

[IFRs]

My agreements with my previous employers all included joint ownership of all intellectual property developed while in their employ on their time in their office on their hardware with their software. Anything I did at home was either mine unless I chose to share it in which case specific agreements were drafted.