Let’s take a look at the difference between the two
Originally created in 2011, Trello was one of the first project management platforms to gain widespread popularity. It’s often used as the default project management tool for small to medium sized teams and users love its rich ecosystem of templates, apps and power ups. In 2017 Atlassian acquired Trello for $425 million.
Founded in 2020, Portabella, Inc. is a privacy preserving, end-to-end encrypted platform for issue tracking, file sharing and kanban boards.
Portabella uses a well known public key infrastructure setup and combination of RSA and AES cryptography to encrypt your core data - meaning we never see your board names, card titles or descriptions, while leaving metadata unencrypted so we can maintain the user experience you’re used to. You can read more about what exactly we encrypt here. This means if an attacker or malicious employee was to gain access to our databases, no sensitive data would be leaked, we don’t have any way of decrypting your data, the private keys are stored in your browser.
Trello has an extensive security policy here, you’re free to read it and draw your own conclusions, but the following things stick out to us:
Encryption at rest
Encryption at rest refers to the fact that your data is encrypted when it’s in storage. This means that when you’re not accessing it your data is stored in some database, cache or file system and is encrypted. At first glance this seems similar to what Portabella offers but let’s dive in a little further. As soon as your data leaves storage, it is no longer encrypted, this means that it could be accidentally logged or viewed during debugging. You can also imagine a situation where an attacker has access to a Trello server and they’re able to dump the memory contents of said server. If you were using Trello at the time the attack happened, it’s possible this memory dump would reveal your data to the attacker.
Trello uses Transport Layer Security (TLS), which is an industry standard, to secure your data from their servers to your browser. As long as you’re using an up to date, modern browser, there are no issues with this.
Amazon managed encryption keys
In the previous section we outlined how Trello stores user data encrypted at rest, any kind of encryption assumes some kind of encryption key, so where do they store that? In Portabella, your keys are controlled by you, all data for a board is encrypted with a key that only you or your team members have access to. Contrast this with Trello, who opt for Amazon managed encryption keys. We’re not going to dive into the security of Amazon, who are extensively audited and have world class security, but you can see how the burden of trust now falls on to two parties, Trello and Amazon. Furthermore once a single encryption key is compromised, an attacker has access to the data of many, potentially all users. In Portabella, even if a users key was compromised, this would have no effect on your data or your organisations data, the encryption keys used are different.
One thing we wanted to mention while addressing Trello’s security policy is that they have a section for Data Portability. This is great, and something we love to see in any application. Trello offers a JSON format data download for individuals and JSON + CSV for business or enterprise users. This feature is key in breaking down the walled gardens that currently exist in the software industry, and better allows for customer choice. Theoretically there is no longer any lock in to Trello, as you can easily export your data to another platform that has the features you want.
We’ve found an extensive Trello feature list from comparecamp.com
|Yes||Detailed & Quick Overviews of Front/Back Cards||Yes|
|Yes||Easy, Drag-and-Drop Editing||Yes|
|Yes||Easy Organization with Labeling, Tags, and Comments||Yes|
|No||Progress Meter Checklist||Yes|
|No||Card Records Archive||Yes|
|No||Easy Upload (Local Devices, Dropbox, Google Drive, and Box)||Yes|
|Yes||Deadline Alerts and Notifications||Yes|
|Yes||Automated Email Notifications||Yes|
|Yes||Individual/Group Task Assignment||Yes|
|Yes||SSL Data Encryption||Yes|
Portabella has a very simple pricing scheme, free for personal and small team (up to three people) use, $9.99/month per user for teams larger than three.
Trello has a similar pricing model here, with the main difference being discounts applied for enterprise use.
In conclusion, you’ll be best off using the right tool for the job. Currently Portabella is aimed at smaller team usage, as we don’t currently have any large clients. If you’re interested in running Portabella with more than one hundred users please reach out to [email protected] and we can set up a call to fine tune things on our end.
We’re also a new player in the industry, so we can’t compete with other platform like Trello in terms of integrations and wider ecosystem tie in. However, in the short time we’ve existed we’ve reached a reasonable base feature parity for an issue tracker, and we’re in heavy development mode to pump out more. Trello is also definitely a big inspiration to Portabella, and we wouldn’t exist without it.