The WebPal Wire

Get our latest updates as we bring you new insight on how cloud computing is already changing in its infancy. Security, content and business process are just a few categories within of wide range of topics covered in our blog

6 Reasons Why You Should Be Using Cloud-Based Document Management

25-02-2015 Rachel

Document management in the cloud means storing your files in a remote data center, for access at any time from your desktop, smartphone or tablet. One of the key advantages to this approach is the ability to edit documents online regardless of your location or device. This function can also be extended to co-workers, clients, partners or suppliers. The benefits to individuals and organizations are many, which makes online document editing a priority when choosing a document management service. Here’s why:


1. COLLABORATION - By having individuals or groups working on centrally located files, whether they are in the same office or located all over the world, productivity and collaboration will increase as a result. No time is wasted searching for the latest version of the file to track what changes have been made and no email attachments are required to ensure everyone has the latest copy. Work is done is real time and the results are immediate.

2. ANYTIME, ANYWHERE ACCESS – There has been a radical change in how people work today. Users want access to their files 24/7 whether they are in the office, in a coffee shop, at home or on business travel using their computer, smartphone or tablet. When employees are given the flexibility of where and how they work, they are happier, absenteeism decreases and productivity increases due to reduced commuting time. Storing your documents in the cloud can help you realize these productivity benefits.

3. SECURITY – Cloud-based document management offers the optimum protection of your corporate or personal information. Your documents are safe and secure in redundant and fault tolerant data centers designed for protection and business continuity. Your files are always available whenever you need them and no document is ever lost on someone’s hard drive or memory stick. Having your data stored in country is necessary if you want to maintain control over regulated data and documents.

4. FILE PERMISSIONS – Not everyone needs access to your document folders or files. Ideally, you can set file and folder permissions by user to restrict what information they can access or download, for how long and whether they can add content to share with others. Providing a one time “guest access” to folders or files is beneficial when you only need to occasionally share information with individuals. Your document management service should provide you with this added layer of security.

5. COST – For those organizations who manage their documents internally, the purchase of file servers and software including the cost to maintain them continue to increase while I.T. budgets are shrinking. Renting a document management service in the cloud can address this problem. It can be setup in minimal time and users can be added or removed in minutes. User training and adoption is typically easier and less time consuming resulting in additional cost savings. With I.T. budgets in decline, moving this service to a monthly operational expense is the right choice for many organizations.

6. BACK UP & RECOVERY – Many files on individual workstations and laptops need back up. Users want a central access point to recover files they accidentally deleted on their workstation. This is critical for mobile users who don’t have access to company back up servers. By using a centralized (cloud) document management service, user files are backed up and centrally accessible. With the use of an endpoint sync agent, the syncing of documents between the user and the cloud is triggered by file changes keeping your content up to date. You can back up your files while enjoying all the benefits of cloud sync and share.


About WebPal Cloud Server

WebPal Cloud Server is a business solution by Palomino Inc. for secure, private, and powerful web content management, document storage and online collaboration.  Accessed by over 300,000 users worldwide, WebPal powers collaboration portals for enterprises and small business clients alike. With a fast, slick and intuitive interface, WebPal is easier to adopt than most enterprise file sharing solutions.  WebPal version 3.2 will be released in March 2015 and will feature online editing of word processing and spreadsheet documents.


Visit WebPal to register for a free 15-day trial of WebPal Cloud Server. Test drive its powerful capabilities and discover how it can help you bring order to your content and impress your customers with amazing web portals and applications.

How we dealt with a GHOST

10-02-2015 Rachel

Every once in a while, security vulnerabilities are discovered on the most secure platforms, and when that happens, the IT community worldwide becomes abuzz with information, warnings, and security advice within hours. This is the time when vulnerabilities – small cracks in the thick mantle of security software protecting the integrity of a cloud server – are called zero-day vulnerabilities, indicating the time period in which the crack has been found, but a fix is still pending.

Luckily, this fix is usually available very fast. Most zero-day vulnerabilities have a patch available by the time the general excitement starts. Patches generally are full, definite fixes of the problem, they close the “crack” and prevent any future exploitation.

Acting fast is important

The recent GHOST and Heartbleed vulnerabilities were an example of this. The problem is, once a risk has been disclosed to the general public, so will explanations on how to exploit it. Within a very short time, tools are available for download that can easily be morphed into automatic hack-bots, scanning the Internet for unpatched servers.

Thus, the real exposure is in these hours right after the announcement. During this time, system administrators, hosting providers, devops and client service managers need to work together to patch systems as quickly as possible.

How the WebPal Cloud is protected

Of course, as with many providers, our team has a standard procedure for these cases. When GHOST was discovered, we followed our standard risk mitigation checklist:

  1. Are we affected at all?
    Check whether in fact WebPal Servers were affected and if so, which ones. In the case of Heartbleed for example, our strategy of late adoption of OS version paid off and we were not affected at all.
  2. Is a patch available and applied?
    WebPal Servers automatically update nightly with latest security patches provided by our OS distributors. Nonetheless, we make sure that the latest patch (if available) is applied to all servers, in all data centres. If a patch is not available yet, we weigh the benefits of disabling affected software on the servers. 
  3. Has any data been compromised already?
    All attacks leave traces. Depending on the vulnerability, there are patterns in network traffic, process history and server behavior that would let us ascertain whether a server has already been attacked or, worse, compromised. A thorough scan is performed to ensure that this is not the case.
  4. Downtime required and when?
    Some security patches are to subsystems so widely used in a cloud server such that a full reboot is recommended to ensure that no un-patched code is still running on the server. GHOST was an example of this. As system restarts are very disruptive, we generally schedule these as rolling overnight reboots.
  5. Have actions been communicated?
    At all times, we communicate with our clients over our blog, twitter and email alerts to disclose risks and notify of any anticipated downtimes.

We don’t cry wolf

We appreciate that WebPal clients generally are business-level users and care not so much about the technical details of the vulnerability, but for the disruptions the fix causes, versus the potential risk of complacency.  WebPal clients rely on us to fend off serious threats, but forcing unnecessary reboots for every security update (there are dozens a month) would merely be a method of offloading risk management onto them and thus not provide any added value. Our advantage is that we know the business use of WebPal Cloud Servers very well, and with this knowledge, can make risk mitigation decisions that are in line with our client’s needs.



Introducing Cloud-A as WebPal Partner

05-02-2015 Rachel

February 5, 2015, Toronto, ON / Halifax, NS Palomino Inc. of Toronto, ON and Cloud-A of Halifax, NS, announce today their partnership in delivering a cloud-based
 content management solution to Palomino clients and Cloud-A partners. The solution combines Cloud-A public cloud infrastructure offering with Palomino’s WebPal Cloud Server software to provide clients with a unique cloud application that offers flexible document and content management for mid-size and enterprise business clients.

“We are very excited about this channel partnership”, says Markus Latzel, CEO of Palomino Inc. “We believe that WebPal’s ability to reside in various cloud environments is a unique differentiator to anonymous public cloud offerings currently on the market, and Cloud-A is a great choice specifically for Web Developers that want to make use of our platform.”

WebPal is fully accessible on mobile devices and connects with more than 30 popular apps on iOS, Android, and Blackberry platforms. The SaaS solution handles many document types with plugins to view, convert, edit, share and publish material. Offering a plug-in mechanism for the popular Laravel framework, WebPal Servers can be customized for specific applications.

“We are thrilled that WebPal will be part of our public cloud infrastructure offerings”, says Brandon Kolybaba, CEO of Cloud-A. “As a Canadian-based provider like us, WebPal is an ideal fit into our infrastructure and offers Cloud-A clients the option to manage their data on home soil with a secure, enterprise-level CMS platform.” Cloud-A customers and partners can find the WebPal Cloud Server option on the Cloud-A web site.


About WebPal Cloud Server

WebPal is owned by Toronto-based Palomino Inc., a software and web solutions provider known for world class development and maintenance of complex online collaboration systems and user-centric applications. Palomino’s approach to web-based productivity is centered on latest desktop and mobile web-client technologies. WebPal enjoys a diverse SMB and enterprise client base with applications in document management, online business work flows, web portals and content management. For more information about this announcement and Palomino Inc., contact Markus Latzel at 1-866-360-0360. To learn more about the WebPal Cloud Server, visit


Cloud-A is the leading provider of public cloud Infrastructure based in Canada. Their products automate & simplify the installation and management of the hardware and software that provides the infrastructure for large scale environments having hundreds or thousands of servers supporting high performance compute applications. For more information visit

WebPal Partners with GoodSync

11-12-2014 Rachel

You may recall our post on how to sync files with WebPal using the popular GoodSync software.  Today, we are happy to announce that Palomino has partnered with Siber Systems to offer GoodSync at a discounted rate to all existing and new WebPal Cloud Server users.

If you are constantly forgetting to back up your data, GoodSync File Sync software is the solution for you. GoodSync ensures folders that are located on more than one device contain identical and the most up to date data. When you update, add or delete data, the synchronization will update the same files in the other location. GoodSync uses an algorithm that offers true bi-directional synchronization.

For a tutorial of how to sync your files on a Mac using GoodSync and keep them in sync at all times, have a look at the following Folder Sync with WebPal Cloud Server video.



To get started, download the software for Windows or Mac and contact us at or 1-866-360-0360 to receive your activation code today.


About Palomino Inc.

Palomino Inc. ( is a software solutions provider offering web-based productivity applications, centered on latest web-client and mobile technologies. Palomino’s WebPal Cloud Server 3 ( is a powerful, adaptable cloud content management solution to a diverse SMB and enterprise client base with applications in online document management, web portal content management, and file storage. WebPal has has been adopted by over 300,000 users in different verticals such as healthcare, public sectors, financial services and associations. Palomino offers WebPal Cloud Server via multiple channel partners and solution providers across the globe.

About Siber Systems

Siber Systems ( is a privately-held company, incorporated in 1995 in the Commonwealth of Virginia, with offices in Germany, Japan, and Russia. Siber Systems was originally founded to turn scientific findings in the area of text parsing, compilation and transformation into useful commercial technologies. Siber Systems latest product is GoodSync, an easy and reliable file synchronization program we released in 2006. GoodSync already enjoys numerous favorable reviews from both users and the press.

Announcing the Addition of Stage2Data as a WebPal Partner

03-11-2014 Rachel

Toronto, ON, November 3, 2014


Palomino is pleased to announce the addition of Stage2Data to our company’s growing list of WebPal Service Providers.

As Canada’s Premier Cloud Solution Provider, Stage2Data offers Cloud Backup, Cloud Hosting and Cloud RDR. With the addition of WebPal’s Cloud Server, Stage2Data now offers a business solution for secure, powerful web content management, document storage and online collaboration.
According to Jeff Collier, CEO of Stage2Data, “WebPal and Stage2Data is an exciting partnership that will offer current and future clients the ability to manage their website content regardless of technical knowledge.” In choosing WebPal as a partner, Collier stated that one of the key benefits was easy adoption. During his announcement, Collier stated, “With WebPal, adoption is fast and the interface is intuitive so client satisfaction will be extremely high.”

Stage2Data is an Affinity Partner with insurance associations across Canada and now with the addition of WebPal’s online underwriting portals for the insurance industry, the Cloud offers easy to implement, affordable and efficient online business automation and maximum data security. “We are very happy to add Stage2Data as a WebPal service provider” says Markus Latzel, CEO Palomino Inc. “S2D’s solid background in data management and hosting and disaster recovery solutions not only complements WebPal but adds additional security to our secure cloud solution for medium-sized businesses. Additionally, their data centre in Hamilton is a practical failover location to our existing WebPal clients.”



About Palomino Inc.

Palomino Inc. ( is a software solutions provider offering web-based productivity applications, centered on latest web-client and mobile technologies. Palomino’s WebPal Cloud Server 3 ( is a powerful, adaptable cloud content management solution to a diverse SMB and enterprise client base with applications in online document management, web portal content management, and file storage. WebPal has has been adopted by over 300,000 users in different verticals such as healthcare, public sectors, financial services and associations. Palomino offers WebPal Cloud Server via multiple channel partners and solution providers across the globe.

About Stage2Data

Stage2Data ( is Canada’s Premier Cloud Solution Provider and has a proven track record for providing clients with exceptional 24/7 North American based support. Stage2Data offers Cloud Backup, Cloud Hosting, Cloud RDR and holds the distinction of being awarded a Top Cloud Solution Provider medal at the 2014 CDN Channel Elite Award Gala.

WebPal Cloud Servers are safe from Shellshock Bash Bug

25-09-2014 Rachel

There was a lot of talk today about the Shellshock Bash bug, discovered yesterday. Of course, once such a vulnerability is known to the general public, web servers worldwide may become vulnerable since from this point on, hackers will try their luck on as many machines as possible.

We confirm that all WebPal Cloud Servers were patched with the necessary security upgrades once these patches became available and that at this point, applications in the WebPal Cloud are safe from exploitation of this vulnerability.

To learn more about this bug and how we are protecting WebPal Cloud Servers from vulnerabilities like this one, contact us anytime at or call at 1-866-360-0360.

More about the Shellshock Bash Bug

The vulnerability affects a popular software called Bash, short for Bourne Again Shell, which is a command line shell and is present in Unix operating systems that many systems such as Linux and Mac OS X are built off of. In short, the bug may allow attackers to take control of these operating systems and execute code remotely.

Although the vulnerability is being compared to the Heart Bleed Open SSL bug and has given the highest rating on the Common Vulnerability Scoring System (CVSS), security experts are saying it may be harder to exploit. According to Rapid7 Security, “in order to exploit this flaw, an attacker would need the ability to send a malicious environment variable to a program interacting with the network and this program would have to be implemented in Bash, or spawn a sub-command using Bash.”

What this means is that even if Linux-based web servers are affected by the vulnerability, a combination of poorly coded web application code (which does not verify user parameters passed to system calls) and unfortunate choice of BASH as the command for system-level functions.

Why Responsive Web Design Matters

06-08-2014 Rachel

Before the creation of smartphones and tablets, web designers and programmers were only required to create the same page on a desktop or laptop computer. Now more than ever, digital content is being viewed on multiple types of devices, and mobile technologies are are changing the way people use the web. In fact, mobile web browsing is so massive that eMarketer estimated that 73.4% of internet users in 2013 accessed the web from a mobile device and predicts this amount to rise to 79.1% this year.  As a result, responsive web design is now a crucial approach when designing your website.


Responsive web design is the approach of designing and coding a website to ensure it can be reformatted to any device it is being viewed on. This means that when viewing a website from an iPhone, Android, wearable (Google Glass or smartwatch), or any size computer monitor, tablet or smart TV, all elements will adjust to the appropriate size and appropriate navigation settings (for example a cursor will convert to a touchscreen), ensuring an optimal and easy user experience.  A poorly designed mobile website could be catastrophic for small-medium sized businesses who are looking to increase their online mobile traffic. In fact, ease of access is so important to users that a study done by Exact Target stated that 83% of mobile and tablet users said a seamless experience across all devices is important to them.


Rather than creating an entirely new mobile website, utilizing responsive design means you will only have to design and support one site. Responsive web design will not only provide consistency and familiarity to users, but it is also very cost-effective and efficient. Google prefers one site URL when using the search engine for traffic function, and you could be reprimanded if a separate mobile site is being used.


WebPal Cloud Server can make use of any existing responsive web design templates. Below is a list of all of the different media formats and sizes currently in use.

Responsive website design for each device type









Mobile viewing is becoming the default way of viewing websites, and the number of devices is only going to increase. Responsive web design will ensure a smooth user experience over all devices, and ultimately lead to more web traffic, and a better web presence overall.


For more information on how we build responsive design sites contact us at or 416-964-7333.

Turn up the Heat at HostingCon 2014

11-06-2014 Rachel

It is that time of year again – HostingCon 2014 is upon us. From June 16-18th at the Miami Beach Convention Center in Miami, Florida, HostingCon is the ‘must attend’ conference for web hosting and cloud providers. Industry professionals will have a chance to attend educational sessions, networking events, and scope out the latest products and services throughout the massive exhibit hall. Palomino Inc. will be exhibiting WebPal Cloud Server at booth #236, and this year marks the 10th Anniversary so we are certain it will be a good one!


Networking is one of the highlights for attendees and exhibitors at HostingCon. We have been taking advantage of the HostingCon Connect Tool to connect with attendees prior to the show. Be sure to check your inbox in case we have reached out to you. In addition to the meetings throughout the show, we will be making sure to check out all of the post-show events. Starting the week off with the Phoenix NAP bar crawl on Sunday, and of course the 10th Anniversary Bash at Loews Miami Beach for food, drinks, entertainment, and prizes on Monday, and then the Exhibit hall happy hour on Tuesday, June 17th. For additional networking event details check out HostingCon’s web site.


Educational panels and speakers are a great way to gain new insights, trends and opportunities which can ultimately give you and your clients a competitive advantage. Here are a few of the sessions we’re looking forward to:

  • The Future of Cloud Services – Monday June 16th, 9:00am
  • The Hosting and Cloud CEO Panel – Monday, June 16th, 3:15pm
  • The Post Snowden World One Year Later: What Has Changed? – Tuesday, June 17th, 11:00am
  • Keynote: Innovative Service: Strategies for Creating Growth and Bottom Line Impact – Sponsored by Limestone Networks – Monday, June 16th, 4:15pm

The full schedule can be viewed here.


There’s still time to register if you haven’t already and use our coupon code: Palomino2014 to save. Be sure to check back for our recap following June 18th!

How you are affected by the new Canadian Anti-Spam Legislation

23-04-2014 Markus

The new Canadian Anti-Spam Law (CASL) is coming into effect July 1. There is time to comply – until Jan 2015 to be exact. It does not hurt to go through an internal checklist at this time, and we recommend some housekeeping to ensure that enforcement will not cacth you blindsided.

If your organization is like most businesses, you are not offering installed software or are in the business of transmitting data. Thus, the only relevant section of CASL are related commercial electronic messages (CEMs).

Generally, CEMs are now subject to opt-in regulation, I.e. the recipient should expect the email/text message/chat and consent to receiving it. Such consent can be given expressed and implied. Current practices of person-to-person email are typical business communication and should be monitored to ensure that they fall under the exceptions for the rule. Compliance preparedness involves spending some time to do basic housekeeping:

1. Catalog your current practices of communication to identify exceptions (there are many): 

  • Implied Consent (existing business or non-business relationship, or public contact info)
  • Quote or estimate as requested (RFP, etc)
  • Subscription or membership
  • Employment-related emails
  • Product/Service Information

2. For the non-excepted CEMs (newsletters, broadcasts, etc), ensure that:

  1. Unsolicited CEM are only sent to opted-in recipients (consent)
  2. Any email database you already have and are using for CEM should be checked that you have consent for each entry. You have time to get consent, but should follow CASL-approved wording on requests for consent.
  3. Express consent gathering follows a proper process, keeping the evidence of consent on file.
  4. CEMs have CASL-compliant content in them. This includes:
    1. disclosure (why you are contacting recipient)
    2. opt-out (= unsubscribe) link.

To summarize, what an enforcement auditor would look for is that the right processes and data management systems are in place in your organization. Having proper data management, a solid customer relationship management (CRM), and Content Management System (CMS) in place are important tools and systems that any auditor would look for.

Addition May 5, 2014:

A great comprehensive Power Point has been posted by David Fraser on this topic.

WebPal Cloud Servers not affected by OpenSLL Heart Beat Vulnerability

08-04-2014 Markus

We are following the developments around the recently discovered vulnerability with the OpenSSL Heart Beat (“Heartbleed”) algorithm, which may affect web sites run on Linux servers and using SSL encryption for secure data transfer.

WebPal Cloud Server falls into that category, but we are happy to report that the vulnerability is limited to a set of versions (OpenSSL version 1.0.1a-f to be exact) which are not in use on Webpal Cloud Servers.

At Palomino, we follow a principle of “late adopting” when it comes to underlying infrastructure for our cloud applications. This policy shields us (and our clients) from being exposed to vulnerabilities discovered in newly-released software versions.

Linux, Apache, OpenSSL, PHP, Java and XSLT are part of our infrastructure stack that we heavily rely on. While it is tempting to use latest releases with newest features, we prefer to keep security our highest priority and stay “behind the pack” on infrastructure.

Rest assured that our own software development is leading edge.