Tom Olzak

Should you run away from Dropbox?

In Access Controls, Cloud Computing, Computers and Internet, Data Security, Piracy Legislation, Privacy, Risk Management, Security Management on June 21, 2011 at 15:26

For a long time, I’ve recommended Dropbox to colleagues, friends, and family.  However, recent revelations and events made me look for a more secure and less risky solution.

First we learn that any employee at Dropbox has access to our data. According to the Dropbox site,

Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that’s the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.

The problem I had with this was the lack of communication to customers that this was the case.  Many of us understood that NOBODY could access our data.  Well, no problem.  I simply used TrueCrypt to encrypt sensitive data.  This was inconvenient and caused some performance issues.

As regular listener of Security Now, I decided to try the highly recommended Carbonite.  Not only does it back up all my data, but all my Office files and PDFs are available via my iPad and iPhone.  In addition, nobody can access my files but me…  Finally, the cost is pretty low: $59 per year for unlimited storage.

After testing Carbonite, I wasn’t yet ready to drop Dropbox.  However, today I read that they left all files available to the public for four hours yesterday.  (sigh).  I guess it was too much to expect a great cloud file respository to actually be secure, too.

%d bloggers like this: