Comments on: Dropbox Security Issues–IT has itself to Blame

By: Keeping Safe In The Cloud | WikiCloud

Keeping Safe In The Cloud | WikiCloud — Mon, 03 Sep 2012 09:49:36 +0000

[...] which reported a breach of its systems that could have compromised users passwords. As I said in a post reflecting on the Dropbox issue: “…amazing functionality doesn’t mean that the product is [...]

By: Dropbox Security Issues–IT has itself to Blame | WikiCloud

Dropbox Security Issues–IT has itself to Blame | WikiCloud — Mon, 27 Aug 2012 09:52:54 +0000

[...] (Cross-posted @ The Diversity Blog – SaaS, Cloud & Business Strategy) [...]

By: 123 Tax

123 Tax — Sat, 11 Aug 2012 20:27:31 +0000

Any corporate worries could be avoided by locking down profiles. It is shocking how often the basics aren’t covered!

By: The Official Rackspace Blog - Keeping Safe In The Cloud

The Official Rackspace Blog - Keeping Safe In The Cloud — Tue, 07 Aug 2012 20:32:12 +0000

By: Roy

Roy — Wed, 01 Aug 2012 08:30:55 +0000

No there aren’t. There are lots of “Dropbox-like” services that advertise encryption, but dig a bit deeper and you’ll find it is only encryption of the files in transit. Similarly, most allow data to be moved to any mobile device without restriction.

A corporate dropbox requires:
1. Data at rest encryption, with the key controlled by the data owner
2. Data in transit encryption
3. Strong authentication
4. Controls over which end-devices can be used.
5. End-device encryption
6. Control over the sharing of data
7. Remote data wipe.
8. (For European companies) Adherence to data protection regulations
9. SAS70/ISO standards certifying compliance with security controls

By: Ben Kepes

Ben Kepes — Wed, 01 Aug 2012 00:05:02 +0000

Jon – fair comment. I guess my perception comes from having dealt with all of those companies and seeing the degree of seriousness with which they look at their businesses. There is no functional issue I can point to that increases risk, it’s a gut feeling based on spending time with all of these players and watching them develop over the past few years.

By: Jonathan Brewer

Jonathan Brewer — Tue, 31 Jul 2012 23:15:47 +0000

Hi Ben,

I see two issues here:

1.) Sync files to the laptop of an employee who leaves the company, and they go with him – but how is this different from the same employee connecting a USB drive and doing the same?

2.) A potential spam issue which at this point is just FUD.

I still don’t see how or why Syncplicity, Microsoft SkyDrive, SugarSync etc. are any different or better than DropBox. How about a benefit/risk matrix?

By: Ben Kepes

Ben Kepes — Tue, 31 Jul 2012 21:15:41 +0000

Multiple encryption, remote wipe… yeah, there are solutions IMHO

By: Rocio Ramos

Rocio Ramos — Tue, 31 Jul 2012 21:14:25 +0000

I, and my coworkers, have always used dropbox as more of a leisure cloud app than business. We have never stored any important business or personal documents in our dropbox accounts. Nothing to do with the company really, just our own personal reasons. But security issues likes these do raise a flag.

By: Patrick Pushor

Patrick Pushor — Tue, 31 Jul 2012 19:44:14 +0000

Do they really though? No doubt on paper they have the features to satisfy the C** , but in reality there are very few services (not products) that will be effective in eliminating employees walking off with important information.