Posts

Dropbox a Crystal Ball of Cloud Computing Pros & Cons

, ,

Dropbox is a brilliant cloud based service (i.e., your data stored on someone else’s server) that automatically backs up your files and simultaneously keep the most current version on all of your computing devices (Mac and Windows, laptops, workstations, servers, tablets and smartphones). It is highly efficient for giving you access to everything from everywhere while maintaining an off-site backup copy of every version of every document.

And like anything with that much power, there are risks. Using this type of syncing and backup service without understanding the risks and rewards is like driving a Ducati motorcycle without peering into the crystal ball of accidents that take the lives of bikers every year. If you are going to ride the machine, know your limits.

This week, Dropbox appears to have altered their user agreement (without any notice to its users), making it a FAR LESS SECURE SERVICE. Initially, their privacy policy stated:

… all files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. (Quoted from PCWorl)

Currently, the privacy policy says that Dropbox can access and view your encrypted data, and it might do so to share information with law enforcement. Why is that important? Because it means that the encryption keys that keep your files private are actually stored on Dropbox’s server, not on your own computer. This puts the keys to your data (and every other Dropbox user) in the hands not only of Dropbox employees and law enforcement, but vulnerable to hackers. When the encryption key is located on your computer, at least the risk is spread over Dropbox’s user’s network.

But there is an even bigger issue that this exposes about the world of cloud computing in general: anytime your data lives on a device that you don’t own, you lose a certain amount of control over what happens to it. Here is just a sampling of factors that can affect the privacy and confidentiality of your cloud-stored data:

  • The cloud service provider changes their Terms of Service (like Dropbox just did) to cover their legal bases, making your data less secure without your even being alerted. This happens almost every week with Facebook, which changes privacy terms constantly. When you log back into your account, you are automatically agreeing to the new Terms of Service (and probably not reading the tens of pages of legal jargon).
  • The provider is bought out by a new company (possibly one overseas) or has its assets liquidated (the most valuable assets are generally information), that has different standards for data security and sharing. You, by default, are now covered by those standards.
  • The security of your data is weak in the first place. Security costs money, and many smaller cloud providers haven’t invested enough in protecting that data, leaving the door wide open for savvy hackers. SalesForce.com might be well protected, but is the free backup service or contact manager that you use?
  • Your data exists in a more public domain than when it is stored on internal, private servers, meaning that it is subject to subpoena without your being notified! In other words, the government and law enforcement has access to it and you will never know they were snooping around. This isn’t a concern for most small businesses, but it is still a cautionary note.

So does this mean we should all shut down our Dropbox, Carbonite, iBackup accounts? No. Does this mean that corporations should not implement the highly scalable, dramatically efficient solutions provided by the cloud? No. It means that both individuals and businesses must educate themselves on the up and down sides of this shift in computing. They can  begin the process by realizing that:

  1. Not all data is created equal and that some types of sensitive data should never be placed in someone else’s control. This is exactly why there are data classification systems (I subscribe to those used by the military and spy agencies: Public, Internal, Confidential and Top Secret).
  2. Not all cloud providers are created equal and you must understand the privacy policy, terms of service and track record of each one individually (just like you would choose a car with a better crash-test rating for your family).
  3. Anything of immense power comes with costs, and those costs must be calculated into the relative ROI of the equation. In other words, the answer here, like most complex things in life, exists in the gray area, not in a black or white, one-size-fits all generalization.

John Sileo writes and speaks on Information Leadership, including identity theft prevention, data breach, social media risk and online reputation. His clients include the Department of Defense, Homeland Security, the Federal Reserve Bank, FDIC, FTC and hundreds of corporations of all sizes. Learn more about his motivational data security events.

Identity Theft Training

,

John Sileo knows identity theft and data breach first hand – he became “America’s Leading Identity Theft Speaker and Expert” after losing his business and more than $300,000 to these costly crimes. He has provided these Identity Theft Resources to help you protect your organization from suffering from the losses that result from unprotected private information. Visit John’s Identity Theft Prevention Store to learn more.

Hire John to train your employees to prevent identity theft, data breach and corporate espionage

Safe data is profitable data, whether it’s a client’s credit card number, a patient’s medical file, an employee’s benefit plan or sensitive intellectual capital. By the time John finishes his hilarious closing story, your audience will be fully empowered to protect private information, at home and at work.

John’s Most Requested Identity Theft Training Presentations (Keynote Topics)

Think Like a Spy
Information Survival Skills

The biggest threat to our identities (and to valuable corporate data) is our lack of a Privacy Reflex. Few of us have ever been trained to respond appropriately when someone requests our sensitive information. Think of how easily you give your information away on the Internet when someone promises you a free gift. This presentation will give your audience the fundamental building blocks to proactively protect valuable information assets. The result is a safer individual with strategic privacy skills that protect your organization’s bottom line.

To bridge the gap between personal protection and professional privacy, Think Like a Spy can be paired with one or more of the profit-focused supplementary presentations below.

Bulletproof Your Business Against Breach
Extinguishing Privacy Hotspots

Once we understand how to protect our personal identities, we have the tools and motivation to begin protecting valuable corporate data. Identity theft and corporate data loss are a huge financial cost and legal liability to corporations and organizations. It is imperative in our information economy that we train our workforce on how to protect those information assets, whether they are digital, physical or intellectual.

7 Sins of Social Networking
Controlling Information Over-Exposure

Every parent and young adult should be aware of the fact that college-age students are at the highest risk of identity theft and general abuse of private information. Just like most young adults were taught Stranger Danger in school, they should also be taught how to protect their increasingly-threatened identities. This program is appropriate for both parents and young adults, but is geared to instill a Privacy Reflex in the younger generation.

Your Financial Institution as Hero
Protecting Customers Against Identity Theft

No one is in a better position to educate individuals about identity theft prevention than financial institutions. Not only do they have the “financial ear” of their clients, but they have a responsibility to protect their customers and members from this highly financial crime. This speech applies to banks, credit unions, insurance companies, brokers, financial planners, accountants, etc.

Organizations that proactively educate their team members about identity theft protection drastically reduce their chances of a costly data breach. Your audience will experience first-hand what data theft feels like, and the resulting costs of poor privacy practices. John gets the audience up on their feet, laughing and learning. Increased awareness inside of your organization translates into an immediate return on your speaking investment.

Getting What You Want
Weapons of Maniuplation and Tools of Influence

Now, more than ever, knowledge is power – once you can identify the tools of persuasion being used against you, your vulnerability drops radically. The benefits are immediate, whether you are buying a used car, evaluating a potential date, hiring a new employee or discipling your teenager. In this speech, discoverhow to avoid manipulation so you can positively control the outcomes in your life.

John’s satisfied clients include the Department of Defense, the FDIC, Pfizer and the Federal Trade Commission. For more information on John or his training, call us at 303.777.3221 or send us an email.