Cloud Storage Providers Like DropBox Face Uneasy Questions
It's been a rough few days for cloud backup provider DropBox, with a potential hack (which they deny) and a high-profile characterization of their product as unfit for businesses (to which they have yet to respond). These incidents bring up a broader question for midsize businesses, specifically regarding the safety of cloud computing and what trade-offs businesses should be willing to make when it comes to ease-of-use in the cloud.
Beginning last week, DropBox users in Europe began to receive spam directed at the email addresses associated with their DropBox accounts. Several users reported that the targeted accounts were only used for DropBox, suggesting that the company had been hacked, or at least had some kind of security breach.
Complicating the matter was the fact that while the spam emails went to several different countries, as noted in a ZD Net article, they arrived in each user's native language, suggesting a significant level of coordination.
In response to the episode, DropBox hired outside experts to check their systems to see if there had been a security breach. The company released the results of that investigation on Friday, finding that there had been no intrusion in their internal systems and no unauthorized activity in their users' accounts. DropBox said that they will continue to work with the affected users to try and get to the bottom of the problem.
To make matters worse, the company then suffered a snub at the hands of Marco Arment, one of the co-founders of Tumblr, who suggested that he would not store anything that he did not want made public with DropBox. As detailed in this IT Pro article, the crux of his argument is that in order for the company to be able to offer collaborative services, it has to be able to decrypt the information on its servers, meaning a rogue employee could decrypt information and make it public.
It's a rare occurrence to be sure, and one without precedence for DropBox, but an episode like that could play out. Just the possibility of a breach like that is enough to make many IT managers look toward internal storage solutions instead of expanding into the cloud.
Cloud Computing and the Mid-Market
The questions surrounding DropBox security are the same ones that have plagued cloud storage providers since their inception. Basically, it takes a leap of faith to store information with a third party. When that third party uses lax security protocols, how can any competent IT manager to trust them?
It's not that online storage doesn't have some significant advantages, especially for cash-strapped IT departments in mid-market businesses. The automatic backup and retrieval of files not only helps with security, but can also make collaboration easier across the office, or even across the country. Having the data stored off-site also makes it nearly impossible to lose something due to a physical disaster at the data center.
Even with all those benefits, cloud storage security still causes many IT managers to pause, and not without reason. However, the classic data center is slowly disintegrating, with specialized online services providing better services than what one would expect out of an average mid-market data center, and for a better price.
IT managers need to be ready to take advantage of these services as they become available and take a good, hard look at their data to really decide just how "top secret" it all needs to be. Most of what they find will be perfectly safe in an online, collaborative environment, as it won't ruin the company in the event of a breach. For that data which is top secret, continue handling it onsite, and use a highly encrypted, co-located online storage provider to protect the data in case of a physical event in the data center.
Yes, a solution like that will lose some of the collaborative possibilities of online backup, but if the data is far too sensitive to trust in a relatively open cloud, that's a price worth paying to ensure it still gets backed up.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.