Friday, August 8, 2014

Basic Security for Personal Cloud Storage

Avoid using Personal Cloud Storage for confidential/sensitive data

Dropbox and other file-storage and sharing applications like it are incredibly helpful to business travelers. Not having to lug along a laptop or risk misplacing a thumb drive certainly add to the enjoyment of time away from the office.

However, these applications do come with some risks. This is especially true when users generate links to share information with others. Several basic flaws within Box and Dropbox specifically allow the shared documents to be viewed by third parties.

It comes down to this: Many people do not take basic security steps, even when communicating highly sensitive information. Worse, they may even mix their personal communications and information with confidential workplace data.

For its part, Dropbox disabled all access to public links and created a patch to keep shared links from becoming public. However, this is the third security breach for Dropbox in as many years, so diligence on the site and others like it has to be considered among users.

When considering a file-sharing service site, follow these rules of thumb:

  1. Use a strong password.
  2. Encrypt files in storage ("files at rest").
  3. Encrypt files sent to and obtained from the site ("files in motion").
  4. Look for a third-party security and privacy audit or some other validation that the site truly is secure.
  5. Do an online search to see if the service has been breached in the past year or two.
  6. Make sure that you can completely remove all files from the site when you stop using it.

No comments: