Dropbox security
A backlash against Dropbox shows just how little people understand security.
It seems that some people actually fell for Dropbox’s early assertions that files stored on the system might be more secure than those on your hard disk (ignoring the fact that these files are actually stored in both locations). No-one, but no-one, has access to your files, claimed the company.
Later, Dropbox realised that it’s subject to the same laws as any other US organisation and was obliged to change its terms of service to admit that it would have to co-operate with US law enforcement. Indeed, the forces of law and order have acquired a new forensic tool specifically for examining Dropbox accounts - Dropbox Reader.
This evidently provoked fury among some users who feel they were duped. There were threats of defections.
The image of Dropbox as a safe haven hasn’t been helped, either, by its recent screw-up in which accounts were left unprotected for a few hours, no password required.
But here’s the thing: Dropbox is a cloud service. Why would you imagine the cloud is automatically secure?
Yes, I know, people are not properly informed about this stuff and can only make decisions based on what they’re told. So Dropbox should carry a good portion of the blame for this. But there’s also an element of common sense here.
I don’t care what promises a cloud supplier makes, I work by a simple rule: if the data is the slightest bit sensitive, it gets encrypted before it hits the net. And I don’t just mean I use SSL for the connection. Any sensitive files we store on Dropbox are either encrypted individually or stored inside a PGP-encrypted virtual disk.
That means employing data classification of some kind, but for us that’s not nearly as complicated as it seems. It’s a simple question with a yes/no answer: could this file be of use to someone with malicious intentions? If the answer’s ‘yes’, into the encrypted drive it goes. No data of the slightest value leaves our home network without being encrypted first. And our threshold for what’s considered sensitive is very low.
So here’s a handy motto: Encryption - don’t leave home without it.
