Posts are now surfacing about a potential hack at Dropbox. A post yesterday from Tech Crunch explains that Dropbox has now brought in outside experts to investigate. From a PR standpoint, I think that’s a great move actually as I find so many other companies try and hide details and go dark when any hint of negative news hits. If there is a breach, they have hired people outside the company to investigate, smart. And to be fair, so far there’s been no evidence of anyone’s data being taken, just potentially their email address, which is still troublesome.
So full disclosure on my part, I have a Dropbox account and I have been pleased with their service and the ease of use. I have not received any spam emails related to any breach that I’m aware of yet so I’m hoping my account information is still secure. However, one of the things I always ask myself, because I admit to being probably more paranoid than the average joe (or Jamie), is this: “If someone were to access this file without my consent, what is the worst case scenario?” If it’s a picture of my cat, or the awesome grill marks on the steak I seared to perfection last night, then hey, no worries. BUT, if there’s even a small question of concern around the data (such as its actually private data that belongs to my employer whose funds I require in order to feed the aforementioned cat and purchase that steak), than I don’t take the chance in putting any sort of file like that up there.
So here’s what I’d say to users out there who are using Dropbox (or any similar services like Box.net etc.) to store work related data that they would not want anyone to see, what would your CIO say if you asked them if that was acceptable? If you think your CIO would have concerns over any corporate data being outside their control and security, then don’t put it there.
And to any CIOs or IT professionals, the question of whether or not your end-users are putting data out there shouldn’t be the one you are asking now, as let’s face it, they are. The question should be why they are doing this? Do you have a process in place where your employees can request additional secure storage, how easy is it, how long does it take? Do you have a SharePoint site for employees to use to collaborate, do they know about it and how do they get access? If any of your current processes take longer than downloading and setting up a free account with Dropbox, you might want to look into some new methods to secure your unstructured data and make it easier for your end users. And something to keep in mind, whatever internal solution you decide on, one thing you should do regardless is put some oversight into it with routine checks to see who has access and what sort of data they can access to avoid becoming the next headline.