Cloud collaboration and content management: the great myth over security
Millions of users, who place documents into the Dropbox storage servers or other Cloud based collaboration solutions such as Huddle each day, are potentially putting their data at risk, despite the belief that it will be safe and secure. This is according to Simon Bain, CTO of Simplexo.
Despite findings from the Cloud Industry Forum, which have highlighted that data security is uppermost in the minds of 62 per cent of businesses in the UK, corporate Britain is seeing a dramatic increase in the use of Dropbox and its competitors, such as Google Drive, Huddle, Box Net and Jungle Disk, thanks to the rise of employee adoption.
Simon Bain stated: “With the glare of security very firmly focused at Google and its new Terms and Conditions for the Google Drive, we should not forget that other players in this market also have similar T’s & C’s.”
“Corporate users need to look more closely at how they are using these services, particularly syncing, which is a really important part of a Cloud storage offering – in other words having all of your files available from anywhere. But do users realize that in a lot of cases their files are physically downloaded to their devices? If you lose a device, or leave it unattended, all of your files are accessible to a third party,” he continued.
In the rush to have documents available everywhere, corporate and data security has been marginalized, often for ease of use for the end user and simplicity of providing the service.
Google has proved over the last 10 years that user data really is king. Most of Google’s profits come from targeted advertising based on their users data – Location, Search Phrases, Blogs etc. – This is exactly the same business model that Facebook and others are trying to emulate. With Facebook it is based on the data that you place on to their social network. With Dropbox and the other Cloud storage providers, they are also looking to monetize the information that you place within their storage. As a corporate user you need to be careful that you do not break your own companies employment policies when you use these services, but also that you are not breaking state or national data protection legislation. As I have said ‘Data is King’ this is true also of your data for you. Sales records, quotations, bank statements. Do not give these away.”
“I am obviously a believer in using the ‘Cloud’ as a way forward for both personal and corporate life. However there are certain guidelines that I think need to be adhered to before we all start throwing our hard disks away and placing everything in to the hands of others,”
“While security on the Cloud servers is very important overall, document security cannot be overlooked and I think suppliers do have responsibility for this. The likes of Dropbox need to be more open with their users and not hide behind T’s and C’s.”
Some of the questions we need to be asking are:
- Can somebody access our data?
- Is your data only yours? Or does your agreement with your provider actually sign usage over to them. (Check as most providers do exactly this)?
- Are the servers secure that my information is stored on?
- Is my store separate from others? Or is there a large silo that everybody’s files get dumped in to?
- What about the files? Are they encrypted?
- If there is an on-line search capability? Is this secure or does it hold plain text in a database?
- If a hacker gains access to the servers, can they see my files?
- Are my login details and or user credentials held on the server?
Bain said: “Get positive answers to these questions before placing any documents into a store unless the data has no commercial value. Banks go to great lengths to make sure that we are secure during our on-line banking sessions. So why go and drop your bank statement in to an on-line box?”
How We Use Personal Information
Personal Information. In the course of using the Service, we may collect personal information that can be used to contact or identify you (“Personal Information”). Personal Information is or may be used: (i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to better understand your needs and interests, (iv) to personalize and improve your experience, and (v) to provide or offer software updates and product announcements.
Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Also, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer when you browse our sites. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalized service.
You may refuse to accept our cookie by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, this may adversely affect your user experience of our site.
Third Party Partners Program
When you visit our site, we place a cookie file on your hard drive of your computer so that our advertising partners are able to recognise you when you visit their websites. We do this so that our advertising partners are able to show you advertisements relating to our products and services when you visit their website.
Where we store your personal data
About Simplexo Ltd
Simplexo Ltd is focused on delivering a new experience in federated search, and is founded on a solid history in electronic document management and retrieval. Today, Simplexo technology is delivering value to individuals and organisations in many industry sectors, including financial services, healthcare and local government.