Security Deficits at Dropbox, Mozy & Co.
According to Fraunhofer Institute for Secure Information Technology
This is a Press Release edited by StorageNewsletter.com on May 17, 2012 at 2:53 pmThe security of cloud storage services is often inadequate. This is the result of a study by the Fraunhofer Institute for Secure Information Technology in Germany, which tested various providers.
Conclusion: none of the tested providers were able to fulfill all of the security requirements, and some of them were even lacking proper encryption. In addition to technical shortcomings, the testers also found weaknesses in relation to user guidance. And the latter could result in confidential data being found with the help of search engines.
"Some of the services may be suitable for private users", explained Michael Waidner, director of the Institute. "However, with regard to sensitive corporate data, users should think carefully about whether the security measures really are sufficient."
In addition to the market leader Dropbox, Fraunhofer SIT also checked the security of six other cloud storage service providers, including CloudMe, CrashPlan, Mozy, TeamDrive, Ubuntu One and the Swiss provider Wuala.
The testers focused in particular on data encryption and the securing of communication. Every provider displayed security deficits, and what’s more, none of the services were able to fulfill all basic security requirements. For example, some of the providers do not use any of the established secure protocols for securing data transmissions within the cloud. Negative points were also assigned if, for example, data was moved to the cloud without being encrypted before.
"Dropbox and some others only encrypt the data once it is in the cloud", said Waidner. "The providers therefore receive the data as clear text, and the users must simply trust the provider to ensure that their confidential data remains confidential."
With some of the service providers, the users mistakenly believed that their sensitive information could only be accessed by a small group of people, whereas in reality it could be viewed by anyone, without anybody even noticing this. File sharing can be critical, even when the data is encrypted.
According to Waidner, "there are still no convincing encryption solutions for groups, that operate on untrusted storage. And cloud storage services can be considered as an instance of untrusted storage."
Fraunhofer SIT informed the providers about the results prior to publication of the study.