Millions of Users at Risk With Dropbox and Huddle

Millions of users, who place documents into the Dropbox storage servers or other cloud-based collaboration solutions such as Huddle each day, are potentially putting their data at risk, despite the belief that it will be safe and secure.

This is according to simplexo_cto_simon_bain Simon Bain, founder and CTO of Simplexo Ltd.

Despite findings from the Cloud Industry Forum, which have highlighted that data security is uppermost in the minds of 62% of businesses in the UK, corporate Britain is seeing a dramatic increase in the use of Dropbox and its competitors, such as Google Drive, Huddle, Box Net and Jungle Disk, thanks to the rise of employee adoption.

Simon Bain stated: "With the glare of security very firmly focused at Google and its new Terms and Conditions for the Google Drive, we should not forget that other players in this market also have similar T’s & C’s."

"Corporate users need to look more closely at how they are using these services, particularly syncing, which is a really important part of a Cloud storage offering – in other words having all of your files available from anywhere. But do users realise that in a lot of cases their files are physically downloaded to their devices? If you lose a device, or leave it unattended, all of your files are accessible to a third party," he continued.

In the rush to have documents available everywhere, corporate and data security has been marginalised, often for ease of use for the end user and simplicity of providing the service.

Google has proved over the last 10 years that user data really is king. Most of Google’s profits come from targeted advertising based on their users data – Location, Search Phrases, Blogs etc. – This is exactly the same business model that Facebook and others are trying to emulate. With Facebook it is based on the data that you place on to their social network. With Dropbox and the other Cloud storage providers, they are also looking to monetize the information that you place within their storage. As a corporate user you need to be careful that you do not break your own companies employment policies when you use these services, but also that you are not breaking state or national data protection legislation.

"As I have said ‘Data is King’ this is true also of your data for you. Sales records, quotations, bank statements. Do not give these away."

"I am obviously a believer in using the ‘Cloud’ as a way forward for both personal and corporate life. However there are certain guidelines that I think need to be adhered to before we all start throwing our hard disks away and placing everything in to the hands of others,"

"While security on the Cloud servers is very important overall, document security cannot be overlooked and I think suppliers do have responsibility for this. The likes of Dropbox need to be more open with their users and not hide behind T’s and C’s."

Some of the questions we need to be asking are:

Can somebody access our data?
Is your data only yours? Or does your agreement with your provider actually sign usage over to them. (Check as most providers do exactly this)?
Are the servers secure that my information is stored on?
Is my store separate from others? Or is there a large silo that everybody’s files get dumped in to?
What about the files? Are they encrypted?
If there is an on-line search capability? Is this secure or does it hold plain text in a database?
If a hacker gains access to the servers, can they see my files?
Are my login details and or user credentials held on the server?

Bain said: "Get positive answers to these questions before placing any documents into a store unless the data has no commercial value. Banks go to great lengths to make sure that we are secure during our on-line banking sessions. So why go and drop your bank statement in to an on-line box?"

Notes:

Dropbox T&C’s
How We Use Personal Information

Personal Information
In the course of using the Service, we may collect personal information that can be used to contact or identify you (Personal Information). Personal Information is or may be used:

to provide and improve our Service,
to administer your use of the Service,
to better understand your needs and interests,
to personalize and improve your experience, and
to provide or offer software updates and product announcements.

Service Providers, Business Partners and Others
We may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Service (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features). These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.

Third-Party Applications
We may share your information with a third party application with your consent, for example when you choose to access our Services through such an application. We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy acceptable to you.

Compliance with Laws and Law Enforcement Requests,
Protection of Dropbox’s Rights
We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to:

comply with a law, regulation or compulsory legal request;
protect the safety of any person from death or serious bodily injury;
prevent fraud or abuse of Dropbox or its users; or
to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

Huddle T&Cs

IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.

Also, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer when you browse our sites. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.

You may refuse to accept our cookie by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting, this may adversely affect your user experience of our site.

Third Party Partners Programme
When you visit our site, we place a cookie file on your hard drive of your computer so that our advertising partners are able to recognise you when you visit their websites. We do this so that our advertising partners are able to show you advertisements relating to our products and services when you visit their website.

Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of CRM services, marketing campaigns, support and hosting services on our behalf. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.