I feel for the folks at DropBox. I really do. They have built a fantastic service over the last years. It’s simple. It’s clean. It’s easy to use. It provides great value.
With this one service, I can keep data in sync across the many devices that have come into my life over the last 10 years: my laptop from work, my iPhone, iPad, home PC’s and even my wife’s Mac. I can even access this data from the browser on my kid’s Playstation. I can share work stuff with co-workers without waiting for someone to set up a share for me.
But there’s the rub. Work stuff. Yes, I CAN share work stuff with others or even use DropBox or many of its competitors as a virtual briefcase for taking work home. But SHOULD I?
Unfortunately, the answer currently is without a doubt – NO!
Why? Because many services like DropBox do not keep your data secure in a way that only you can view it. How can I be so sure? Well in the case of DropBox, they recently clarified just this in a privacy policy update where they noted that they remove encryption from data when they hand over data to law enforcement. The fact that DropBox can remove encryption means your data is not private to just you.
And that’s why I feel for folks at DropBox. They set out to do a great thing for the world and did it. But security is very hard and encryption among the hardest of security disciplines to get right. When you then try to make that security suit the needs of enterprises (remember the work stuff we talked about?) it’s a whole different story entirely.
What is needed is an enterprise encryption technology that supports DropBox and its many competitors. Such a solution would work with DropBox to support all the great capabilities they will continue to innovate while giving enterprises the ability to control the protection, audit the use and report compliance on their data in cloud services. Fundamental to these capabilities for enterprises is the ability for key management and encryption to stay in the enterprise itself. I’m looking forward to seeing solutions to this problem in the near future.
In the meantime, does that mean that of the millions of customers of DropBox, SugarSync, Box.net, Soonr and all the rest, no one is using work stuff (i.e. enterprise data) with those services? Not a chance! In fact, they are doing it at an alarming pace. And that is all the more reason for urgency in solving this problem – soon!
No comments:
Post a Comment