Saturday, 2 July 2011

Cloud Storage and Security

Very disappointed to read about the latest DropBox security issue.  Disappointed in two quite distinct ways: first because their account of this issue suggests a somewhat careless attitude to both security and regression testing, and second, the fact that the first I heard of this was when I read this Register piece. Not good enough. The world is scrutinizing cloud applications quite closely and I fear DB hasn't been paying attention.

Leaving aside the insecure nature of the DropBox service itself and it's apparently relaxed attitude to regression testing, there is the issue of service management and customer relations. As many others have pointed out, directly informing all users, as soon as reasonably possible, is a pre-requisite for establishing trust. Just compare DB's behaviour with that of LastPass. As soon as LastPass detected a possible breach, they immediately informed their users and took sensible action. Impressive, and reassuring.

I've been a SpiderOak user for a while, but until now I hadn't considered using their Sync feature, as I've been using DB instead. This incident has been just the trigger necessary to make me move my stuff out of DB and into SpiderOak, and I will be trying their Sync service now. By the way, I have no affiliation with SpiderOak whatsoever. I use their service principally for these reasons:

  1. Zero-knowledge privacy 
  2. Their attitude to engineering
  3. Their prices. (Better than DB)

Another comparison article can be found here.

Superficially, DropBox is a lovely product but as you start to rely more on cloud storage you begin to think of all the ways your content might be compromised or misused and SpiderOak's robust, credible approach completely trumps any pretty UI.

No comments:

Post a Comment