Aug 15, 2013

Cloud Based File Exchange, Secure Or Not ?

Cloud Based File Exchange, Secure Or Not ?

Did You Know?
Last year Dropbox one of the most popular file-sharing, Cloud-based services suffered a major security breach that allowed user’s user names and passwords to be stolen. This lead to thousands of it’s European customers being subjected to a spam attack which contained ads for gambling web sites.

In response to reports of this security breach Dropbox confirmed that a stolen employee password had led to a “project document” containing user email addresses being accessed. My immediate response to this news was matched by at least one user on their blog; “What was a staff member doing with user’s email addresses in such a way?”

This incident raises questions about the acceptability or otherwise of allowing Cloud-based services to store your files and personal data.

Cloud-Based Security
Security in the Cloud is no different to security in any form of software application, it should be built-in from day one not bolted-on as an after thought. I’m amazed at how often we see companies that offer online services of one kind or anotherbeing forced to add layers of security to their offering after suffering from such type of attack. Clearly they have no real deep understanding of what is required to implement a secure service. It seems to me that Dropbox are just one of those who need to re-think their security model from the bottom up. They don’t even seem to be sure about their solution to this embarrassing attack since one of their follow-up remedies was to provide a page allowing users to examine earlier log-ins to their account, sort of a; “you tell us if we still aren’t secure” option.

Securing the Cloud
Services that make use of the Cloud need to be very sure they have implemented at their very core robust security measures to avoid the type of embarrassment we have already spoken about here. Remember the Cloud is just another server it might be remote or it could be located within your network, but what makes it a Cloud server is it’s openness to the internet. By the very nature of it being a Cloud server anyone who knows it’s address can have access to it. However the authentication of the access granted at that point needs to be thorough.

For businesses to consider using such a service for sharing large files for instance they should be concerned at the very least about;

  • the ability to centrally control who they might want to make such shares with,
  • the ability to audit authorised access and unauthorised attempts to access the files,
  • the ability to revoke access to the files at a later date,
  • the product having some form of government certified assurance level.

In some circles this type of product is being referred to as managed file transfer technology MFT. Earlier this year Gartner estimated that 50% of midsize and large organisations will deploy products of this type by 2016.

Finding the Answer

If you are being tasked by your masters to find an answer to this little problem I can shine light on one possible solution. Yes I have used Dropbox and the like in the past. That was before I became enlightened. Robust, affordable security does not have to be difficult to use or require a major change in your business processes. Take a look at Egress Switch, it has all of the benefits I’ve discussed above and then some. You can add to the list; encrypted email and the ability to produce encrypted memory sticks, CD-ROMs even DVDs. I have found this a very useful product and with their mobile app and web interface you can even get access to secure mail and files on the move!

Subscribe Updates, Its FREE!


Post a Comment


Copyright @ 2013 EgyTricks.

Designed by Vikash | EgyTricks