Two thirds of UK businesses considering Dropbox ban
A couple of months ago we asked whether it was time to drop consumer cloud company Dropbox, after Condoleezza Rice – notorious anti-privacy advocate – was appointed to the firm's Board of Directors.
More recently, whistle-blower Edward Snowden reminded the world that Dropbox was (is) indeed an NSA surveillance target, and urged organisations to take the appropriate security measures to protect their data against unauthorised snooping. During his 7 hour interview with the Guardian, Snowden made it clear that nothing is safe from prying eyes.
Most businesses, especially those who handle any kind of sensitive information, don't condone the use of consumer services like Dropbox in the workplace. But unless they have an official policy in place, it's nearly impossible to restrict internal use. Employees will always find ways to do their job as quickly as possible, and this will always cause conflict between the IT department and the rest of organisation.
Generally, people use services like Dropbox with good intentions. If an organisation can't meet a need internally, people will look elsewhere for an alternative that can. Dropbox allows employees and clients to share large files quickly via the internet; files they were previously unable to send due to restrictions on the internal network.
The problem is, once a file leaves your environment you lose control of it. You don't know how it's being stored or who has access to it. Sure, it may be encrypted, but who holds the key? The threat of sensitive information being leaked is huge - the recent NSA revelations have made us more aware of this than ever.
The risks companies are exposed to today are extensive, and evolving every day. The use of consumer cloud products exacerbates them further, and takes control outside of the company's walls. The security features of an application like Dropbox don't measure up to most business security standards, and certainly aren't compliant to certifications like ISO 27001 for information security.
In November, we asked over 400 IT professionals in the UK for their thoughts on cloud security. Two thirds (64%) admitted that they were considering, or already had in place, official company policies restricting employee use of consumer cloud services like Dropbox or iCloud. Nearly half (43%) told us they had reviewed their security practices following the PRISM scandals. We predict that the results of this year's survey will convey much the same feeling.
When using any cloud service, ensure that an adequate level of encryption is used. Most importantly, make sure that you are the only holder of the encryption key. That way, even if your provider is asked by the government to hand over your data, it would be absolutely useless to them without your key.
Although it is possible to lock down the use of certain services, practically, your best method of limiting their use is through good communication throughout the business. If your employees understand the risks their quick-fixes pose, and the possible consequences of their actions, they may think twice before acting carelessly.