Dropbox Cloud Storage Platform Hacked? Not So Fast
"The question for us is more; is this model secure enough for what you want to do with it?" Richards said. "In other words, can you trust sensitive corporate data to a service designed for consumers? Pictures of that trip to Amsterdam are very different than your draft earnings statements, sales forecasts, product roadmaps or financial spreadsheets." Best Practices So, what should enterprise users be doing to properly protect data in the cloud? Enterprises need to be able to protect sensitive or regulated information before it leaves the organization, CipherCloud's Leichter said. In his view, security models need to move beyond just securing Secure Sockets Layer (SSL) tunnels or relying on application vendor security promises to proactively preventing certain types of data from leaving the organization and/or encrypting sensitive data before it goes to the cloud. Wave Systems' Sprague recommends the use of independent encryption and independent provisioning of encryption keys.Not coincidentally, Wave Systems enables its customers to encrypt data uploaded to the cloud through a product called scrambls. Sprague explained that to hack the scrambls system, an attacker must have access to both systems. This provides protection from internal and external attacks at either Dropbox or scrambls. Fundamentally when it comes to putting data in the cloud, control is the key. "Don't put sensitive information in a cloud you don't own and don't control," ownCloud's Richards suggests. "In practice, the need for privacy/security has to be balanced with the need for access." The ability to integrate a cloud storage solution with existing security practices is also key to success. The ownCloud approach leverages an open-source project that can be installed on-premises or remotely, and integrated with existing IT policies and procedures. "When you configure ownCloud, you can choose your primary storage location, add secondary storage location(s), and make those as safe as your existing enterprise storage because you control it," Richards said. The ownCloud storage locations could include Amazon's S3 storage, Google or even Dropbox. In the final analysis when it comes to cloud-based storage, Dropbox or otherwise, it's important for enterprises to understand the risks and the limitations. "Like most cloud services, the assumption they should make is that the user is still responsible for security," NetIQ's Webb said. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
"This way, the content uploaded to Dropbox can't be read by the provider," Sprague said.