Dropbox Cloud Storage Platform Hacked? Not So Fast
Is cloud-based storage from Dropbox a secure option for enterprises? And what should enterprises be thinking about in order to securely store data in the cloud anyway?Dropbox is a widely used cloud-based storage platform that is now the target of security researcher scrutiny, as user data privacy is being called into question. A pair of researchers at the USENIX security conference in August released a white paper in which they describe methods for attacking Dropbox and obtaining user data. While the merit of the actual research is debatable, it raises questions about what enterprises should be doing to protect the integrity and security of data in the cloud. While Dropbox is aware of the research, it isn't treating it as a security risk that demands immediate attention. A Dropbox spokesperson noted in an email to eWEEK that Dropbox appreciates the contributions of security researchers and everyone who helps keep Dropbox safe. That said, Dropbox does not currently hold the view that the research presented at the USENIX conference presents a vulnerability in the Dropbox client. "In the case outlined there, the user's computer would first need to have been compromised in such a way that it would leave the entire computer, not just the user's Dropbox, open to attacks across the board," the spokesperson said. Although Dropbox is not raising the alarm bells about cloud storage security, others are. Willy Leichter, senior director at CipherCloud, told eWEEK that the problems with the cloud storage security model go beyond the bugs found in Dropbox's authentication method.
"Cloud-based file sharing sites bypass most corporate security, but businesses still need to be able to inspect information leaving their networks and prevent loss of sensitive or regulated data to unauthorized outsiders," Leichter said.