![]() In his opinion, that is the opposite of the Dropbox experience, which is all about ease of use.ĭropbox Cloud Storage Platform Hacked? Not So Fast Matt Richards, vice president of products at open-source cloud storage vendor ownCloud, told eWEEK that it’s important to remember that security is relative: The most secure system is one that no one can access. The challenge for Dropbox and indeed for anyone trying to provide a secure online cloud service is that ease of use and security are often antithetical. “So while you may be assured that data you upload to Dropbox is encrypted, you can’t be sure of who has access to the keys themselves, and if the keys are compromised, the encrypted data is no longer protected,” Webb said. Webb told eWEEK that one of the big fallacies that users make is assuming that simply because companies like Dropbox encrypt their data, that it’s somehow perfectly safe. Geoff Webb, director of Solution Strategy at NetIQ, agrees that ownership of the encryption keys is a key consideration. “The fact that they are stored encrypted is of no value if the keys are owned by Dropbox,” Sprague said. Steven Sprague, CEO of Wave Systems, told eWEEK that in his view, the fundamental problem is that Dropbox can read all of the files, for all of the customers. “Cloud-based file sharing sites bypass most corporate security, but businesses still need to be able to inspect information leaving their networks and prevent loss of sensitive or regulated data to unauthorized outsiders,” Leichter said. Willy Leichter, senior director at CipherCloud, told eWEEK that the problems with the cloud storage security model go beyond the bugs found in Dropbox’s authentication method. “In the case outlined there, the user’s computer would first need to have been compromised in such a way that it would leave the entire computer, not just the user’s Dropbox, open to attacks across the board,” the spokesperson said.Īlthough Dropbox is not raising the alarm bells about cloud storage security, others are. That said, Dropbox does not currently hold the view that the research presented at the USENIX conference presents a vulnerability in the Dropbox client. A Dropbox spokesperson noted in an email to eWEEK that Dropbox appreciates the contributions of security researchers and everyone who helps keep Dropbox safe. While Dropbox is aware of the research, it isn’t treating it as a security risk that demands immediate attention. While the merit of the actual research is debatable, it raises questions about what enterprises should be doing to protect the integrity and security of data in the cloud. A pair of researchers at the USENIX security conference in August released a white paper in which they describe methods for attacking Dropbox and obtaining user data. Learn More.ĭropbox is a widely used cloud-based storage platform that is now the target of security researcher scrutiny, as user data privacy is being called into question. We may make money when you click on links to our partners. EWEEK content and product recommendations are editorially independent. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |