ALCG Journal by Andrew Lehman 

Entries in Dropbox (1)


To The Cloud? Yes, I still think so.

Recent revelations about the risks associated with depending on cloud-based storage and applications (Amazon’s cloud outage) have again raised questions about the suitability of cloud computing for business. Equally unsettling are the continuing major security breaches, like the compromise of the Sony Playstation Network user information and recent revelations about security shortcomings with Dropbox. The thing to keep in mind here I think is that with proper preparation, planning and attention to detail these problems were all avoidable, or their effect could have been mitigated. 

A major part of IT is knowing what can go wrong and planning what to do when it does. All systems can and almost certainly will fail at some time. To be incensed when they do really only indicates that someone didn’t plan properly for the eventuality or has unreasonable expectations, or both.  

Those who knew that they had no tolerance for downtime and planned their strategy and systems accordingly made it through the outage without a loss of their critical services because they had built and tested systems to fail over to in the event that their resources on Amazon became inaccessible. 

Likewise, Sony should not have been keeping unencrypted user data out on the Internet. It would have been prudent to have stored the data in an encrypted format, given that it was sensitive information. Again, this points to a lack of proper care, planning and attention to detail. 

I have to admit I was taken aback and frankly disappointed by revelations about Dropbox’s lax host authentication system, especially in that it is not a complex problem and easily remedied. Although they are now taking steps to remedy the problem, it’s disappointing that it took a public outcry to shame them into plugging the security hole. But, here again, prudence would dictate encrypting sensitive data before putting it out in a public cloud where security is out of your control. 

I still think the cloud is an excellent resource, especially for small and medium businesses, and I would not discourage anyone from using it. But I think it is necessary to have a resource, either in-house or a consultant, who can ensure you are using the right solution and properly mitigating your risks. Today’s small/medium shop needs a resource who understands how things work and can effectively manage vendors and partners - the cloud and service providers - to ensure you are getting what you need.