If haven't stopped to think about those important files you are storing in Dropbox and whether it's a good idea, now is the time. Click to find out why.
People rave to us about how useful cloud services like Dropbox are for work, but not many say to us that they are worried about whether it's safe.
So it was interesting to hear a reminder recently that it's the simple, mundane, day-to-day mistakes you can make in Dropbox that might expose your data. These risks aren't to do with popular concerns about government spying or hackers - they're primarily to do with "losing control" from within.
What is the risk of using Dropbox?
The warning comes from Ali Moinuddin from Workshare, which provides software designed to help businesses stop accidentally exposing sensitive data online.
The way he sees it, there is the risk that someone within your business could share a link to a file with someone outside the company. Or one of your staff could be storing sensitive company files within a password protected personal Dropbox account. When they leave the company you might lose any chance of accessing the files.
"If one of my employees started to walk and they were using a Dropbox personal account, they could basically take that information with them. You have no control over it, " Moinuddin said.
Emailing or sharing an attached file can be a mistake if it's hiding sensitive information - Word documents can contain information you mightn't want anyone to see if you've turned on "track changes", and Excel spreadsheets could contain hidden columns. Information about who created the document and when it was last modified could be something you don't want people to know in certain situations.
"99% of the time it's done without malice. They're creating a document, then sharing the document, and they've not seen the hidden metadata", said Moinuddin.
Putting a padlock on those files
While none of this is new, don't be surprised if you hear more from the likes of Workshare as time goes on. According to Ali, Workshare has sold its secure file sharing technology in Australia for a number of years, especially to large firms. But he says the company is "now looking to make it easier to use for anybody [to use Workshare] - any business no matter what size they are."
"I think more and more businesses will automate that process," he said. "It's a trend that we're seeing across the globe where theres an increased focus on who's sharing what".
The type of features that Workshare wants to make more widely used, for example, include the ability to strip metadata from files before they are sent - like social security information. Workshare can also set an expiry time for a document, so that once shared it can only be read for 48 hours. It can also be used to control whether a document can be downloaded, printed or forwarded. The product has been used by law firms in particular for years.
"Today if you try and police [sharing] people will just work around you. Now what you have to be able to do, is provision simple, easy to use terms, that allow people to work the way they want to. It's a step changes from years ago, where it was always about control."
While he has a vested interest, we think it's still a valid concern. We've run various articles about how useful Dropbox can be, and discussed services like it at the BIT Roadshow. Still, it's worrying that some users don't seem to be asking about these issues at all, let alone the other things that can go wrong, like this and this (this second link is very useful, by the way, if you use Dropbox).
Better than scraps of paper?
Interestingly, we happened to discuss the topic of cloud security with Barry Porter, CEO of Nubian Water Systems, which he says has benefited from moving to cloud services, including Salesforce.com. He made the observation: "Truthfully, anybody who's going to take data when they resign has already taken it. For me the benefit of something like Salesforce.com is that if someone leaves our business, as a minimum, I know as much as they do. In the past they would have info on bits of paper, Excel spreadsheets, all sorts of stuff. Any info about a customer is in that platform. At least I've got a copy of what they walked away with. In the past, they may have walked away with a spreadsheet they've been creating over time.
In my experience the problem was never people downloading information. The problem was they weren't uploading info to start with."
It's a good point - the problem with the cloud security debate, we'd argue, is the temptation to write off the cloud as the boogie man. No doubt putting your data online raises all sorts of valid security concerns, but there are also arguments in favour of having important data stored in a data centre, instead of a USB hard drive. Read reports about data attacks and you'll see that the cloud is only one way you might be targeted.
Do you know where your data is?
If you haven't stopped to think about all this, here's another reason - changes to the privacy laws coming into effect in Australia in March next year. If your business stores sensitive personal information about your customers, it's up to you to make sure that information doesn't fall into the wrong hands. If that data goes offshore, you will be required to tell your customers. In the worst case, your business might be held accountable if a third party (and our reading of the draft guidelines is that this includes cloud service providers) does the wrong thing and exposes the information.
There are various details (for example, some businesses with a turnover of less than $3 million won't be subject to the requirements) but overall, the push is on to make businesses pay attention to where personal information about their customers is going, and to make sure it's protected.