Saturday, April 14, 2012

Cloud file sharing: Secure?

Since Dropbox was launced almost four years ago such services have become very popular. Also other similar services has appeared such as Skydrive, iCloud, Ubuntu One and others. From a security perspective such services have posed a threat to leaking of internal documents without any company access control. Such services are syncing files through an encrypted SSL link while more traditional access controls have only monitored services such as email, ftp and http. There have also been raised other questions about how secure the documents in these cloud services are.

As an example, Dropbox initially claimed that all documents were encrypted, but it was later revealed that they are all documents were encrypted with the same key, also making documents available to Dropbox employees for "support purposes".

Such issues have however not scared people away from using the service since it's a service many need and it just works. It also comes pre installed on many new smart phones. And everyone can get a free account.

While the main focus has been personal users, Dropbox also offers these services for companies. For such services to get accepted within companies there are different requirements than in an end user file sharing service.  Enterprises are seeing that such solutions may solve many of the challenges that remote and home office workers are facing. In this market there are an increasing number of service providers who are trying to claim their share.

Note also that VMware is working on such a service, VMware Project Octopus, that was presented at VMworld last year and Citrix bought Sharefile in October.

In the latest Virtualization Cloud Security Roundtable such topics are being discussed as Matt Richards from ownCloud is a panelist.
Virtualization Security Roundtable, episode 81