Wednesday, August 01, 2012

Will third time be the charm for DropBox?

So it’s the second time that DropBox has been hacked. Lots of coverage about the hack which came to my attention here. I hope everyone remembers the previous hack from last year.

Now DropBox is adding two-factor authentication after the horse has bolted from the barn – twice. Will there be a third hack?

After last year's embarrassing data breaches, Dropbox promised to implement additional safeguards "to prevent this from happening again." Whoops, it just happened again.

DropBox is an excellent product. I use it. I really like it for probably the same reasons you guys do but I continue to be amazed that cloud-based apps don’t come out of the box with two-factor as an included – preferably for free – feature. I mean even supporting something like Symantec’s VIP token would be a plus and not hard to add. (I know, we’ve added it to our Webthority product)

This simply re-enforces two things:

  1. Despite all of the surveys that say people are concerned about cloud security the vendors (aka YOU the product managers at these companies) aren’t listening.
  2. Simplicity, coolness and ease-of-use will continue to trump security. (i.e., People like me who know better are using the product without enhanced security)

Oh, I wonder if the users who were hacked have mentioned to their employers that perhaps some of their data was compromised? Yah, right.

The company also said that one of those stolen passwords was used to access a Dropbox employee’s account, which contained a project document with user email addresses.

Where’s my cloud compliance solution…? Is it possible to prevent this from happening again? What’ll happen if (when?) this happens a third time to DropBox? Does your company have a written policy about the use of cloud-based file sharing solutions? What is the air speed velocity of an unladen swallow? (This last question is to see if: a) you have read this all the way thru; b) you know Monty Python; and, c) you get the fact that cloud security is verging on being a great Monty Python skit)

No comments: