How Concerned Are You About Security?

Related Articles

• The Politics of Security
• Before You Develop That App, Make Sure It's FTC Compliant
• Beware: New Facebook Email Addresses; Cloud Cuts Costs for SMBs

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

Much has been made of yesterday’s revelation that the Federal Trade Commission may investigate Dropbox because a prominent blogger claims that Dropbox employees can gain access to its customers’ files. The claim seems to have some merit, particularly in light of the fact that the company changed its privacy protection claims about a month ago.

The Dropbox controversy is only the latest in a fairly short series of security breaches, data breaches, accusations and suspicions of less-than-optimal security by some cloud-based providers. These types of concerns are, in my opinion, helping to slow more widespread adoption of cloud-based services. Decision makers—and rightly so—are understandably reluctant to hand over sensitive financial data, intellectual property and other important information to a cloud provider whose employees could, at least theoretically, gain access to this content, or that might lose it through a data breach.

While these concerns are understandable, it’s important to consider a couple of things. First, security breaches in the cloud are very rare and are much more about what could happen than about what actually does (or will) happen.  Second, many companies pay little attention to other security issues that are actually much more likely to create loss of data. For example:

• A Trusteer report published in February 2010 found that 73% of Web users share the password they employ for online banking sites with at least one non-financial Web site. Further, nearly one-half of them share both the username and password they use for their bank with at least one non-financial Web site.
• An Osterman Research survey found that 85% of users sometimes employ the same password for more than one work-related system—three out of five users claims that they have too many usernames and passwords to remember.
• Many users reveal sensitive information on Twitter, Facebook or other social media sites, often not realizing they are doing so. For example, a senior person’s frequent posts about travel to Redmond, Washington or Bentonville, Arkansas could reveal that an acquisition or major deal could be in the works.
• Clicking on the “Forgot Password” link on many Web sites will send a new password in clear text.
• Most organizations allow their employees to access corporate email from their home computer, smartphone or other device, often without the use of a VPN or other capabilities to prevent content from being intercepted.

The bottom line is that decision makers are wise to be careful about how their data is stored in the cloud—vendors and providers should be vetted carefully to determine what certifications, processes and other controls they have in place to protect their customers’ data. However, decision makers should also focus on the avenues through which sensitive data is much more likely to be lost—users and the basic processes that organizations have in place.