Is Dropbox Safe
November 11, 2011 6:13 PM Subscribe
I work for medium sized non profit and know only a modest amount about IT. This wouldn't be a problem were it not for the fact that among my responsibilities is running IT (long story).
I love Dropbox. Find it super useful. Am considering training others in the organization to use it.
If I ask my network guy, he'll tell me it's a terrible idea - not safe. I'm fine with this . He's really good, but I pay him, in part, to be paranoid. But really, is Dropbox safe?
Note, it would be embarrassing if someone broke in and stole information, but we don't have any critically sensitive data on the network - no CC numbers , no individual client data, etc.
If you're an IT person, what do think of Dropbox in a professional environment? Do you let users on your network use it?
I love Dropbox. Find it super useful. Am considering training others in the organization to use it.
If I ask my network guy, he'll tell me it's a terrible idea - not safe. I'm fine with this . He's really good, but I pay him, in part, to be paranoid. But really, is Dropbox safe?
Note, it would be embarrassing if someone broke in and stole information, but we don't have any critically sensitive data on the network - no CC numbers , no individual client data, etc.
If you're an IT person, what do think of Dropbox in a professional environment? Do you let users on your network use it?
TechSoup was designed for people like you and me. I get their newsletters and regularly read articles, attend webinars, etc. Good info.
So I guess I would recommend you read up on Network Security at TechSoup.
At my own organization we're very slowly starting to share a few things via Google Docs. I'm pretty leery of putting much up there right now, though, because it's so very easy for someone to share a document when maybe they shouldn't.
posted by hms71 at 6:48 PM on November 11, 2011 [1 favorite]
So I guess I would recommend you read up on Network Security at TechSoup.
At my own organization we're very slowly starting to share a few things via Google Docs. I'm pretty leery of putting much up there right now, though, because it's so very easy for someone to share a document when maybe they shouldn't.
posted by hms71 at 6:48 PM on November 11, 2011 [1 favorite]
Response by poster: It's hard to say whether it is appropriate because we don't know what problem you're trying to solve ...
Fair enough. Just as an easy way to work on a document both at home and work. We have a VPN but its kind of a pain. I love having more-or-less a shared drive I can access at home or work. I'm sure my colleagues would too but it seems so open.
posted by TheShadowKnows at 7:08 PM on November 11, 2011
Fair enough. Just as an easy way to work on a document both at home and work. We have a VPN but its kind of a pain. I love having more-or-less a shared drive I can access at home or work. I'm sure my colleagues would too but it seems so open.
posted by TheShadowKnows at 7:08 PM on November 11, 2011
Drop box is great for that. It's secure-ish. But I wouldn't use it for anything sensitive (financial, medical, etc)
posted by empath at 7:14 PM on November 11, 2011
posted by empath at 7:14 PM on November 11, 2011
Best answer: Bruce Schneier - god of computer security - wrote a blurb on Dropbox and security. He linked to a longer article and some more discussion.
Fundamentally, the problems with Dropbox are the problems with any third party provider - Gmail, Yahoo, iCloud, whatever - how can you trust that they, or their employees, aren't using your data for their own use ?
If your data is sensitive - HIPAA, or some such - don't use Dropbox. Find a different way. If your data is inconsequential, then maybe the security issue isn't such a concern. I'd use password protection and/or encryption though. In any case, you have ask yourself - do you really want to give them your files - because once they have them, you have no control over what happens to them.
Security and convenience exist on a spectrum. You will trade security to gain convenience and vice versa.
posted by Pogo_Fuzzybutt at 7:38 PM on November 11, 2011 [1 favorite]
Fundamentally, the problems with Dropbox are the problems with any third party provider - Gmail, Yahoo, iCloud, whatever - how can you trust that they, or their employees, aren't using your data for their own use ?
If your data is sensitive - HIPAA, or some such - don't use Dropbox. Find a different way. If your data is inconsequential, then maybe the security issue isn't such a concern. I'd use password protection and/or encryption though. In any case, you have ask yourself - do you really want to give them your files - because once they have them, you have no control over what happens to them.
Security and convenience exist on a spectrum. You will trade security to gain convenience and vice versa.
posted by Pogo_Fuzzybutt at 7:38 PM on November 11, 2011 [1 favorite]
It's not the worst idea ever. Dropbox has had some high profile security gaffes this year, but I'd consider it secure enough for not-sensitive files.
posted by hattifattener at 8:33 PM on November 11, 2011
posted by hattifattener at 8:33 PM on November 11, 2011
It depends on how sensitive your data is. If you could get your users to use something like TrueCrypt you could still use Dropbox, as long as you only put encrypted files there.
posted by bjrn at 12:17 AM on November 12, 2011
posted by bjrn at 12:17 AM on November 12, 2011
I am not a security expert, but I believe TrueCrypt is only theoretically secure (still darn, darn good). But there is always the question of temporary files used by software accessing files on TrueCrypt volumes, memory captured in virtual storage swap spaces, keystroke logging to capture passwords, cold boot attack, etc. (e.g., see Security Concerns or FAQ). Some may apply to the employees of your organization, some to the data hosting location, or both.
I mention the above so you can realize that the people who worry about data security and due diligence and compliance really do have a tough job. I am not one, but I have talked to them, and it's a complicated world out there.
posted by forthright at 7:49 AM on November 12, 2011
I mention the above so you can realize that the people who worry about data security and due diligence and compliance really do have a tough job. I am not one, but I have talked to them, and it's a complicated world out there.
posted by forthright at 7:49 AM on November 12, 2011
Best answer: For thoroughly disposable, totally non-sensitive file transfer, Dropbox is acceptable. I generally discourage its use in the organization where I do IT for two reasons:
First, they have repeatedly shown a complete disregard for both reasonable security practice and user privacy.
Second, the implementation is functional and really convenient for many users, but treating it as a real filesystem will burn you.
(After I got burned by the implementation a while back, they also silently charged me for a second year's membership on a non-functional account, but my usage was far from typical and I doubt they had any way of automatically noticing that the account was busted.)
posted by brennen at 10:27 AM on November 12, 2011
First, they have repeatedly shown a complete disregard for both reasonable security practice and user privacy.
Second, the implementation is functional and really convenient for many users, but treating it as a real filesystem will burn you.
(After I got burned by the implementation a while back, they also silently charged me for a second year's membership on a non-functional account, but my usage was far from typical and I doubt they had any way of automatically noticing that the account was busted.)
posted by brennen at 10:27 AM on November 12, 2011
Response by poster: Thanks everyone. It's very useful to get a number of perspectives. I guess I have too many users whom I can't trust not to do something stupid. Maybe I'll just quietly talk about it with a few select users. Thanks again, TSK.
posted by TheShadowKnows at 12:35 PM on November 12, 2011
posted by TheShadowKnows at 12:35 PM on November 12, 2011
This thread is closed to new comments.
posted by iamabot at 6:46 PM on November 11, 2011