Information Governance managers as well as individuals need to be aware of possible risks when utilizing external cloud storage providers.
CNN has reported that Dropbox, the popular cloud-storage service, is investigating whether a security breach is to blame for a recent wave of spam e-mail sent to Dropbox users. Dropbox has stated that they haven’t had any reports of unauthorized activity within Dropbox accounts, the suspicion is that email addresses were taken to use for spamming purposes. Dropbox has roughly 50 million users who,according to the site, upload a billion files to the service every 48 hours. So far several users in Europe have reported spam from gambling sites sent to email addresses users created specifically for setting up Dropbox accounts.
This possible security breach brings up the question of how secure these cloud storage sites are. I for one use Dropbox and consider it a fantastic service, especially the desktop icon use model. Individuals and companies need to take the lead in ensuring their data is secure either by not utilizing these services or by securing their data before they upload it.
I always encrypt data before I upload it to any cloud storage service. I use two free encryption utilities; Kryptelite and Iron Key both from Invsoftworks. Krypteliteallows you to encrypt files by simply dragging and dropping files onto the Kryptelite desktop icon. To decrypt the files once they’re encrypted, you must drag the encrypted file back onto the Kryptelite desktop icon and type in the file password. This means you cannot decrypt a file unless you have a running version of Kryptelite on the PC you are using at the time.
Iron Key allows you to create self decrypting files which are completely stand alone and can be decrypted anywhere by simply double clicking on it and typing in the password.
Incorporating this additional encryption step into your utilization of cloud storage will add an additional layer of security beyond what the cloud storage providers are already doing.