Ipswitch Blog

A Security Hole – is Dropbox Dropping the Ball?

| April 13, 2011 | Data Breach, Enforcement, Managed File Transfer, Secure File Transfer, Visibility

Security researcher Derek Newton and a few Dropbox users have found a significant security hole in Dropbox. They published their results and Dropbox responded.

Dropbox’s response is not adequate.  It’s not enough for them to bury their head in the sand and to say that this security gap is not their problem if a hacker has physical access to the computer. The very nature of Dropbox lets its users increase their physical presence onto many more computers.  As such, these users are increasing the risk of their information being stolen and their businesses being compromised.

Instead, Dropbox needs to say what steps they are taking to close this security gap.  If Dropbox wants to minimize the impact to their business and to increase their presence as a responsible corporate citizen, Dropbox needs to make this security issue theirs to resolve.

Encryption is the best way for Dropbox to proceed right now.  Encrypting their configuration files would be the first and best place to start.  Second, Dropbox (like Google or my credit card company) should monitor users’ accounts for unusual activity.  Whenever they notice a blip or a change in user’s activity, they should send the user an email or SMS.

Third, no application or user should be given implicit access to a user’s files.  All access needs to be explicit.  An end user needs to specify each application and user that has permission to view, update, copy or remove their files. 

As all our transactions become electronic, it’s more important than ever that securing the data, securing access to the data without compromising usability and authorized access is the number one requirement for software vendors.

How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries
[ do default stuff if no widgets ]

Reader Comments

  1. Dropbox is a consumer product that is roughly equivalent to an external hard drive in the cloud. To approach it differently is absurd. If you want your files protected treat them the same way you would if you put them on an external hd (i.e. Encrypt them).

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.