The Dangers of Dropbox, OneDrive, Google Drive or other consumer-grade file sharing & file storage
The applications you use to back up your data online and synchronize it makes you vulnerable. They make your personal and business data prone to huge security threats. Your business data can easily blow out far and wide without heed being paid to the nature of the information that is being shared and with whom. Moreover, studies show a count of more than 7 MILLION Dropbox accounts that have been a victim of hacking which gives cybercriminals a way to intrude into the company’s network.
This is even more crucial if your company data have finance-related information or information about medical or other sensitive/confidential data. There is a direct breach of security and compliance laws with these online storage applications.
91% of industry experts, as per a Cloud Security Alliance survey, mark data breach and data loss as severely critical threats to cloud security.
One of the worst security holes — the man-in-the-cloud attack — can compromise popular programs like Box, Dropbox, and Microsoft OneDrive. Hackers can steal the security token that gives your computer access to the cloud, even without your password.
Despite all the talk to 256-bit AES encryption and claims “the security of your data is our highest priority”, the fact remains that Dropbox has the ability to decrypt all your files and can view them whenever it wants — particularly if any law enforcement agency comes calling.
The DigitalBank Vault Solution: Encrypt your files with The DVB One Time Pad Encryption System and no hackers will be able to decrypt the data stolen.
Google Now the search term "One-time pad encryption" and learn about this unbreakable encryption technology.
The best-known solution that falls into this category is Dropbox Personal, but the same applies to the regular, and free, versions of OneDrive and Google Drive.
1. Data Theft
Many of the issues with CGFS solutions emanate from a lack of oversight. The IT administration and business owners are not aware of product installations and cannot control the devices that are able to sync with corporate shares. With information being replicated on countless personal devices, the administration loses control over the information and the risk of data theft or abuse drastically increases.
2. Data Loss
As the design of sync solutions is such that changes to files and folders are directly synced to all connected devices, any file deletions or incorrect changes will automatically be carried through on all synced devices. If no history retention or deleted-file protection is in place, the previous versions will also be lost in the cloud. Also, the system can easily be abused by an end-user to permanently delete files.
3. Corrupted Data
A study by CERN shows that silent data corruption is introduced in about 1 out of every 1500 files. Most users or organizations trust solutions to keep the most recent and correct versions of any file, without realizing that there are little solutions that implement any protection against data corruption. Even if back-ups are realized, most CGFS organizations do not expose an easily accessible channel to request a copy of backed-up data.
4. Sharing Critical Information
Personal sharing solutions do not give central oversight over what information is shared, and with whom. As soon as information is shared, no limits can generally be placed over the period of accessibility or the number of downloads. This lack of control can lead to losing or sharing business-critical documents, increasing the risks of breaching privacy agreements and conflicts.
5. Compliance Violations
As CGFS solutions have little to no file retention and file access controls, compliance violations are a serious possibility. Compliance policies often require files to be held for a specific duration and to be only accessible to a number of people, in which case strict access controls and oversight are imperative.
6. Loss of Accountability
The lack of reports, alerts, and logs of user activities can lead to a direct loss of accountability. Both individual document changes as changes to user accounts, organizations, passwords, and policies cannot consequently be tracked, leading to a risk of unmonitored and unauthorized changes to files and configurations.
7. Loss of File Versions
As CGFS solutions do not maintain all file versions nor keep a history of changes with the respective persons, devices, and dates, changes to files can lead to a direct loss of information. Incorrect changes or local data corruption can lead to file versions being permanently lost, without being able to track the cause and source of the loss.
8. Government Access
A final risk to deserve mention is not limited to consumer applications but applies to many business-grade solutions as well. The US has launched a number of initiatives such as the Patriot Act and PRISM designed to access information managed by US companies such as Microsoft, Google, and Dropbox. Many users inside and outside of the US do not appreciate these programs and start to look for solutions proposed out of more privacy-friendly countries.
Business applications propose solutions to many of these known issues, without sacrificing the features that make the consumer file sync services so easy and practical to use. As a consequence of these risks, many companies have formal policies against or discourage employees from using their personal applications, accounts, or devices.
So what are the most effective ways of preventing the use of personal file sync solutions? And how can the above risks be minimized?