Prepare yourself for more Dropbox-like security disasters

Customer confidence could collapse as competitive cloud contestants cut corners.

Disillusionment looms for cloud computing. (Gartner Hype Cycle image used with permission.)

With claims that US presidential candidate Mitt Romney's Dropbox account was hacked earlier this month, it's time for a reminder about the security risks of cloud storage.

The Romney hack, if it actually happened, could well be down to he or his team choosing an easy-to-guess answer to the supposedly-secure secret question. But almost exactly a year ago, there was a far more serious security problem with Dropbox.

A failure left all 25 million Dropbox customers' files exposed for four hours. It's exactly the sort of cloud security scare story I reckon we'll be seeing a lot more often.

Business is now sold on the benefits of cloud computing. Cloud migration seems to be an assumed part of most organisations' IT strategies. Why wouldn't it be, given the convenience and cost savings?

But cloud computing is an incredibly competitive arena. Some companies are bound to cut corners. Some won't even know they should've built the corners in to begin with. And as Dean Kingsley, who heads Deloitte's technology risk practice in Sydney, said last year, we've seen too much cloud-washing, which he defined as "people over-selling and over-hyping the benefits of the cloud, or misusing the word 'cloud' to describe anything in IT so you can sell it."

We now have enough cloud vendors with enough customers for the inevitable occasional security glitch to get significant media coverage. And once the media latches onto a theme, well, every new incident is further proof, isn't it!

This is all unfolding along the timeline predicted by Gartner's <I>Hype Cycle for Cloud Computing 2011</I>. Cloud computing as a whole has passed the "peak of inflated expectations and is now plunging into the "trough of disillusionment" as reality bites.

The challenge for cloud providers will be convincing customers that the risks of the cloud don't outweigh the benefits — risks including the exposure of your data through incidents exactly like Dropbox's.

That'll be tough. According to Symantec's <I>2011 SMB File Sharing Survey</I>, based on data collected in November but released this week, security and data loss were seen as the most significant potential risks with file sharing services.

(Standard caveat for vendor-sponsored surveys that may be inaccurate and self-serving: Symantec's report was based on interviews with 1325 organisations across 3 countries, giving a margin of error of around 3 percentage points — unless you start slicing up the data cubes.)

Files are getting bigger. SMBs are becoming more distributed. Symantec reckons 41 per cent of surveyed organisations said that failing to share a large file quickly would lead to loss of customer consequence and damage their brand's reputation. Cloud-based file sharing looks like a winner.

But it's employees who are influential in adopting these technologies, not IT departments. Only 51 per cent of organisations believed that employees would ask IT for help before setting up file sharing, reports Symantec.

When IT departments choose cloud services, they quite rightly consider security and compliance issues as well as price and convenience. Employees, not so much. You can expect a goodly few employees to put confidential business data onto consumer-grade services, creating a data loss time bomb.

Meanwhile Sophos' new report, <I>The Future of Network Security</I> (N=571 across 5 countries, margin of error 4 percentage points) says that the growing use of cloud services is the most important security challenge for SMBs.

A perfect storm seems to be brewing...

Contact Stilgherrian at or follow him on Twitter at @stilgherrian

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about DropboxetworkGartnerSophosSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stilgherrian

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts