Cloud storage security – nothing is for nothing

A security issue with cloud storage services DropBox and Box are in the news again, and it seems the real problem is that business users keep using the free versions, with very limited security, rather than pay for the versions that protect their data

  • 10 years ago Posted in

A significant DropBox and Box security vulnerability has been discovered by rival cloud service provider, Intralinks, which discovered that a number of Dropbox and Box ‘share’ links (which are intended for a limited audience) may be disclosed to third-parties.

And it would appear that much of the problem is down to end users themselves failing to check effectively on the security settings they use for such services, or opting for the free versions of those services when it is widely known that security capabilities are not even provided. In other words, the real story of the internet – that nothing is for nothing – is holding true in this important and potentially damaging area.

The discovery was made during analysis of the company’s Google Adwords campaigns. Intralinks found that sensitive files, such as mortgage records, have been found using these public links, although Dropbox has now disabled access and will be implementing a patch to prevent shared links from being exposed from now on.

Skyhigh Networks, a cloud visibility company which evaluates and ranks the security credentials of services like Box, Dropbox and Intralinks, believes that this vulnerability demonstrates why it’s paramount that businesses are aware of and use cloud services which have the appropriate level of security.  

“This story serves as further proof, as if it were needed, that businesses need to be better aware of their risk profile when it comes to sensitive data and cloud security – as these kinds of files should never be made available to the public,” said Charlie Howe, Skyhigh Networks EMEA director. “If a business is sharing confidential information such as mortgage records, is using cloud services and cannot guarantee that it is protecting this data from unauthorised access, it really doesn’t have a grip on its IT security, or the cloud for that matter.

“It’s vital that all organisations understand which cloud services have the necessary security and privacy features for business use. For example, Box does in fact have a number of settings that would eliminate this specific vulnerability, as does Dropbox for Business – however, the free version of Dropbox does not. The fact that businesses still use free file sharing applications when secure, enterprise-ready alternatives exist really beggars belief. Indeed, in our latest European Cloud Adoption and Risk report, we discovered that Dropbox is one of the most popular cloud services in use in the UK, but Dropbox for Business is yet to register on the top ten list.

“The companies most affected by this vulnerability will be those with poor visibility into how sensitive content is shared in the cloud. Modern enterprises should consider careful and diligent cloudservice monitoring as a necessity in today’s IT security climate. Those which don’t will continue to find their data, their reputation and their business exposed.”

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.