Tools like Dropbox Cause Security Problems, IT Departments Say

About half of organizations in a survey conducted by Axway felt that various public cloud file sharing tools like DropBox had significant security problems. These organizations also felt that it would be difficult to know if a breach had occurred and if sensitive information had been compromised.

The problem with DropBox from a security standpoint is evident in a recent test conducted by the Western North Carolina Infosec Community (WNC Infosec). In the test, WNC Infosec protected a document with the HoneyDocs service. Any document protected through HoneyDocs sends notifications whenever the document is opened. The objective was to determine if DropBox opens files when they are shared through its system.

Just minutes after WNC Infosec shared the file, HoneyDocs notified them that the file had been opened. As it turns out, DropBox opens certain file types in preview mode as a convenience to its users. It lets them see the file without having to open it in an application like Word.

Two security experts took their security testing a step further back in August by hacking DropBox through reverse engineering. DropBox has since responded with the release of a business version of its solution that offers IT admins more tools to safeguard information assets.

It’s no wonder why companies that deal in healthcare or financial sectors ban their users from services like DropBox. It’s a great tool for sharing pictures from a recent picnic at the beach, but not so much for confidential documents.

In spite of the security risks involved, many companies continue to allow employees to use public cloud services. They seem to feel that the productivity benefits outweigh the risks. Nearly two-thirds of Axway respondents felt that employees would use public clouds less if an approved file sharing tool was available. With companies being one security breach from a disaster, the time to implement secured file sharing was yesterday.