1. 10 months ago 
    Dropbox authentication: insecure by design

    This article will really hit home with many of my colleagues as users of this service. I do not remain unscathed either, since I used this service too for personal use before Windows Live Mesh 2011 was launched and gained a client for Mac, and at one time I also encouraged use of Dropbox to my friends through the invitations that promised additional storage to me if I got others to sign up for ‘free’ Dropbox accounts as well.

    Lesson learnt: “There’s more to consider about a cloud service than just the cool factor.”

    This Dropbox exploit, as well as the recent GMail data loss and outage than spanned several days and affected both free and paying customers’ accounts, is revealing what I find to be a consistent theme as more service providers launch new cloud services and businesses want to jump on adoption for their enterprise without a proper evaluation.  

    This Microsoft-sponsored article has an excellent ‘Security Checklist’ page that includes some of the criteria to look at a cloud service provider more keenly with including:

    • Integration - how well does it integrate with security processes you already trust (such as those given by Active Directory)?
    • Privacy - how existent, and how strong is the encryption used for your data?
    • Identity and Access - What stops other users from accessing your data in the cloud? How is the database protected?
    • Compliance - There are standards out there for security in the cloud, which ones are your service provider certified for (if any)?
    • Service Integrity - How is your data protected from corruption?
    • Jurisdiction - Where is your data physically located? What country’s privacy laws protect it?
    • Information Protection - Who has access to your encryption keys? Who owns the data stored with your cloud service provider? How is the data backed up?

    Even with this list, my prediction is that, for many of us, how to judge the trustworthiness of a cloud service provider will continue to be a big topic for some time as more of the startup services are scrutinised!

avatar_128
 
 
My blog on technology, business, Trinidad and other topics I find interesting
 
 

Following

staffzemantabenhall
 

Tumblr