Technology-wise, one of the questions lawyers most often ask is related to cloud security. That is: Is my data—including client material—safe in cloud-based applications and cloud-based storage?
This past year, one company has almost single-handedly made it more difficult to offer a resounding “Yes” in response. That firm is, of course, Dropbox.
Too often recently, we have seen stories that almost all could carry the same headline: “Dropbox Confirms Security Glitch.” In an upcoming issue of Arizona Attorney Magazine, lawyer Brian Chase examines the challenges of the cloud. And in so doing, he points us to a few good articles on Dropbox’s missteps. Read about them here, here and here. The most recent occurred just last month, in late July.
This past weekend, I came across an article that indicates Dropbox is edging toward a security solution, this time in the form of a “two-step verification.”
If you want to gauge public response to this latest Dropbox effort, just read the comments beneath the story. Here are a few:
“So wait, we should use a more time-consuming authentication system while THEY failed to secure their databases, resulting in all of their users now enjoying a dramatic increase of spam entering their mailboxes every day? I’m so sick of these companies forcing us into such overkill systems while whenever there’s a security breach, it’s always on their end.”
“What use is this? It only adds security to the part I already had control of—I use impossible to guess passwords with a password manager. The gaping security hole I worry about with Dropbox is that any Dropbox employee or hacker getting into Dropbox has access to my documents. Why don’t they implement two-step verification INTERNALLY for their own staff, and client-side encryption of data so hackers can’t get anything useful anyway? Oh never mind SpiderOak already does this and that is why I use them instead of DropBox.”
One commenter was more generous in his assessment, and pointed out an important part of the exchange process—it’s free! So quit your moanin’:
“No online system is flawless, none is unhackable, you’d rather they not give you the tools to protect your property? It’s YOUR data, YOU are getting a SERVICE for FREE, they owe you nothing. I say good on em, and thanks for the extra level of security, because I care about my data. And anyway, they’re not forcing anything, it’s entirely optional.
I have some agreement with the last commenter’s words. However, when it comes to lawyers or any businessperson, the benefit of free evaporates quickly when sensitive material is hacked. I’m sure lawyers would rather pay a fair price and get security, rather than revel in a cost savings while coders in their parents’ basement wreak havoc on a system most thought was safe.
It’s likely that Dropbox will weather this storm, and that the storm will be replaced with some other torrent that will overtake another company.
But in the meantime: What do you think? Is some use of the cloud inevitable? And will the risks ever decrease to an extent sufficient that you are comfortable with sensitive information floating up there?Follow @azatty