Making Dropbox secure for lawyers and law offices

Filed under: Cloud | Tags: , , , |

security

Lawyers are particularly concerned about using cloud based service to store information. Here are some of the issues attorneys face:

  • I am handing over sensitive client matters to a third-party! Note: this is despite the fact that lawyers already do this when they store client files in a rented office.
  • Where are the files stored? Are any files stored outside of the United States?
  • What are the security procedures at the cloud service provider?
  • Who can see my data?
  • Will the data be handed over to law enforcement and under what conditions (subpoena)?
  • Will I be notified if data is handed over?

The flaw (some say the fatal flaw) with using a cloud service like Dropbox is the service ultimately has access to your files and could theoretically view or reveal your data.

There have been a number of workarounds including putting your files into an encrypted container. I discussed the trade-off with this in “Is Cloud Storage Secure Enough for Lawyers.” The problem is that you lose the benefit of constant synchronization: instead of files constantly being backed up and synced, you have to sync a single LARGE file when all you want to do is shut down your system and go home.

SpiderOak

The goal has been per file encryption and services like Spider Oak have stepped up to the plate to offer this. However, moving away from Dropbox, means moving away from a known service which is currently the market leader with cross-platform application on desktop (Windows, Apple/Mac, and Linux) and mobile devices (iPhone, iPad, Android, Blackberry) plus many applications support Dropbox right out of the box!

Dropbox mobile

Dropbox just logo

Plus, Dropbox just works! Sync is hard. Just ask anyone who has tried to keep contacts synchronized between various computers and online services: you get old information, conflicts, and duplicates. With Dropbox files sync accurately and quickly — even “files” like Circus Ponies Notebook which are actually folders work!

Now, I’m not saying other service do not work just as well. It is just that any contender needs to be considerably better to make me move.

The ONE thing Dropbox lacks is — per-file encryption. That is, until SecretSync. Read the rest of this entry »


Dropbox left open for 4 hours

Filed under: Cloud | Tags: , , |

A wrinkle has appeared in the perennial question, “Is Dropbox Secure?” Dropbox (one of my favorite services) was effectively unlocked for 4 hours on Monday June 20, 2011!

Writing in PC World, Sara Yin notes:

A code update left Dropbox, the popular cloud storage service, password-free for about four hours on Monday afternoon.

During this time, anyone could access any of Dropbox’s 25 million user accounts by typing in any password. The lapse occurred between 1:54 p.m. to 5:46 p.m. PT.

Ok. Altogether, “FUUUUU…!”  Read the rest of this entry »


Time to Secure Facebook (Yes AGAIN)!

Filed under: Cloud | Tags: , , |

Padlock
With the recent concern over Facebook privacy (if that isn’t an evergreen topic I don’t know what is) specifically the Firesheep plugin for the Firefox browser. If you are not familiar with it, Firesheep is a dead simple plugin that lets people see and capture the password for other Facebook users on the same network.

If you ever use an open wifi — say at your local Starbucks — and checked your Facebook page, someone else in the cafe might also have not only gotten full access to your Facebook page on that day, but also now been able to log on to your Facebook page ANY TIME THEY WANT.

Feel free to re-read that and let it sink in.

Fortunately, Facebook has implemented some new security options to fix this problem. So, it’s time to review and tighten up your Facebook security. Yes, again! Read the rest of this entry »