Cloud storage security – nothing is for nothing

A security issue with cloud storage services DropBox and Box are in the news again, and it seems the real problem is that business users keep using the free versions, with very limited security, rather than pay for the versions that protect their data

  • 10 years ago Posted in

A significant DropBox and Box security vulnerability has been discovered by rival cloud service provider, Intralinks, which discovered that a number of Dropbox and Box ‘share’ links (which are intended for a limited audience) may be disclosed to third-parties.

And it would appear that much of the problem is down to end users themselves failing to check effectively on the security settings they use for such services, or opting for the free versions of those services when it is widely known that security capabilities are not even provided. In other words, the real story of the internet – that nothing is for nothing – is holding true in this important and potentially damaging area.

The discovery was made during analysis of the company’s Google Adwords campaigns. Intralinks found that sensitive files, such as mortgage records, have been found using these public links, although Dropbox has now disabled access and will be implementing a patch to prevent shared links from being exposed from now on.

Skyhigh Networks, a cloud visibility company which evaluates and ranks the security credentials of services like Box, Dropbox and Intralinks, believes that this vulnerability demonstrates why it’s paramount that businesses are aware of and use cloud services which have the appropriate level of security.  

“This story serves as further proof, as if it were needed, that businesses need to be better aware of their risk profile when it comes to sensitive data and cloud security – as these kinds of files should never be made available to the public,” said Charlie Howe, Skyhigh Networks EMEA director. “If a business is sharing confidential information such as mortgage records, is using cloud services and cannot guarantee that it is protecting this data from unauthorised access, it really doesn’t have a grip on its IT security, or the cloud for that matter.

“It’s vital that all organisations understand which cloud services have the necessary security and privacy features for business use. For example, Box does in fact have a number of settings that would eliminate this specific vulnerability, as does Dropbox for Business – however, the free version of Dropbox does not. The fact that businesses still use free file sharing applications when secure, enterprise-ready alternatives exist really beggars belief. Indeed, in our latest European Cloud Adoption and Risk report, we discovered that Dropbox is one of the most popular cloud services in use in the UK, but Dropbox for Business is yet to register on the top ten list.

“The companies most affected by this vulnerability will be those with poor visibility into how sensitive content is shared in the cloud. Modern enterprises should consider careful and diligent cloudservice monitoring as a necessity in today’s IT security climate. Those which don’t will continue to find their data, their reputation and their business exposed.”

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...