{"id":3930,"date":"2012-08-17T16:46:48","date_gmt":"2012-08-17T14:46:48","guid":{"rendered":"https:\/\/owncloud.com\/?p=3930"},"modified":"2021-05-19T10:28:55","modified_gmt":"2021-05-19T10:28:55","slug":"security-warnings","status":"publish","type":"post","link":"https:\/\/owncloud.com\/de\/blogs\/security-warnings\/","title":{"rendered":"Security warnings?"},"content":{"rendered":"<p><!--:en-->As is often the case, a recent article caught my eye:<br \/>\n&#8211; &#8222;<a href=\"http:\/\/www.informationweek.com\/security\/management\/5-dropbox-security-warnings-for-business\/240005413\" target=\"_blank\" rel=\"noopener\">5 Dropbox Security Warnings For Businesses<\/a>&#8222;. I<br \/>\nwould actually argue though that this goes beyond just Dropbox.<\/p>\n<p>The piece uses the recent &#8222;life hacking&#8220; of a journalist as a cautionary<br \/>\ntale and gives some handy tips for businesses including, monitor Dropbox use<br \/>\nand compare cloud service security. It&#8217;s definitely worth a read for any IT<br \/>\nmanager.<\/p>\n<p>It&#8217;s certainly not an overstatement to say that information and data are the<br \/>\nmost important corporate assets in the information age and enterprises (and<br \/>\nconsumers) should think long and hard about the right strategy of how and<br \/>\nwhere to store data before making a long-term decision. We know, however,<br \/>\nthat IT has been forced to scramble in the wake of popular services like<br \/>\nDropbox and the incredible exposure well-meaning employees are subjecting<br \/>\ncorporate data to.<\/p>\n<p>But, still, it might be a big mistake to give away the benefits of<br \/>\nIT-controlled data sharing without thinking about the consequences. It&#8217;s<br \/>\nimportant to think about, as the piece suggests, aspects like monitoring of<br \/>\nDropbox use in the company, different security levels of cloud services, and<br \/>\nways to detect inside and outside data theft. Maybe, as the author suggests,<br \/>\ncompanies could use Dropbox as a &#8222;public repository:&#8220;<\/p>\n<p>&#8222;Until Dropbox adds those stronger security measures, and all employees<br \/>\nadopt them, businesses that use Dropbox should inform employees that<br \/>\nanything they upload to the service will be treated as &#8222;public&#8220; &#8211; that is, as<br \/>\nif it was published to a public Google Group, Yahoo mailing list, or the<br \/>\nlike.<\/p>\n<p>&#8222;&#8220;If there&#8217;s any information you&#8217;re worried about, you&#8217;re better off<br \/>\nencrypting those files before you upload them. But that adds another layer<br \/>\nof work for users, and users are lazy,&#8220; said the threat intelligence manager<br \/>\nfor Trustwave SpiderLabs, who goes by &#8222;Space Rogue,&#8220; speaking by phone. &#8222;It<br \/>\nannoys me that companies rely on third-party services like [Dropbox], but<br \/>\nthat&#8217;s the way that businesses are going.&#8220;<\/p>\n<p>Other security experts agreed with that assessment. &#8222;Anything that is really<br \/>\nsensitive or extremely valuable or needs to be kept very secret, I wouldn&#8217;t<br \/>\nstore on anybody else&#8217;s servers,&#8220; said Marco Arment, the creator of<br \/>\nInstapaper, on hisblog. &#8222;That, to me, seems ridiculous unless I held the<br \/>\nencryption keys&#8211;like with the online backup service that I use.&#8220;&#8220;<\/p>\n<p>Also &#8211; tracking data theft &#8211; most IT departments have sophisticated tools<br \/>\nthat track data use within the company, so why not use the tools you have<br \/>\nfor use outside the firewall?<\/p>\n<p>&#8222;One of the biggest information-leakage threats facing businesses, besides<br \/>\nexternal attackers, is malicious insiders. Thus, when weighing if and when<br \/>\nemployees can use Dropbox, ask whether your business would be able to detect<br \/>\ninformation exfiltration while it&#8217;s happening or after the fact. &#8222;As an old<br \/>\nIT guy, having my employees use something like Dropbox &#8211; where the files are<br \/>\nno longer accessible to the IT department &#8211; makes me very, very worried.<br \/>\nBecause as an IT guy responsible for data, I want &#8230; to know that if<br \/>\nsomeone gets fired, I still have access to all of that information,&#8220; said<br \/>\nTrustwave&#8217;s Space Rogue.<\/p>\n<p>&#8222;Accordingly, businesses should consider restricting employees to use only<br \/>\ncentrally managed file-sharing services. &#8222;If I was looking to get a<br \/>\nthird-party file-storing service like that, I&#8217;d want to ensure that I had<br \/>\nadmin access to all of that data,&#8220; he said.<\/p>\n<p>&#8222;The only catch, unfortunately, is that instead of being baked in, decent<br \/>\ncloud security can be a costly add-on. Dropbox, for example, now offers<br \/>\nDropbox for Teams, which adds centralized administration, better security,<br \/>\nas well as <a class=\"wpil_keyword_link \" href=\"https:\/\/owncloud.com\/features\/active-directory-and-ldap\/\" title=\"Active Directory\" data-wpil-keyword-link=\"linked\">Active Directory<\/a> integration. But the cost of the service starts<br \/>\nat $800 per year, for just five users.&#8220;<\/p>\n<p>So we say again, why not set up YOUR server as the nexus point, use the<br \/>\ncontrols you already have AND give your employees, a simple sharing tool?<!--:--><!--:de--><\/p>\n<p><!--:--><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Frank about security needs for cloud services.<\/p>\n","protected":false},"author":15,"featured_media":78665,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[48],"tags":[],"class_list":["post-3930","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts\/3930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/comments?post=3930"}],"version-history":[{"count":1,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts\/3930\/revisions"}],"predecessor-version":[{"id":61278,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/posts\/3930\/revisions\/61278"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/media\/78665"}],"wp:attachment":[{"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/media?parent=3930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/categories?post=3930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/owncloud.com\/de\/wp-json\/wp\/v2\/tags?post=3930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}