An article in the Guardian last week revealed the U.S. government's PRISM program. The article outlined the government's alleged monitoring of communications at the largest Internet providers (seemingly with the help of these providers). This list of Internet providers includes Microsoft, Google, Yahoo, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. Now, I want to point out that these are all allegations and that none of this has been verified yet. However, it certainly raises a lot of questions. I wanted to hone in one of the areas that I took note of. There was a mention in this report of other providers the government wanted to monitor, including Dropbox. This again exposes some of the risks that are faced not only by consumers using Dropbox (and similar services) but also the exposure that enterprises and enterprise users face when using these types of services. Many enterprises turn a blind eye towards a lot of this use but it represents a serious risk and raises many questions:
- Do you know what the security is at these providers? I mean, do you REALLY know?
- Do you know if third parties (government or others) are knowingly or unknowingly accessing your information at these services? Do you, as a consumer user or organization, have a way to monitor this?
- How safe is your information really?
- How does this impact users globally? For example are European users (and their data) being monitored? This is really a good question for companies outside the United States and will likely give them some pause.
- What are the service provider’s obligations when there is a legal discovery order?
As it pertains to file sharing services, like Dropbox and many other cloud based providers, these questions mostly go unanswered. In short, there is a risk factor in using these services. PRISM may not be the specific risk, but it should start a lot of people thinking about these services, which sometimes act as a “shadow,” and mostly unmanaged, service to what the IT department is offering.
Many regulated industries, such as financial services, have already realized the risk that these cloud services represent to them. They have decided to evaluate and implement on-premise enterprise file sharing solutions. These solutions offer their employees a safe and managed way to access, share and collaborate. And they get to control their data because it is on-premise. Solutions, such as Acronis activEcho, provide enterprises with an on-premise solution allowing them to stay in control. And it balances the need for consumer-grade simplicity with the need for enterprise-grade security and management.