I want to start of by saying that I don’t do this, but I can share the story behind the question.
On our first school project (we were building a mini-CRM in windows forms) we had to find a way to share code. The school wasn’t able to set up the TFS server in time for the project, and we wouldn’t be able to use it on our private computers either. A few set up their own (and it ended up in disaster as we basically didn’t know how to use TFS) and a few used SVN (the group that did had previous experience with servers and SVN).
And what did the rest of the class do? Half of us used Dropbox, and the other half passed a USB around. My group used USB, and we had problems with corrupted data but otherwise managed great as we had one dedicated dev on our team that took the responsibility of patching the updates together (thank you Semyon!!!)
I haven’t thought about that much until I started working, and realized that many companies do use Dropbox to share sourcecode and confidential documents. But nobody talks about it. Or questions it. Even with the security breaches Dropbox has/had. And therefore I want to ask you this: Is it OK to use dropbox to store and share confidential client documents? Is this safe/good practice?
I posted this question on LinkedIn, Facebook and Twitter and was bombarded with replies. About 95% answered that no, it is not OK. Here are the comments I got:
Here is a summary of the replies that I got in a 2 hour span on Twitter, I’ll have to make a separate post about the facebook discussion (longer answers) :
- Hard call. I personally wouldn’t do it. It’s not a practice that I would suggest.
- I’d say never, too many security breaches. http://Box.net might be a better option at the moment.
- Short answer no – as the person you shared to can again share to anyone. Sharepoint has better security features.
- no IMHO. Save the transfer problem you cannot guarantee what DropBox will do with the info as well
- Heard many times about security issues for dropbox. Doesn’t sound to me as a good idea…
- cloud security will be a hot topic over the next few years. I store general stuff, not anything that would risk ip or security
- I would say no. Mainly because dropbox is not secure seehttp://twit.tv/show/security-now/349 … for more details.
- Not recommended and after ur candid acceptance please don’t 😉
- No, it’s not OK. Read the Dropbox TOS – it’s icky.
- Depends how paranoid your client is…dropbox staff can access your files…probably won’t…but can. I’d check with the client
- Storing them unencrypted is like painting a target on your back. I’m looking in to https://www.boxcryptor.com/ to mitigate this risk
- I think it’s not a good practice to put sensitive data in ddl
- Based on the recent security breaches, I wouldn’t chance it.
- NO! I wouldn’t recommend any free services. Why don’t you just keep them your company email…
- I wouldn’t recommend it unless you store them in an encrypted zip or something, you don’t want confidential stuff leaking
- no not at all!
- No 🙂
- Usually, but the answer is no if you need to conform to certain rules including but not limited to HIPAA or ISO 9001.
- I’d say not right now. http://www.engadget.com/2012/08/01/dropbox-confirms-security-breach-new-measures/ …
- with all the security problems etc I would say no, not yet anyway
- in addition, they encryption can be “public”. never trust too much in public services.
- I try to avoid Dropbox for that, but it is not bad. I use skydrive more often because it has better security
- I hear most folks who want secure storage online citing SpiderOak as the better solution.
- I think dropbox can access files if they need to. Also consider the patriot act – are you ok with US gov having your data?
- If security is a concern, consider SpiderOak instead. And SpiderOak Blue for business. Safer. Let them know I sent you 🙂
- only encrypted
- I would say it’s okay if you encrypt them yourself.
- No, unless the file is well encrypted using public/private keys (like PGP) and the keys are not stored in Dropbox also.
- You should first determine if anything stored in those documents would damage the client, or your relationship with them.
- it’s all encrypted in transmission. If you want extra security use trucrypt to encrypt before syncing
- If the docs are confidential I do not think this would be good practice..but it ultimately depends on what your client thinks.
- it depends on how confidential your client thinks their data is … I’d use secure ftp if confidentiality is paramount
- Depends your relationship with client… It works well, but, doesn’t seem very professional. I only use as last resort!
- I think it’s ok, but U could encrypt your files with a tool (i.e.: BoxCryptor) for better security
- I looked at this too. Based on their website they’re pretty hot on security but it’s always a risk.
- I think it can be secure but is also a very big target. I imagine a lot of hackers would like to get access to Dropbox data
- I dont see why not. Anything can be snooped or sniffed that travels the internet. I think mainly makes sure u use a really STONG password and never transmit it in the clear and u should be safe
- If there is no other option the client may think DB is fine…otherwise they can setup a more secure solution for you to use.