For my day to day work, I use Dropbox. (For the record, my wife prefers SugarSync; vive la difference.) With Dropbox, I know I have 99.9% complete copies of all my work data on at least three devices – my desktop, my laptop, and Dropbox’s own servers, accessible via the Web. (That 0.1 percent is when I have a file open on my laptop that hasn’t fully synced with Dropbox, and then I open the same file on my desktop, which means I occasionally run into version conflicts.) I also keep some Dropbox files on my iPad.
As a result, I’ve fallen out of the habit of doing automated local backups. And when I do a manual backup, it’s to an aging 120GB hard drive that contains my work data for the past decade or so; every time I hear it spin up I wonder when it’s going to die.
Still, as one astute reader pointed out, if somebody at Dropbox deleted all my files and then I sync’d all my machines – deleting local copies as well – I’d be totally hosed. So I plan to start using online backup services again. Look for more on those in a future post.
* A slight exaggeration
4. I am an idiot because I stored sensitive data in the cloud without encrypting it
OK, here they may have a point. My wife and I scan just about every piece of paper that comes into our house and store the docs as PDFs in a shared folder in SkyDrive. I also have sensitive work-related documents in my Dropbox folders. That does make us vulnerable to a number of threats.
If, for example, my Box files had been encrypted, it would not have kept their employees from mistakenly handing control over my account to some other client. But it would have kept their employees and clients from being able to see what was in my files, negating much of the risk.
The same goes for anyone who might be able to hack into the systems at Box, Dropbox, SugarSync, SkyDrive, etc. And, of course, when the spooks come a-knockin’ on their doors, demanding to see all my data because I am a clear and present danger to the safety of the free world, they wouldn’t get very much out of my encrypted files. (Assuming, of course, that any encryption scheme is safe from the NSA.)
So I will be looking into ways I can encrypt my data in the cloud that work across all the systems I use to access my files – my Windows 7 computers, my iPad, my Windows 8 phone, my wife’s Android phone – without forcing me to jump through too many hoops. If I find any good ones I’ll report on them here.
To err is inevitable
Ultimately, though, the problem wasn’t with technology, it was with the process surrounding technology. Which is to say, human error. Someone at Box had the ability to hand control of my data to a total stranger without anyone else blinking an eye. I’m pretty confident Box is not likely to let that happen ever again. But with other companies, who knows?
Situations in which sys admins have way too much power and not nearly enough oversight are extremely common. People I’ve talked to estimate that anywhere from 50 to 90 percent of admins have access to more systems than they should, with no separation of duties between processes and data and little to no supervision.
And if you don’t believe that’s a disaster waiting to happen, just ask the NSA how it feels about Ed Snowden. (The spooks also have their own problems with overly privileged sys admins operating with minimal oversight.)
The solution isn’t to avoid the cloud. It’s to never become entirely reliant on things that are out of your control. In other words, use the cloud, but do it a smarter way.
Lesson learned. For now, at least.
Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he'll make something up). Follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to's, follow ITworld on Twitter and Facebook.
Now read this: