The Box.com data debacle part deux: Am I a total idiot, or what?
Some readers say I should have known better than to use a cloud service to store and share files. Here's what I have to say about that.
Well, that certainly struck a nerve.
My post two days ago about how Box.com gave total control over my account to someone I didn’t know, who then deleted it without my knowledge, inspired an amazing reaction across the InterWebs. It was tweeted more than 1200 times. It sparked discussions on Slashdot and Reddit. Harry McCracken at Time and Reuters’ Felix Salmon both wrote about it.
An hour after the story posted, I received an apologetic email from Aaron Levie, the 28-year-old CEO of Box, which read in part:
I've been following along with the issue you ran into to ensure we had all hands on deck to resolve the matter. I know at times in the process things were not as quick or clear as possible, and I'm very sorry about that; there was a lot on our end we were having to piece together given we hadn't seen this before.
Further, we've reviewed our internal practices in the process, and while we have many security and privacy practices to prevent these accidents, we have taken additional measures so an event like this does not happen ever again.
I hope that we're in a much better state now with the recovery. If you choose to trust us going forward, we've upgraded your account to premium as well.
(As an aside, I interviewed Aaron three years ago for a story I wrote about young geeks vs old geeks for InfoWorld. Smart guy.)
Mainly, though, the reaction revealed how wary people are of the cloud and its implications – a wariness, as my story illustrates, that is not entirely unjustified.
The overwhelming majority of responses have been sympathetic and supportive. Still, more than a few readers volunteered their reasons as to why I am an idiot and thus had it coming. I’d like to address the major ones below.
1. I am an idiot because I store data in the cloud
There are people whose mistrust of the cloud runs so deep they reject it entirely (and yet, they seem to spend most of their free time on the Internet – explain that one to me). To these folks, the only way to be fully secure is to store your data on a magneto-optical drive in your grandmother’s root cellar, or possibly on 5.25-inch floppies in Al Capone’s vault.
That’s silly in so many ways I don’t where to begin. I’m willing to bet that nearly all of these folks store data in the cloud in some way, even if they don’t realize it. Use a Webmail service? You’re storing data in the cloud. Shop at Amazon? They’ve got your name, address, and credit card information stashed away on a server farm. I’m sure most of these folks have long histories of their comments on Slashdot, Reddit, and Hacker News and don’t think twice about that. I won’t even get into whether they use Facebook, Twitter, and the like.
Unless you consider the Unabomber a role model, you’re going to use the cloud for at least some of your data. That’s only going to become more common over time, not less.
The simple fact is there is no 100 percent secure way to store your data. Web storage can be hacked or bollixed by sys admins with too much power and too little oversight, as happened with Box. Thumb drives and removable media are easily lost or stolen. Tapes get brittle, hard drives die, and any local storage can be destroyed in a fire or made inaccessible by any number of natural disasters.
It is not a mistake to store your data files in the cloud. It is a mistake to only store your data files in the cloud. Just as it is a mistake to only store them locally. The solution is to do both.
Some readers suggested I keep my data on a NAS device hooked to my home network that I could access remotely via VPN. That’s an intriguing idea, and I might give it a shot. But it’s not a solution for the non-geeky masses.
2. I am an idiot because I gave my password to strangers
Well, no, actually I didn’t. That’s not how Box.com works. Yet some people who have no clue about the process seem to believe I handed over my logins. So let me explain.
When you create a folder in Box, you have the option of choosing people to collaborate with you on it. You can invite them via email, or post a link and send it via text or IM. If they accept the invitation, they are prompted to sign on to Box with their own email and password.
These collaborators only have access to the files or folders you choose to share, and they only have the rights you give them – like whether they can upload and edit files or merely view them. They can’t get at your other data or alter your account in any way.
Box also offers a sync option, a la Dropbox and SugarSync, for paying customers. But the way I’ve described it above is how I (and millions of others) use it for collaboration.
3. I am an idiot because I didn’t back up my data locally
Well, maybe. But as I noted in the piece, I used Box.com folders only to store nonessential, nonpersonal files, which I shared mostly with editors at the 347 publications* I write for. I had copies of most of those files, and I didn’t care about the rest.
For my day to day work, I use Dropbox. (For the record, my wife prefers SugarSync; vive la difference.) With Dropbox, I know I have 99.9% complete copies of all my work data on at least three devices – my desktop, my laptop, and Dropbox’s own servers, accessible via the Web. (That 0.1 percent is when I have a file open on my laptop that hasn’t fully synced with Dropbox, and then I open the same file on my desktop, which means I occasionally run into version conflicts.) I also keep some Dropbox files on my iPad.
As a result, I’ve fallen out of the habit of doing automated local backups. And when I do a manual backup, it’s to an aging 120GB hard drive that contains my work data for the past decade or so; every time I hear it spin up I wonder when it’s going to die.
Still, as one astute reader pointed out, if somebody at Dropbox deleted all my files and then I sync’d all my machines – deleting local copies as well – I’d be totally hosed. So I plan to start using online backup services again. Look for more on those in a future post.
* A slight exaggeration
4. I am an idiot because I stored sensitive data in the cloud without encrypting it
OK, here they may have a point. My wife and I scan just about every piece of paper that comes into our house and store the docs as PDFs in a shared folder in SkyDrive. I also have sensitive work-related documents in my Dropbox folders. That does make us vulnerable to a number of threats.
If, for example, my Box files had been encrypted, it would not have kept their employees from mistakenly handing control over my account to some other client. But it would have kept their employees and clients from being able to see what was in my files, negating much of the risk.
The same goes for anyone who might be able to hack into the systems at Box, Dropbox, SugarSync, SkyDrive, etc. And, of course, when the spooks come a-knockin’ on their doors, demanding to see all my data because I am a clear and present danger to the safety of the free world, they wouldn’t get very much out of my encrypted files. (Assuming, of course, that any encryption scheme is safe from the NSA.)
So I will be looking into ways I can encrypt my data in the cloud that work across all the systems I use to access my files – my Windows 7 computers, my iPad, my Windows 8 phone, my wife’s Android phone – without forcing me to jump through too many hoops. If I find any good ones I’ll report on them here.
To err is inevitable
Ultimately, though, the problem wasn’t with technology, it was with the process surrounding technology. Which is to say, human error. Someone at Box had the ability to hand control of my data to a total stranger without anyone else blinking an eye. I’m pretty confident Box is not likely to let that happen ever again. But with other companies, who knows?
Situations in which sys admins have way too much power and not nearly enough oversight are extremely common. People I’ve talked to estimate that anywhere from 50 to 90 percent of admins have access to more systems than they should, with no separation of duties between processes and data and little to no supervision.
And if you don’t believe that’s a disaster waiting to happen, just ask the NSA how it feels about Ed Snowden. (The spooks also have their own problems with overly privileged sys admins operating with minimal oversight.)
The solution isn’t to avoid the cloud. It’s to never become entirely reliant on things that are out of your control. In other words, use the cloud, but do it a smarter way.
Lesson learned. For now, at least.
Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he'll make something up). Follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to's, follow ITworld on Twitter and Facebook.
Now read this: