, , , ,

Yeah, I know it’s another cloud security post, an area already covered here and elsewhere, but I’ve had several emails from HR people telling me DropBox is ‘safe and secure’ for storing things that really, really, shouldn’t be stored there.


DropBox is the online equivalent of a changing room locker, not a bank vault – good for publishing stuff, or as a respository for non-sensitive data.
As a company, it was misleading about its security practices (to put it generously), and was breached at least twice in the space of two years. Quite a poor security record for any firm in that business. Anyone uploading their birth certificate, financial documents and whatever forms of ID there, is just asking to have their bank accounts emptied, or have their identity stolen and used any number of ways. It’s definitely not something I’d risk, just for the purpose of passing an ECRB check that works on the presumption that everyone’s guilty until proven innocent.

My own strategy for online storage in general? I upload any file with the assumption that my account will eventually get breached. Therefore, if that does happen for any reason, the damage should be negligible.