Monday, June 20, 2011

Security: Uh, Oh. Dropbox Dropped It.

Dropbox is a cloud-based data storage service. 

My extremely sloppy, kindergarten definition of "cloud-based" (or "cloud computing") is that you've got stuff that belongs to you out on "the web," thanks to a service provider with enormous servers that are allegedly safe from various disasters, both intentional and unintentional, manmade or natural. Some of this stuff is static stuff, like files. Other stuff include applications that you ... Ok, now I'm getting myself a little lost.  For a more learned definition of cloud computing, go here.

Back here, I posted about Amazon S3's cloud-storage snafu. ... and back here I talked about the difficulty in making informed decisions about the integrity (in all senses of the word) of particular service providers. 

Dropbox, another cloud-storage provider, really, really blew it yesterday. It left all of its customers' files vulnerable for four hours.

Dropbox' statement here seems very weak to me:

This should never have happened. We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again.

Here's what Dropbox should have said:

This should never have happened. Because of our inadequacy, we failed our core mission, which is to protect our customers' data. We betrayed our customers' trust. To make things right, we will refund any fees paid by our customers in the last 12 months. In addition, we will provide all of our customers with written guidance on how to transfer their stored data from our service to a competitor's. Finally, we will leave no stone unturned in finding out what happened here and doing whatever we need to do to be worthy of our customers' trust again.

I'll be looking for a different data-storage provider. And I want my money back from Dropbox.

No comments: