Dropbox is convenient but how secure is it?

This question is driving me a little nuts lately:

A potential security lapse and possibly misleading statements are plaguing Dropbox, a hugely popular file-syncing app. What are the issues and is concern justified?

I migrated all my client data off Dropbox and into SpiderOak but it seems SpiderOak doesn’t offer Dropbox-like sync between my team members.

I’ve been testing out BitTorrent Sync but it also have a few challenges and probably isn’t feasible for now (no remote wipe is a problem). I have been using JungleDisk for secure backup to Amazon S3. It has a sync function which works a bit like Dropbox but it could be a real pain to implement.

I am wondering if I am being a teensy bit too paranoid about Dropbox so I am looking forward to reading this article. My concerns about Dropbox are that I don’t control the encryption keys; that there have been a couple really bad security exploits lately and I will never know if some government agency wants access to the data we hold.

One option, I imagine, is an OwnCloud installation but I’m not too sure what the security implications of that are. Is OwnCloud inherently secure or does it depend entirely on the server capabilities?

2 responses

  1. If you want complete control, I’d say install a Linux VM with Rackspace or RSAWEB and then configure file sharing, and access the directory as a mounted volume.

    You can get a server from Rackspace for about 160.00 ZAR per month and add a 100GB mounted volume for 150.00 ZAR per month, R/$ dependant. (have a look at Cloud Servers and Cloud Block Storage for more info.)

    Set the block storage to auto mount and then create a SAMBA share of the mounted volume on the VM. You can then mount this volume in OS X or in Windows. Racksapce make use of RAID10 storage so it should be both reliable and reasonably fast.

    You can use LDAP for permissions if you want to have user profiles shared across multiple servers, or the permissions can be specific to the file server which is probably more than fine and simpler to set up.

    You can then use one of the Linux Disk Encryption options to encrypt the disk content, and as an added layer of security, you could make all of the content only available over VPN but to be honest this might be a bit painful.

    In your office you could run a Physical Server, and use RSYNC to replicate the data to your hosted machine, this way, when you’re in office all of your traffic would be LAN based and only the Server-to-Server sync would be happening over the internet.

    You could configure an HP Micro Server with a 4 disk RAID5 as your local storage server, this should be quite cost effective and provide about 6TB of local storage if you use 4 x 3TB drives.

Leave a Reply