Security Awareness Blog

Cloud Can Make Sharing too Easy / Confusing

I'm a big fan of the Cloud, it enables you to remotely work with large groups of people around the world, creating tremendous efficiencies not available before. For all those security people kicking and screaming about the Cloud, time to face reality the Cloud is here to stay. Our job now is to understand it's risks and how we can leverage it securely.

One of my concerns (and our challenge) is that the Cloud can make it too easy for people to share, and in some ways too confusing. For example, I posted in the past how Dropbox, BY DEFAULT, allows anyone you share a folder with to invite others to join and share that same folder. You have to manually disable this feature if you own the folder.

Another feature Dropbox has it is allows you to make any file or folder publicly available via a simple URL, no Dropbox software involved. The confusing part about this is your users, when they use this linking feature, may not realize they are actually making the file/folder available to the world. All a person needs to know is the unique Dropbox URL. The process for creating a public link for a file or folder, and inviting people to access the information via the link, is very similar to inviting someone to share a folder using the Dropbox software. End result, you have employees thinking they are doing the right thing (privately sharing information with a specific individual) but instead are accidently sharing it with the world. Once again, awareness and training are just as important as any technical controls.

By the way, quickest way to confirm what you are sharing with the world is simply logging into your Dropbox account via their website, then clicking on the "Links" option in your menu.