A recent admission by Dropbox that it had inadvertently retained user files for as long as seven years has raised concerns about cloud security at the online file sharing giant. A story covered by Australian news source iTnews indicates that Dropbox failed to follow its own security policies when retaining files that users of this service believed had been deleted permanently. This error could have allowed the exposure of trade secrets and confidential information transferred or stored by Dropbox users.
Dropbox Blames a Glitch in its Software for Lax Cloud Security
Dropbox is attributing this security failure to a glitch in its automatic deletion software. It is not clear, however, how such an error could have gone undetected for years given claims made by Dropbox that specialists routinely check their security practices to make sure that all elements of the process are working as intended. Additionally, Dropbox has stated that it uses third-party auditing services to assess the performance of their security measures.
ISO Standard Compliance No Guarantee of Security
Dropbox currently holds compliance certificates for ISO 27001, ISO 27017 and ISO 27018 security standards. ISO 27001 covers general requirements for information security management, while ISO 27017 and ISO 27018 provide standards and best practices for cloud storage security measures. The failure of Dropbox to delete user files in a timely fashion, however, highlights the need for due diligence on the part of individual and corporate users of these services.
Choosing the Best Cloud Security and Storage Solutions
While Dropbox may have lost the trust of many of its users due to its cloud security shortcomings, companies like CertainSafe