Are free file storage solutions a safe bet for businesses?

Get a copy of the upcoming book "Secure Operations Technology"

The benefits of cloud computing are becoming increasingly recognized, and with this heightened understanding comes growing numbers of UK businesses that are embracing the use of the cloud for the storage of data. As the technology continues to gather momentum on these shores, many firms and employees are likely to consider utilizing popular free services such as Dropbox and Box. Such storage solutions have already been widely adopted by consumers and SMEs alike; however, these solutions are not without their risks.

While there is no inherent flaw with free file storage services such as Dropbox, these services cannot be trusted to actually secure files. As such, any firm looking to make use of such solutions should first carefully consider the associated risk of storing sensitive data in an insecure environment and the detrimental effect that this could have on the organization in the long term. In addition, the terms of service of such solutions usually also specify that data integrity and availability are not guaranteed either.

Consider the impact of adopting insecure solutions
Given the growing popularity and awareness of these services, it is only natural that firms would consider solutions such as Dropbox as a flexible and convenient answer to the issue of data storage. It also follows that employees would also be encouraged to utilize these solutions to share corporate information: after all, if a business cheerfully entrusts all of its data to public cloud services, why not let individual employees do the same?

The answer is that there are obvious differences between the two. On the one hand, you have professionally managed and centrally controlled services under a strict service-license agreement, while on the other there is just a simple end-user license agreement that generally can be summarized as “the provider assumes no responsibility for anything ever”.

Combine this with the technical and security expertise of the employee itself – which will vary widely depending on the individual’s job role and the sector that they operate in – and this is not exactly good news for the security of corporate information.

Backing up data to the cloud
Organizations of all sizes must look for robust methods of not only storing but also backing up data – and as such should look beyond solutions such as Dropbox and Box in favor of more secure alternatives. When it comes to backing up data to the cloud, the UK and Western Europe continues to trail behind US companies and one of the key reasons for this is that EU-based companies are wary of storing their data with US-based ones, as this could result in liability under the EU data protection laws.

However, with nearly two-thirds of UK IT decision-makers advising in a recent survey that they expect their organization to be the target of a cyber attack within the next 12 months, ensuring that business-critical information is securely stored and backed up in the event of a breach has to be a key priority for all business, regardless of sector.

While organizations may of course dedicate significant resource to guarding against this growing threat and finding methods to stop the attackers getting in, the ultimate onus has to be placed on the security of data. While it is of course important to present a hardened perimeter, in the event that this is bypassed it is vital to have security measures in place to limit the possible extent of any particular breach.

The adoption of layered defense systems is best practice for organizations, and fortunately as companies increasingly move to virtualized infrastructure, the rollout and administration of security solutions designed specifically for corporate use is getting simpler. While a free file storage solution, on face value, may appear like a viable storage option for firms, it is not a solution for any organization that truly appreciates the value of its data.