There have been a number of issues with Dropbox and their encryption process for files stored on their systems. This highlights some of the issues with cloud services, as I’ve talked about as well. I use Dropbox, but for any files that have identity information, I encrypt them locally and only store the encrypted versions.
There have been quite a few issues with cloud-type services related to security, and at this point, I think it’s good. The press about the Sony hacks, the RSA issues, and others should be scaring consumers and management in companies into demanding better security from vendors. Without a strong emphasis on security from clients, cloud vendors have no reason to spend more effort on security than they do now. I am actually hoping that insurance doesn’t cover the Sony issues, which will help force companies to consider purchasing insurance specifically for security issues. That will force insurance companies to demand better security as well.
That means the window for throwing together a service without a well thought out security plan is shrinking, and that’s good. We should have security on the mind as we write code. Building that habit takes training, but it also takes practice and requires management to buy into the need to spend some time implementing security throughout our code, and testing for potential issues.
I look forward to the time when strong security exists in all applications, not bolted on as an afterthought, but designed in from the very beginning.