Tuesday, September 29, 2015

DropBox is Not Your Friend

Let me start out by saying that DropBox CAN be the perfect solution for many small businesses - IF it's the solution to the right problem!

There's an old saying among people who work with their hands: Use the right tool for the right job.

When you use the wrong tool, either you injure yourself or you do a really crumby job. Either way, more than likely, it shows. Note also that you have to do the right job. That means even the best tool can be used the wrong way.

As we tip-toe into "cloud" services, a lot of companies are finding out that employees (or owners and managers) are grabbing whatever tool they can find to make their job easier. One of the most common examples of this is cloud-based storage. Time and time again, we see clients who are throwing important company data up on free accounts. Some people even brag about having 5 GB accounts on several different providers - all free!

Free is great when free is appropriate. 

Free means, in the end, you have ZERO guarantees that anyone is responsible for your stuff. Even if everything was lost by a freak accident and you were paid one million times what you paid for the service, you will still get ZERO. If you're not paying for it, assume it's not as secure as when you are. Assume it's not as private as it could be.

Just because a little lock shows up in your browser and the web connection is "encrypted" doesn't mean that you have any level of real security. Most free accounts (I would say ALL, but I don't actually have proof of that . . . But certainly every free account I've ever seen . . .) is NOT compliant with requirements such as HIPAA or PCI.

What does that mean? In a nutshell, it means that these free accounts aren't good enough for use with data that 1) Is important in any way, and 2) You don't want to lose. If your industry is regulated in any way, YOU are responsible for the security of you data and being compliant with regulations.

When you hire a professional technology consultant, they will make sure that your data is secure - in a way that protects you and has your best interest in mind. For example . . .

- It's good to say your data are encrypted. What does that mean? To be truly secure, you need to be in control of that encryption. That means some system you control needs to do the encrypting and decrypting. The service that stores your data should never be able to look inside your encrypted files. Your consultant can show you how this works with the systems they sell you.

- It means that you need a complete system designed for speed, security, and data recovery. All of that needs to be designed intentionally and documented thoroughly. In a disaster, where are your data? Which accounts and emails and passwords are used for everything? Who knows this stuff? Where is it documented?

Cloud services absolutely CAN be secure and keep you inside the law. But that doesn't happen by accident. You can't just put your important company data anywhere you want and assume someone is taking care of it.

The real irony is that good, secure, cloud-based systems are now VERY affordable. That means low-price, not free. But to save a few dollars every month, people choose to do whatever they think is "easy." We all know the free version of games are crippled in some way. We all know the free version of software has key features disabled. We all know that free means you're not getting the whole thing.

What's missing in your free cloud storage?

PLEASE talk to your technology consultant and make sure you have a data storage system that makes sense and was created specifically to meet your needs.

DropBox might be your friend. But only if it's part of an overall system designed to meet your needs and fulfill the requirements of your business.

:-)