Business is increasingly taking place outside the corporate firewall. Employees are using their own devices and turning to consumer-grade cloud file sharing services to allow for access across multiple devices and to collaborate with each other or with outside partners, consultants, prospects, and clients.
Even when the use of services such as Box, Dropbox, SkyDrive, and other similar services is sanctioned by the IT department, businesses have nearly zero assurance of confidentiality when their employees store documents in the cloud. Not only are there few publically documented vendor controls, there is no way for a business to continuously audit the cloud vendor’s entire infrastructure and administrative procedures to ensure that documents remain private.
A troubling example was recently brought to light by WNC Infosec (Western North Carolina InfoSec Community), which found that the Dropbox file sharing service opens certain files after they are uploaded.