Software bug exposed Dropbox users’ accounts to others

I posted a blog back on May 16, 2011 about the Dropbox cloud storage service. Yesterday I saw the following headline in the Los Angeles Times; “Software bug exposed Dropbox users’ accounts to others” and thought it would be a timely story to pass on to others that don’t read the LA Times. The point of the story was that accounts of people using Dropbox were accessible to other users during a nearly four hour period last Sunday.

Click on the hyperlink above to read the full story.


Steps to avoid email archiving woes

On April 26, ProofPoint, a cloud email archiving provider (among other solutions), published a short but interesting article; “Steps to avoid email archiving woes” talking about incomplete email archives.

I must say I agree with the article in general and especially with the point that the archive needs to be easy to search for in eDiscovery. With that thought I also wanted to add that for really effective eDiscovery of your email data, a complete archive is essential. What you want to avoid is being forced to go to backup tapes because some potentially responsive email might reside only on your backup tapes; a costly situation.

If you’re going to archive your email with eDiscovery in mind, be sure you choose a vendor that can captures everything that could be asked for in eDiscovery.

The ROI of Information Management

Information, data, electronically stored information (ESI), records, documents, hard copy files, email, stuff—no matter what you call it; it’s all intellectual property that your organization pays individuals to produce, interpret, use and export to others. After people, it’s a company’s most valuable asset, and it has many CIOs, GCs and others responsible asking: What’s in that information; who controls it; and where is it stored?

In simplest terms, I believe that businesses exist to generate and use information to produce revenue and profit.  If you’re willing to go along with me and think of information in this way as a commodity, we must also ask: How much does it cost to generate all that information? And, what’s the return on investment (ROI) for all that information?

The vast majority of information in an organization is not managed, not indexed, not backed up and, as you probably know or could guess, is rarely–if ever–accessed. Consider for a minute all the data in your company that is not centrally managed and  not easily available. This data includes backup tapes, share drives, employee hard disks, external disks, USB drives, CDs, DVDs, email attachments  sent outside the organization and hardcopy documents hidden away in filing cabinets.

Here’s the bottom line: If your company can’t find information or  doesn’t know what it contains, it is of little value. In fact, it’s valueless.

Now consider the amount of money the average company spends on an annual basis for the production, use and storage of information. These expenditures span:

  • Employee salaries. Most employees are in one way or another hired to produce, digest and act on information.
  • Employee training and day-to-day help-desk support.
  • Computers for each employee
  • Software
  • Email boxes
  • Share drives, storage
  • Backup systems
  • IT employees for data infrastructure support

In one way or another, companies exist to create and utilize information. So… do you know where all your information is and what’s in it? What’s your organization’s true ROI on the production and consumption of your information in your entire organization? How much higher could it be if you had complete control if it?

As an example, I have approximately 14.5 GB of Word documents, PDFs, PowerPoint files, spreadsheets, and other types of files in different formats that I’ve either created or received from others. Until recently, I had 3.65 GB of emails in my email box both on the Exchange server and mirrored locally on my hard disk. Now that I have a 480 MB mailbox limit imposed on me, 3.45 GB of those emails are now on my local hard disk only.

How much real, valuable information is contained in the collective 18 GB on my laptop? The average number of pages of information contained in 1 GB is conservatively 10,000. So 18 GB of files equals approximately 180,000 pages of information for a single employee that is not easily accessible or searchable by my organization. Now also consider the millions of pages of hardcopy records existing in file cabinets, microfiche and long term storage all around the company.

The main question is this: What could my organization do with quick and intelligent access to all of its employees’ information?

The more efficient your organization is in managing and using information, the higher the revenue and hopefully profit per employee will be.

Organizations need to be able to “walk the fence” between not impeding the free flow of information generation and sharing, and having a way for the organization as a whole to  find and use that information. Intelligent access to all information generated by an organization is key to effective information management.

Organizations spend huge sums of money to generate information…why not get your money’s worth? This future capability is the essence of true information management and much higher ROIs for your organization.


Cloud Storage is not as secure as local storage…Really?

A December 13th posting in the Harvard Business Review Blog titled; Cloud Computing? Not So Fast — Unintended Consequences of Recent Disclosures, seemed to conclude cloud computing/cloud storage was inherently less secure than traditional local or on-premise storage of sensitive records.  The blog entry tried to site a couple recent cases to prove the point. One example used was the wikileaks revelations.  The implication was this massive amount of leaked information was (more easily) leaked because it was “stored in the cloud” verses somewhere else…such as an organization’s NAS or SAN.

The implication of the blog posting is inaccurate in that it assumes the top secret federal government controlled files were stored in a third parties data center with little or no security and this was why army private Bradley Manning was able to easily steal a such huge cache of files/records.

I don’t know for a fact, but my guess would be that this data was held within the federal government infrastructure and was not being stored at a third party data center. But even if the data was held at a third party facility, security of the data is key.

There are several definitions of cloud storage but the one most referenced is; cloud storage is storage accessed over a network (internal or external) via Web Services APIs. To many in the business world, cloud storage is a service which allows an organization to store electronic files/records in a third party remote location. Organizations will look at this service for a couple of reasons; first it may be less expensive then purchasing and maintaining their own local storage resources. The second reason is for increased security; sensitive data can be better protected from employee leaks etc.

The miss-used wikileaks example aside, it may be the author doesn’t fully understand the technology involved in on-premise storage verses cloud storage. In my experience, most organizations don’t protect the data their employees store locally with encryption or other safeguards. Many of the cloud storage providers encrypt data being stored to a cloud repository as it arrives at the storage facility. A couple providers encrypt it before it leaves the customer’s location; and of course the encryption key is known only to the owner of the data not the storage provider.

Top tier cloud storage providers store their customer’s encrypted data in class 4/5 secure underground data centers. Many Fortune 100 companies believe this type of storage is higher quality than letting their employees store sensitive data locally…