File synchronization services are convenient but safety is a concern
I am a loyal customer of Dropbox, an online backup service that allows you to share documents between computers, tablets and smart phones.
When you install its software, Dropbox places a folder on your desktop (or anywhere else you choose) that looks and acts just like any other folder on your computer. When you move a file into your Dropbox folder — Presto! — the program copies the files to similar folders on your other computing devices. That’s called “file synchronization,” and Dropbox is called a “synchronization service,” or “sync service” for short.
Sync services are a form of cloud computing. You upload your files to private servers and your files are automatically downloaded to your other computing devices. It’s incredibly convenient. No longer do you need to carry countless USB keys or store your files on CDs or DVDs. You just transfer and update your files on all your devices through the clouds.
But with all that file sharing going on, one has to ask: How safe is syncing and sharing?
Sync Security
Naturally I’m concerned about the storage of unencrypted sensitive data on servers outside my control. I use Dropbox for non-confidential purposes only — saving research notes, web articles, white papers and other documents that would be of no consequence if they were accidentally disclosed.
But Dropbox came under criticism recently for security weaknesses. Critics drew attention to the fact that the staff at Dropbox could, in theory, access customer data if required in the operation of the service. Further, they could do so without your knowledge, if served with a U.S. government warrant under the Patriot Act of 2001.
Worse still, the San Francisco-based startup experienced a four-hour security breach that affected its password authentication. For four hours on June 19, 2011, any user could access any account using any password. The breach, attributed to a code update, was a highly embarrassing and costly incident for a tech firm that in 2010 appeared on Business Insider’s list of “20 Hot Silicon Valley Startups You Need To Watch.”
In the end, it turned out that only a hundred or so accounts were affected, but the breach called into question the security of all sync services, including SpiderOak, SugarSync and Box.net.
SpiderOak
The strength of SpiderOak lies in its “zero knowledge” security practices. SpiderOak does not store file names, encryption keys or passwords, which means that employees and hackers cannot steal information related to your syncing and sharing.
SpiderOak also differs from other syncing services in its functionality. While it allows you to designate any folder on your system to synchronize (rather than creating a specific folder like Dropbox), you have to upload files to SpiderOak first before syncing them, rather than simply dragging and dropping files into a desktop application that does the job for you all at once.
Its been called slow and complicated by its critics. You have to make sure its utility is running and its backup schedule is set according to your preferences. But, on the other hand, you feel secure and in control of your data.
SugarSync
A strong competitor to Dropbox, SugarSync lacks the strong third-party application tools and support of Dropbox, but allows you to upload from multiple folders (like SpiderOak) and has full web transfer capabilities on a variety of mobile devices, including Apple and RIM products. SugarSync works well with Documents To Go, the office suite for mobile devices that provides document synchronization between handheld devices and computers. It also provides for direct posting to Facebook Photos. Transferred files are stored in the cloud in an encrypted format.
Box.net
Finally, Box.net, which recently joined forces with Google to compete against Microsoft’s Office 365 in the software as a service field, targets the corporate crowd, emphasizing the benefits of group collaboration through an online workspace. In terms of security, it’s similar to Dropbox and SugarSync, in that it encrypts and stores personal information in the clouds. However, if you’re concerned about other users (even colleagues) accessing your files, you can tag files with an automatic expiry date and apply passwords to specific files.
Products and Price Points
Of course, these are just the main competitors in a rapidly expanding market, and they are all trying to differentiate themselves based on features, function, storage space and price. I’m stiill using my trusty Dropbox folder, but I caution you to make sure you’re comfortable with the security and privacy policies of your chosen sync service.
