As the CISO of a large multinational organization, I understand the fine balance between flexibility/usability and security. Absolute usability means no security and vise versa. So when I look at cloud storage solutions like Dropbox, Skydrive, Google Drive, SugarSync , Cubby, iCloud & al, I understand the attraction. You pay a reasonable monthly fee and all of your important data is backed up to the cloud and available everywhere on all your devices. They provide ultimate flexibility.
Unfortunately the average consumer isn’t thinking about the security of their in-cloud files, because this would add a layer of complexity and would reduce the ease and flexibility of the solution. But without real file encryption, the security of your data is dependent on the policies and controls of the provider. Yikes!
I was reminded of this reality when I heard about Microsoft’s Skydrive and their no nudity policy. Skydrive is an interesting one because it is used by Microsoft to tie its ecosystem together (similar to how Apple uses iCloud). Skydrive clearly doesn’t want you to upload nudity even if it is for private storage and legally obtained. If you transgress and your Skydrive account is suspended, then you may also be locked out of other Microsoft services that rely on that account like Windows 8, XBOX Live, Windows Phone, Skype, the online version of Office 2013 and Outlook.com.
On one hand, Microsoft is forcing users of its services and products to leverage their Live account while on the other hand mandating strict usage guidelines even for your own private files. Is anyone wondering how they detect and handle these situations? With over 60,000,000 million users, the possible flagging of a violation isn’t done manually but the secondary confirmation just might be.
Of the major cloud storage service providers, Skydrive seems to be the most restrictive while SugarSync seems to be most permission.
I am not advocating the storage of illegal content on cloud storage services but I feel strongly that my personal files are my own and it is creepy to know some cloud provider somewhere is evaluating my content without my knowledge. This reality has created a new need. We are starting to see customer demand for encrypted cloud storage, where the provider can’t see the content. This new market is in its infancy and the players are still small unknown players but I am sure this will change over time.
For the time being, watch what you store online.