1. Seijuro's Avatar
    hey everyone,
    ive got a quick question and hope someone can help me out here

    so im planning on using these 3 apps soon, i just want to access my most important documents, files etc whereever i am and well evernote just sounds fun, but also useful

    and while i obviously use facebook, i couldnt care less about people talking about all this "social networking security", "FB steals your data" and all that ****

    i just dont care, we use it anyway, so w/e

    but its different with these 3 apps, i plan on uploading some important documents, notes and files and some other private stuff
    so i was wondering, how secure are these 3 services?

    i really dont want anyone else than myself to have access to these files/data, so....should i worry? should i not?
    are they secure?

    oh and please dont exaggerate, dont make it worse than it actually is, i'd just like someone to tell me if these apps are secure or if i should better stay away from them if i want to keep my stuff private and secure

    everything ive read about these apps sounds great tho, and the idea behind them is also great, i'd really like to use them
    so, thanks in advance

    oh and also, please visit technology-fanboy's thread and vote for DropBox, so they'll update it (for OS7 support) :
    http://forums.crackberry.com/blackbe...please-640970/
    08-21-11 10:13 AM
  2. Turbaru's Avatar
    i have been very happy with SugarSync. Ive never had any problem with security (knock on wood). It is nice to access work files wherever I am. And everything works fine on os 7. Good luck with your decision!
    08-21-11 11:41 AM
  3. jaydee5799's Avatar
    I have put files in my Dropbox for a colleague and password protected them. He got them fine and I have no reason to believe they were compromised in any way.

    I think it's your choice.
    08-21-11 12:26 PM
  4. ComputerPhil's Avatar
    I personally use GoodSync made by Siber Systems; mostly because I have used and lover their RoboForm product for so many years. If you value security, speed, and ease of use to keep your devices in sync and create backups of important information then I definitely suggest GoodSync.
    08-24-11 12:14 PM
  5. jlb21's Avatar
    Ok, the technology risk management consultant gets to chime in......

    I don't see issues with the apps themselves. My potential concerns arise with the services in the background.

    All of these providers/apps are Cloud Computing providers. With cloud, you never really know where your data is. The provider could have a datacenter and bank of servers in Washington, or they could have some in Manila. You just don't know.

    And then the providers don't always tell you all of the real technical details upfront of how things work. For instance, I was talking to a tech engineer for Box.net. The engineer was discussing their dual/mirrored datacenters that cover for each other. I asked "what happens if both data centers go down?" The response was "in most cases we default service to Amazon Web Services." So a third-party vendor then becomes a third and fourth party situation.

    Now, with my clients, there are 2 or 3 extremely critical tasks that I recommend that they do, and it is not in appropriate for an individual to follow these (at least in spirit) when determining which SaaS (storage as a service) Cloud provider they are going to use:

    1) Perform a data clasification

    You have done this, it seems. What kind of data does one have that they want to store in the cloud? Do you care if someone else is able to gain access to the data? For one client I am working with, their internal policies only allow the consideration of cloud for public or "internal" data. "Restricted" and "Regulated" data are strictly off-limits for Cloud placement.

    2) Risk assessment

    This would be overkill for you to some degree. But for my client(s) we work thru a 130+ question control/risk assessment with each potential cloud vendor. One key example of an issue that arose with one risk assessment was as follows: The vendor was talking about the type of encryption they use and touting the strength of it, etc. But the vendor did not mention anything about how/where the encryption keys were stored. It turns out that there are several individuals in the company who were authorized to access the keys for support purposes. But there was, in fact, no real control for protection of the keys within the organization.

    The bottom line, while an assessment like this is overboard for your purposes, the spirit of that action is not. It is important to have an understanding of what will happen to your data and how well it is protected once it is "at rest" with the provider. The "security" of the app really is all about "data in transit" from you to the provider. They are mutally exclusive....the transmission of the data can be totally secure, but your data could still be at significant risk once it gets there (wherever "there" is given that you never really know exactly where your data is).

    3) What is your tolerance for a breach

    Goes back to part of what I am sayin in #1 above. If your data is lost, stolen, etc.... what is the heartache and pain that you will have to go thru. From a business perspective, the Ponemon Institute performs an annual study on the "cost" of a data breach. On average, that cost is anywhere from $200-$400 per record. For a company that has a breach affecting a million records, this is very significant. But again, we are not talking that scale with your needs. But the bottom line is the same......and not to sound like a broken record....but what kind of data do you have....do you care not knowing where it will be....do you care about what the impact would be if your data is stolen?

    Companies/providers like dropbox, sugarsync, box.net, amazon cloud, icloud, etc., make it real easy to copy/store/move data around. The problem is that there are risks, and sometimes significant. I see too many of my clients jumping way too quickly into the Cloud. Their problem is often that they are just not AWARE of the risks.

    Make yourself aware. Do some investigation. Do what makes you comfortable with your decision. Won't be the same for everyone. But at least I have given something to chew on. That's where it all HAS to start......
    don.new and anon(3667697) like this.
    08-24-11 12:54 PM
  6. Data547's Avatar
    Security is great with SugarSync. The encryption protocol and common sense changing access passwords at least every 60 days serves most professionals very well.
    There have been a number of complaints that people discover the 907- COD invalid error when attempting to download it. That is easily handled by downloading it directly from SugarSync. One has to be aware that the site requires placement of a cookie on your phone which assuredly comprimises security. It would be desirable to have the 10 os not require a cookie to utilize cloud storage. I suspect SugarSync requires the cookie to offset the cost of the 5 GB free storage option.
    Cloud storage is great when need access to larger files. Security assessment information provided by SugarSync was reassuring, but the IS people required specific stipulations on cloud storage content allowed.
    04-26-13 02:26 PM
LINK TO POST COPIED TO CLIPBOARD