Howard Marks

Network Computing Blogger


Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Goodbye Dropbox

I’ve been a heavy user of Dropbox ever since I moved DeepStorage Labs back to the beautiful New Jersey Meadowlands at the end of 2009. On any given day, I could be working on my desktop at the lab, one of the two desktops at home, from a laptop or my iPad at a client site, or in one of the hundreds of hotel rooms I’ll see during the year. Dropbox made this vagabond life easy, giving me access to all my recent work wherever I was, but a constant stream of security problems is driving me to find another solution.

When the first stories about how Dropbox’s employees actually had access to your data’s encryption keys and could decrypt your data or, even worse, deliver it to anyone with a court order, I wasn’t worried. Given that I could share a folder with another user without giving that user the encryption key, I knew the encryption keys had to be available to Dropbox to enable that feature. As Bruce Schneier said in his blog, "If you expect a cloud provider to do anything more interesting than simply store your files for you and give them back to you at a later date, they are going to have to have access to the plaintext."

In fact, I knew that cloud storage providers and online backup vendors weren’t able to take advantage of data deduplication because their users encrypted their data with private encryption keys, which would encrypt the several thousand copies of the latest Lady Gaga CD that thousands of separate users must have backed up to Mozy or Carbonite into thousands of very different files. Dropbox could offer 2 GBytes of space free, even though it had to pay Amazon 20 or 30 cents a month to store it, in part because its costs were reduced by deduplication.

I accepted that Dropbox could access my data and that it had access controls that prevented such a thing from happening on a regular basis. Just as I accept that my email on Goggle Apps is accessible by someone at Google if it really wants it. That was within my range of acceptable risk, and I kept using Dropbox. Yeah, I figured the company probably misled some folks into thinking its system was more secure than it really was, but I wasn’t one of them, so I kept using Dropbox.

Then came the revelation that Dropbox had screwed up its software so badly that for a four-hour period you could log into any Dropbox account with any password. That’s right--it basically turned off user authentication for four hours. That, as they say, is the last straw.

I’m not vain enough, or involved in serious enough illegality, that I’m worried about random people, or random law enforcement officers, deciding to rummage through my Dropbox looking for something valuable. I don’t keep my password file, finances or other sensitive personal data there, though I do back that data up to Crashplan Central using an encryption key known only to me and stored on USB thumbdrives in several safe places.

My problem is that, as an analyst, I sign non-disclosure agreements like they’re going out of style, and I am required to take reasonable care to secure the secrets my clients trust me with. Dropbox just isn’t feeling reasonable anymore.

So, I’m off looking for a new sync provider that takes security a little more seriously than Dropbox. My first stop will be Sugar Sync, but I’m willing to take suggestions, if you have any.


Related Reading


More Insights


Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Data Deduplication Reports

Research and Reports

Network Computing: April 2013



TechWeb Careers