IBM's Ban on Dropbox and iCloud Highlights Cloud Security Issues

IBM has forbidden its employees from using cloud-based services such as Siri, Dropbox and iCloud, according to reports. These products (along with many others) are presenting a challenge to IT administrators who want to keep their organizations secure, as well as to consumer-software developers who suddenly need to build features with both consumers and businesses in mind.

Not the first or only

[Anonymous Coward]

My company deals with financial services. We are not allowed to access Dropbox either. Nothing like sharing personal identifiable client data across someone else's network. This is a violation of all sorts of laws, so yeah, it makes sense to deny employees access to shared drives outside the company's purview.

Re:Not the first or only

[Hatta]

Nothing like sharing personal identifiable client data across someone else's network.

Have you ever used a VPN? Then you've done exactly that. It's just encrypted. Dropbox is similarly secure if you store an encrypted container.

Re:Self-Serving?

[CannonballHead]

How is it self-serving? Keeping your employees from using non-internal storage services for confidential data... I guess that's self-serving in the "protect your assets/intellectual property" way, but forbidding your employees from using external companies for storage of confidential data is hardly self-serving. It's right up there with making your employees password and/or encrypt their work laptops... :)

Re:Self-Serving?

[gstoddart]

Ummm. Asking a question here. What does the Patriot Act have to do with anything?

The difference being you'd need to go to court to get a warrant, and I believe there would be a legal opportunity to be notified of this. If Canadian law enforcement accessed your data, you could legally know about it.

The Patriot Act basically says they can demand it, with very little legal support, and it is against the law to tell someone that their data has been accessed from your servers under this request.

So, it comes down to the US having granted themselves access to any and all data from a US owned company or US hosted server ... and made it illegal to disclose that access has happened.

If that data access comes under the guise of secrecy and not going through the normal courts, you'll never know it happened.

As I said, those provisions of the Patriot Act give access that concerns a lot of people ... see here [zdnet.com].

So, based on what I've read, and what I've been told by corporate policies ... for anybody who isn't in the US, America and American owned companies are completely untrustworthy since the law reads like it bypasses local laws when it comes to data security and privacy.

Now, for a bit of balance the other way, I see that people are starting to say the Patriot Act isn't so intrusive [pcworld.com] and this is all blown out of proportion.

But, until I see company and legal policies changing here in Canada, I will continue to treat data being put into a US server as a stupid idea, and I will continue to treat those entities as hostile and not trustworthy.

Since I'm not a lawyer, and I don't have anything to gain by suddenly trusting these entities, if I stick with this, I'm in compliance with company policy. I'll just err on the side of caution -- not trusting the US government is just a bonus at this point.