For me, the hunt for a self-hosted backup service started when I tried to help a friend of mine, who happens to be an accountant. He had a small team of 12 people and was looking to scale-up. He was playing with the idea of hiring another 7-8 people, but due to the space crunch, he wanted them to work from home. Use skype for meetings and if possible drop by at the office once in a while. Hence, it became imperative for him to have a system in place where the entire team could coordinate work and share information with each other seamlessly.
At first, like many others, I googled to see if I can find him a cloud backup service. And also like many others, I found iDrive, GoogleDocs, Dropbox, Box etc. Nearly all of them offer free space (approx. 2GB) when you sign up and a few more extra GBs when you refer them to someone or talk about them on social media.
I shortlisted Dropbox. But before I went ahead with suggesting using that to my friend, I tried to dig a little deeper.
What surfaced was something that I thought is necessary for a user to know before they decide to use these services like Dropbox…
1. The Data Is Hosted On Their Server.
Have a look:
The greatest threat you face from services like Dropbox is the breach of your privacy. As long as your data is housed on their servers you’re not the only one with access to it. Despite the highest encryption coding, it’s actually possible for Dropbox to manually decrypt and access your data! The real concern: Do companies like Dropbox have the right to give away your data?
Now Dropbox has already stated that should they receive a subpoena by law enforcement, they would willingly decrypt your data and hand it over. Where does that place you? Nowhere! Even though Dropbox’s Terms of Service specify that you maintain full ownership of your data while it’s stored on their servers.
So you probably have nothing to hide, but you should know that nothing you put in Dropbox is private.
2. Dropbox has the right to delete your data.
Your data is maintained by an admin who has the right to delete information from free, inactive accounts. So if you store some information on Dropbox and abandon the account for a few months, it is unlikely that you will get it after you log back on. Dropbox gives a free hand to employees over the ability to permanently delete and share files. This can result in the permanent loss of critical business documents as well as circulation of confidential information that can break privacy agreements in place with clients and third-parties.
Several compliance policies determine that files be held for a specific duration and only be accessed by certain people; in these cases, it is imperative to employ strict control over how long files are stored and who can access them.
Since Dropbox has loose (or non-existent) file retention and file access controls, businesses that use Dropbox are risking a compliance violation.
3. ONLY the developers know the encryption used to secure your data
It’s also worth pointing out that, while Dropbox does encrypt your data, it remains the sole custodian of your encryption key and retains the right to decrypt your data if required. The encryption used to secure user data is only known to the developers. Users are not allowed to perform encryption on their information before uploading it to Dropbox. If you’re storing financial reports, strategy documents or competitive analyses, you want them protected.
But Dropbox has limited encryption and security features that can leave customers’ data exposed. Your data is sitting on the same public cloud next to content from millions of other users, without adequate isolation. Also, since Dropbox stores the keys for all its users, it’s possible that a database breach could result in everyone’s encryption keys being stolen.
4. Scammers are using it to gain credibility
Dropbox is being used to host viruses and malware as its links lend scammers an air of credibility. Emails featuring Dropbox links are on the rise, as the company’s name lulls victims into a false sense of security.
The subject matter always concerns pressing financial issues, such as invoice payment or tax returns. Included with each email is a link asking the victim to download a file to start claiming the money back. The file including the malware is hosted on Dropbox, something that could convince otherwise security-conscious people to download the file.
Once the program is run, the ransomware locks away important files on the victim’s computer before demanding payment to release them again. Users are then given a “unique” URL code that directs them to a CAPTCHA test and bitcoin donation page. If the ransom of isn’t paid within the time limit, it doubles. Unfortunate victims have lost thousands of files to the virus already.
5. Data Loss
With Dropbox, IT administrators can’t control which users are syncing files. Nor can they control who has access to shared files. Dropbox does not allow companies to view an audit log, so if sensitive data is leaked, admins have no way of knowing who may have accessed it.
What’s more, Dropbox doesn’t provide remote wipe—so if an employee’s laptop is stolen, IT can’t remotely remove Dropbox data like they can remove Exchange data. Most of the problems with Dropbox emanate from a lack of oversight. Business owners are not privy to when an instance of Dropbox is installed and are unable to control which employee devices can or cannot sync with a corporate PC.
Use of Dropbox can open the door to company data being synced (without approval) across personal devices. These personal devices, which accompany employees on public transit, at coffee shops, and with friends, exponentially increase the chance of data being stolen or shared with the wrong parties.
6. High Costs – $795 annually for 5 users and $125 for each additional user
Dropbox’s paid cloud storage plans require you to pay a monthly fee for each user and, for businesses with large teams, this could add up quickly. If you are just starting out, it may look pretty affordable. However, Dropbox may not be the most cost-effective solution if your budget is tight and you are planning to scale up. Before committing to a purchase, calculate how much you’re willing to spend. And gradually businesses realise that for the top dollar it charges, Dropbox really has nothing special to offer.
For small businesses and start-ups that are sprouting all over, $795 on just storage is a big price to pay, especially if it comes hand in glove with a bunch of security and privacy risks.
7. Lack of support contacts
Picture this… If you send an email to Dropbox support you are told that a response can take between 1 and 3 business days. Not really the type of support that a paying customer expects. What is particularly frustrating is that you can’t even post to the forums because you need to be signed in to your Dropbox account to do so. And even if you try to post to twitter @Dropbox_support, you will receive an answer telling you to contact support via email. Another BIG problem with Dropbox is that requests from Pro and Teams users are given priority assistance.
The thing is when you produce something and put it out for people to use, you must support it. Period. Even if it’s free. You do it because it’s the ethical thing to do, and also to maintain your reputation. Poor support only leads to a list of clients whose only interest in the product are freebies.
Other popular backup services out there:
JustCloud – Again, hosting your data on their server could cost you dearly.
CrashPlan – The biggest problem with CrashPlan is the horrible upload speed. Many people are getting much less than 1mb uploads even though their internet connection supports speeds many times faster than that. For anyone who frequently adds files to their backup set, this would make CrashPlan almost useless since you would never have a complete backup. You would always have files pending to be uploaded.
iDrive – Well, they sometimes try to charge you for solving problems that were caused due to their own fault in the first place.
SugarSync – It’s Expensive. There’s no real-time collaboration. It’s a slow online backup. There’s no private encryption key for online backups. There’s no free account tier. And it’s extremely difficult to cancel an account…the list goes on and on.
ElephantDrive – The service is difficult to use and navigate, and response times for technical inquiries can span several business days. Overall, ElephantDrive does a good job but it’s not the service to use if you need to do a lot of file syncing or file editing in the cloud.
Box– Box does not offer a lot of storage space for personal use compared to other web storage providers.
These are great services. These all are cloud syncing and backup tools that will make all of your data available anywhere. They work great for an individual, but when it comes to business, security, and safety of your data is paramount.
What can you do to ensure that your data is backed up and is secure? Simple — host your own alternative to Dropbox.
SyncManage is an “ownCloud service provider’. It is a universal file access platform that is hosted in your data centre, on your servers, using your storage. It provides you seamless access to all of your files from any device. You can access company files on any device, anytime and from anywhere.
For more information, you can visit: SyncManage here.
Word of caution: So next time you are looking for any sort of service, I’d suggest you go deeper in your research and not just stick to the first page of Google.