OT: Dropbox and Skydrive encryption

Posted by jamesofford
Sep 24, 2014 at 01:21 PM

Very interesting topic. As I said earlier in another thread, I don’t keep anything up in the cloud that I need to keep secure. Not so much for lack of confidence in the security of any given cloud provider, but just as a general practice. Then I don’t worry too much if my cloud account is breached, other than my general dismay at a website getting breached. I also use a password manager(Dashlane https://www.dashlane.com/) for all of my password protected sites and I let Dashlane set the password. It does a good job of picking a strong password, and I don’t have Dashlane upload my data to Dashlane’s servers. I also have a pretty strong password on my local copy of Dashlane.

After a few data breaches like we have seen recently, I am a bit paranoid. Also, when I was in industry the company for which I worked had a couple of breaches in which my name, social security number and a few other choice bits of info were released. But those weren’t breaches through the corporate network. One was a laptop theft, and the second was when the spouse of a colleague installed Limewire on a work laptop and in so doing exposed the laptop to the world. It isn’t clear why that laptop had personnel data on it, but it did.

That being said, the university at which I now work has some pretty strong policies in place for faculty and staff with regard to data security. I have spent some time in the last couple of months improving the security of our local network(just the little bit that is our lab’s), changing IP addresses on equipment so that they are not public, ensuring that none of our equipment is broadcasting such that anyone can connect.

I work in a med school, where HIPAA(health insurance portability and accountability act)controls our data usage. HIPAA is the mechanism by which access to patient information is controlled. Given that, we get periodic presentations by our IT guys on handling data. The med school also provides us with secure servers for data storage. I don’t keep patient data on my local machine. I am not in a clinical setting anyway, so the only patient data that I have is from genetic screens that we are doing, and all of those data are anonymized so that even if the data were lost, no one could trace it back to a real person.

Finally, my iPad is encrypted, and I will be encrypting my laptop soon. While I don’t have any sensitive data from work on my iPad, there are personal data on there I would like to keep safe. One of our IT guys told me that if we used the screen lock on the iPad, then the data are encrypted. I need to check this out. If it is not the case, then I need to get some encryption software. I do have some sensitive data on my laptop, but since it is anonymized, I don’t have a lot of concern about that. I do have concern about my personal data.

Jim