Small business is confronted with a significant decision when it comes to the backup of their important data. Should a local solution be implemented, or should an on-line service be used? I’ve just begun experimenting with a relatively new service called getdropbox.com.
getdropbox.com is a relatively recent entry into the fray of on-line storage and is still in “beta” mode. Getting an account requires an invitation from someone who already has an account. This free account gives the beta-user 2GB of storage. Once an account has been set up, a bit of software is installed on the local computer. This software creates a new folder (dropbox) on the local computer. As files are moved into that folder, they are auto-magically uploaded to the folder on the getdropbox.com servers. These files are only accessible by you, or any other computer with the getdropbox software and and that is linked to your account. Pretty simple, eh?
getdropbox.com also allows you to make some of your files publicly accessible. A unique URL is provided for each file. Anyone who knows, or is lucky enough to guess, this URL can access this file. The file is readable, but changes cannot be written back to the servers.
The capability is also included to share a folder with other getdropbox.com users, but whose computer is not linked to your account. You just need to send them an invitation (via email) to the shared file. At this point they have full read/write access.
Now, how can this be used for an online backup? As mentioned earlier, the software watches the dropbox folder on your computer and automatically synchronizes with the on-line server. If you are using Mac OS X you can simply create a symbolic link in the dropbox folder pointing to any other folder you want automatically backed up. (Unfortunately, this capability is not available to Windows users at this time.) The developer indicates that they are internally testing a Linux client. Then, this should be available for LInux, also.
So, how secure is your data? According to the FAQ, the data transfer takes place over an SSL connection. I’ve not yet had the chance to examine the network traffic to verify this. But, and this is significant, does not state that the files are encrypted on their servers. According to the FAQ, “Files are encrypted with AES-256 before being stored on our backend.” They indicate that in the future users will be able to define their own private keys to encrypt the data, but this is not currently implemented. I would highly recommend that any confidential information be encrypted prior to putting it in the dropbox folder on your computer.
So, would I recommend that you use getdropbox.com for on-line data storage for your company? Yes, if the following conditions are met…
- Sensitive data is encrypted before being put in the dropbox folder for synchronization
- The total amount of data is less than the amount allocated to your account. Right now the maximum folder size is 2 GB
- There is a need to share files with others trusted individuals outside the company
- You business model allows for your company information to be stored outside of your control
Ok, then, what about personal use? Pictures that need be shared with family would be fine to have stored. Likewise, other personal files may be fine. But, I sure wouldn’t put my Quicken data files up on a service like this unless I first encrypt it. (TrueCrypt would be a fine piece of software to use for encryption.)
Finally, the getdropbox.com privacy statement only speaks to personally identifiable information you submit as you create your account. Of course, they reserve the right to sell or disclose your information to service providers, business partners, and others. It is curious to note that they omit speaking to what they will do with the files you store on their site!
Disclaimer: The information in this post is current as of the date and time of the posting. The details of the getdropbox.com service are always subject to change.
