I made my feelings very clear about the use of Dropbox in the enterprise, through a previous post. I still believe Dropbox and similar other cloud sotrage solutions such as Google drive or Sky Drive are a timebomb waiting to happen for many companies who are busy securing their infrastructure but forget to look at the data leaving their premises through the back door. Or just not appreciating how tablets and smartphones are driving their users’ behaviours and requirements.
There will be a lot of red faces if/when Dropbox and Co announce they have been hacked.
However, I have recently come accross a great tool that can help reducing the impact of such a bad scenario. It is called Boxcryptor.
Boxcryptor creates an encrypted folder under your Cloud Storage directory (i.e.: Dropbox) and allows for files to be encrypted on the fly thus making it much faster and transparent than the solution I described before with Truecrypt. The encryption keys are stored locally and only known to you. Their client runs on many different platforms, Mac, PC, iOS, Android.
Boxcryptor works very well but it is important to note a difference in software behaviour between a MAC and a PC.
On a MAC, if you install boxcryptor it will create an encrypted folder in your Cloud Storage directory.
It will also create a new “disk” which gives you direct access to that encrypted folder.
You then have a choice, you can either drop files to this “disk” or to that encrypted folder in your cloud storage directory. Those 2 actions are the sames and the files will be encrypted in both cases.
On a PC, if you install Boxcryptor it will create a folder in your Cloud Storage directory. Note that I did not say encrypted folder. It will also create a new “disk”.
The difference between the PC and MAC implementation of Boxcryptor is that, on a PC, files are only encrypted if you drop them into your Boxcryptor disk. They will not be encrypted if you drop them in your cloud storage boxcryptor folder directly. That folder and the boxcryptor disk are not the same. Those 2 actions are therefore not the same.
This could be confusing, and a user may forget about that difference and copy sensitive files directly onto his cloud storage boxcryptor folder, thinking those files are going to be encrypted when they are not.
To be fair, there is a readme file in the Boxcryptor “encrypted” folder. But the chances are nobody will read it and more importantly, could forget about it.
My recommendation is to get used to copy files to the boxcryptor disk only. That way, you are always sure they get encrypted (and that the software is running in the background!).
I have contacted the authors and they are aware of this behaviour difference. Although they did not commit on any release dates, they are apparently working on it.