I wrote a few months ago about what a difference the cloud has made for how I conduct business. I rarely buy software for my new company anymore; I often am paying for some type of cloud-delivered service.
One of those services that I use (and love) is Dropbox. It is an incredibly easy replacement for a file server when you need to share 10s to 100s of GB of files between mutliple users. However, I definitely have some security concerns about it, and not just since the big snafu a few months ago.
One of my issues with dropbox is that they can access my data. Data is encrypted in transit, but they can access my data because they have my password. The same appears to be true of Syncplicity & Sugarsync. Why do I think that? Because they have a "reset my password" link. How does encryption work if they can change my password without a problem? Compare this, for example, to wuala's answer and boxcryptor's answer to the question about a lost password.
Even with Wuala, who says they don't know my password, how do they share encrypted data with users I specify? If all data is encrypted/decrypted locally, how does the person with whom I'm sharing files decrypt them? I'm curious.
The last two listed are open source alternatives. They're too limited in functionality for me, but I thought I'd throw them on there anyway.
What do you think about all this? Anyone I left out that I shouldn't have?
----- Signature and Disclaimer -----
Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technologist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.