Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Dropbox: What you need to know

by
4th Jul 2012
Save content
Have you found this content useful? Use the button above to save it to your profile.

Collaboration and client portals are all the rage and the Dropbox online storage service is proving to be a popular choice. Among the service's 50m users are increasing numbers of UK accountancy firms, judging from contributions to a recent Any Answers debate on the pros and cons of Dropbox.

The thread was sparked by a question from jaybee661. Having started practising from home, jaybee wanted a way to make the same files accessible from the firm’s new office: “Is something like Dropbox the answer so I can ‘see’ the files (and, more importantly, make changes to them) wherever I am?”

Nearly 70 comments were posted in response. This article sifts through the evidence presented to throw more light on one of the internet’s most successful recent phenomena.

Top Dropbox tips

Experiment The combination of instant back-up and joint access makes Dropbox very flexible - you can even use it to host a fully working website.

Consult clients If they prefer idiot-proof Dropbox approach to file sharing, get their written agreement

Use it to collect client data Safer and more secure than email

Encrypt data if you are concerned about privacy, and familiarise yourself with DPA, ICO and safe harbour requirements

Make Dropbox your “MyDocuments” location to back up all your files automatically. Lifehacker explains how

Consider alternatives If consumer-oriented Dropbox service does not cater for your needs (see box below)

Dropbox - what it is

As one of more than a dozen AccountingWEB members who came forward to discuss their experiences with Dropbox, Hansa descrbed it as a “very useful cloud service for synchronising non-confidential data”. The advantages include ease of use for uploading and retrieving files to the web, compatibility with most mobile devices and built-in synchronisation between PCs, Macs and smartphones that you connect to the service. Once you load up a file, the latest version is available on all your devices.

The big concern Hansa and others raised was around security. After a few recent headlines, some users who delved into the data protection arrangements were less enthusiastic about using it for storing or sharing client files.

“It's great for granny's photos, not for business”, commented Hansa.

But Paul Scholes and other Dropbox enthusiasts don’t see the need for ultimate security and are happy to live with the acknowledged risks: “Once you use it you'll chuck away all your memory sticks and realise how much more confusing life was before it.”

How accountants are using Dropbox

Dropbox is an online storage facility to which you can back up files from your desktop and mobile computers. It also share files so you can also use it to distribute or collect data from others.

The service is free for the first 2GB of storage, and you can earn extra space by encouraging others to sign up. Professional services can be purchased starting from $10 a month ($99 a year).

“One of the best uses is where clients have to send over lots of files in bits and pieces, say if we do their books, so they just dump them into a shared folder over the month and then email me when they are done,” said Scholes.

The app is also infiltrating accounting systems; online accounting provider KashFlow has adapted its software to let users to upload and attach accounting records such as quotes, invoices, customer/supplier data and journal entries to Dropbox and encourages its accountant clients to use the mechanism as a document portal for tax returns and accounts within Orbit.

Pros and cons

The comments in favour of Dropbox were consistent: “simple to set up, works well”, as AccountingWEB member ChrisMartin put it. Hansa agreed Dropbox is easier to use than many rival systems. Having used it as an email replacement to share files between offices in different countries, Dropbox also proved itself in situations where there were poor internet connections. But once a client pointed out some of the security issues, Dropbox has been relegated to non-confidential uses.

ChrisMartin also highlighted that Dropbox was not as effective for collaborative work as rivals such as Google Docs or Microsoft Office 365 (see below). If changes are made to an online spreadsheet file, the first person to finish wins and the competing changes are saved to a separate file.

The security issue

The discussion was dominated, however, by whether or not Dropbox offers the requisite level of data protection for accountants operating in the UK and registered with the Information Commissioner as data controllers.

Hansa put the case against Dropbox: “Be aware it is not secure and the servers are US based (thus minimal privacy). Their staff can access your files and thus give them to others... It’s great for granny's photos, not for business and very probably breaks data protection rules.”

The final point was rebutted by several contributors. Dropbox is hosted on Amazon’s US-based S3 web servers, which are covered by a safe harbour agreement effectively granting equal status to European Union-based servers under the Data Protection Act. Hansa’s concern went further, and related to provisions within the US Patriot Act that gave government forces the power to demand access to files held on US-based servers; the Switzerland-based Wuala service was suggested as an alternative, along with a few other rivals.

The original thread delved into the issue in great detail. If you do not have the time or inclination to research these issues now, be aware that they are important; some relevant links are collected below if you want to find out more later.

Also worth a look

Except where indicated, these services include a free personal/introductory service, with extra space and features available for additional fees.

• Box.com

• Google Drive

• Livedrive

• Microsoft Office 365 - 10GB storage included in £4 monthly fee, with email synching too

• Spideroak

• Springcm.com - includes methods for collecting documents and workflow tools, starts from $18/user/month, but free to Salesforce.com users.

• Wuala.com

But the prevailing view on AccountingWEB was more pragmatic.

“I’ve been using Dropbox for my own personal files and client files for years,” commented member 0103953. “Any really sensitive Excel/Word documents are password protected. The US government would not be remotely interested in any of my clients… For the type of clients I have, the standard Dropbox encryption and security procedures appear sufficient for me.”

Dropbox itself has no in-built password facility, so protecting files before upload may be advisable for confidential data. Jonstanton advised that the DPA puts a responsibility on controllers of personal data to ensure it is protected in transit. “Whilst you may perceive the risk to be low - your clients may not be so comfortable with using Dropbox to hold their personal details,” he commented.

“If you want to use Dropbox I would try combining it with TruCrypt, so the files are encrypted before they are uploaded.”

Another point raised by martinlittle is that once you share a file on Dropbox, the person you have shared it with can then share with others, so you no longer have control over who accesses those files.

The weight of numbers and popularity with clients came down in favour of Dropbox, JC urged members who use it to check their PI cover before entrusting files to a public Cloud service, and to do a risk assessment of potential problems should anything go wrong with a site chosen as an online backup medium. “If all your backups were located in the Cloud, can you retrieve your material if they are closed?” he asked.

Further reading

Tags:

Replies (32)

Please login or register to join the discussion.

Sarah Douglas - HouseTree Business Ltd
By sarah douglas
05th Jul 2012 10:09

Embracing Technology

Hi John 

This was a very useful debate.  Prior to the Any Questions I had read about the  security issues so it was very interesting to hear other accountants points of view. 

Just prior to that I emailed all my clients whom we share Drop box folders with  to make them aware of this issue, and to ask them if they wanted to continue using drop box or change provider .  We made it quite clear that if they continued to use it we would have to put something in writing moving forward. 

Not one client said they wanted to stop using it and they were prepared to take the risk.   On the suggestion of providing another provider,  most of my clients who are also heavily involved in IT said they felt it was the easiest to work with and were prepare to take the risks . 

It is amazing how things have changed.  We as a practice have changed a lot in the last couple of years.  Between using Dropbox and and having a Video Skype call with clients we have found our clients have been a lot happier as they feel they are more in contact with us and have less paper to go through.   If they do not want items kept on Dropbox they download it and we agree to clear it from dropbox once we are finished. 

Some of our clients have notice clinches so  I also include  dropbox in my backup anyway to cover us as a practice.

Technology will always change and we should embrace it .  I now check my Skype for instant messages from clients .  It is a great way for them to just type instant questions and it is very easy to copy the History to OneNote or similar for your clients .  It also  keeps a very easy to use record of when you phoned them and how long for.   I find it useful for billing. 

My clients use texts quite a bit almost as instant thoughts.  They are not expecting a instant answer , their busy running the business and it is almost as if they do not want to forget that question. Of course you charge for the service.  But Copying texts is difficult to your client records but it means it is all there and you can give them a quick call.

Also it a good idea to check that your phone is been backed up as well, just in case . 

Kind Regards Sarah Douglas  Douglas Accountancy and Bookkeeping Services Glasgow 

 

Thanks (1)
Replying to lionofludesch:
avatar
By greybeard
05th Jul 2012 12:31

Copying Texts

 

One useful trick with iphones is that you can take a "picture" of the text and then email that to yourself. You simply load the text onto the screen and then simultaneously press the top on/off switch with the navigation switch. The iphone effectively does a "print screen" command. The image is stored under "photos" and you are able to email this to yourself or anyone else.

I have found this useful on many occasions.

Thanks (0)
Replying to Portia Nina Levin:
avatar
By chatman
06th Jul 2012 18:10

iPhone / Smart Phone

greybeard wrote:
iphones is that you can take a "picture" of the text and then email that to yourself.

I would have thought any smart phone could do this. Certainly any Android phone with a camera.

Thanks (0)
avatar
By pmtate
05th Jul 2012 10:53

always bear in mind

BACKUP BACKUP BACKUP (and not on same service)

see @3ammagazine  https://twitter.com/3ammagazine/status/219901886931804160

12 years of online magazine missing in action as host vanished.....

Thanks (1)
avatar
By Jack
05th Jul 2012 12:33

Copying Texts

On iPhone, one can also copy the text (press and hold the text box, select copy) and then paste into email to self.  Particularly useful as a reminder / message unread.

Thanks (0)
avatar
By growson
05th Jul 2012 14:05

Remember Third-Party risk as well

 

A point that may have been missed is that CLIENT records often have sensitive information of others -- especially the personal information of EMPLOYEES in order to process payroll, etc.  

So when a client says "they are prepared to take the risk," I've found that most NEVER CONSIDERED the potential ramification of accidental disclosure of payroll info and the remediations they would have to do to compensate for this.  The clients were only considering the effect of the disclosure of the business' FINANCIAL data.

What's the liability for practitioners?  No idea (and it probably would depend upon which jurisdiction you conduct your practice).

Good to hear that many practitioners are having frank discussions with their clients.  While I do worry about the access/security/potential "unintentional disclosure" issues, if all are willing to accept the risk/consequences, then Dropbox is a fantastic tool.  I know I can't live without it - and I only use it for non-sensitive info.

Other quick observations:

- TrueCrypt works with DropBox (and other such services) but only if the container is small (1Mb-2Mb tops).  Otherwise, the file synchronization time can be considerable (I've noticed the problem just when leaving home computer and trying to open the files once I arrived at work).  Note also if you open up a truecrypt volume within Dropbox, then the volume is exposed (there's notes about this on the TrueCrypt site).

 

- Password protecting Word/Excel/etc.:  no security there - there are hundreds of free tools that can bypass the indigenous password protections on these files.  10 seconds with a Google Search.  So that approach isn't providing ANY diligent protection that would exonerate a practitioner's responsibility in the eyes of IS auditors or the court system.

Thanks (1)
avatar
By Anne Fairpo
05th Jul 2012 17:00

Dropbox security option

For a (fairly) easy route to securing data on Dropbox, have a look at SecretSync (http://getsecretsync.com/ss/) - no, I'm not paid by them, or in any way affiliated other than as a user. This software sets up a folder, synchronised via Dropbox: any files put into this folder are automatically encrypted (can explain the voodoo if you want) before they're copied to Dropbox, so that you control the encryption.  The folder can contain sub-folders as well, so you can set up a standard file system under it.

What's stored via SecretSync on Dropbox is encrypted and can't be accessed on an iPad (etc) or from any computer that doesn't have SecretSync on it. As a result, you need to have SecretSync on each computer that you sync through Dropbox, if you want access to the files in each place. The SecretSync software unencrypts the files as they're sync'd from Dropbox.

The advantage over TruCrypt and other similar encryption models is that all this happens on the fly, without user interaction. Yes, I'm just lazy. I want the technology to do it all for me. Your mileage may vary!

Thanks (3)
Replying to chopin_fanatic:
avatar
By jaybee661
06th Jul 2012 11:35

@afairpo

afairpo wrote:

For a (fairly) easy route to securing data on Dropbox, have a look at SecretSync (http://getsecretsync.com/ss/) - no, I'm not paid by them, or in any way affiliated other than as a user. This software sets up a folder, synchronised via Dropbox: any files put into this folder are automatically encrypted (can explain the voodoo if you want) before they're copied to Dropbox, so that you control the encryption.  The folder can contain sub-folders as well, so you can set up a standard file system under it.

What's stored via SecretSync on Dropbox is encrypted and can't be accessed on an iPad (etc) or from any computer that doesn't have SecretSync on it. As a result, you need to have SecretSync on each computer that you sync through Dropbox, if you want access to the files in each place. The SecretSync software unencrypts the files as they're sync'd from Dropbox.

The advantage over TruCrypt and other similar encryption models is that all this happens on the fly, without user interaction. Yes, I'm just lazy. I want the technology to do it all for me. Your mileage may vary!

... so you wouldn't be able to get to your encrypted files via an iPad - could be an issue if you need files 'on the move'?

Thanks (0)
Replying to Mike18:
avatar
By growson
06th Jul 2012 23:19

iPads were never designed for corporate use

Jaybeee661,

 

You're completely right -- i-devices never designed to handle things like generic encryption layers, etc.  It's one of the big problems with that whole ecosystem (from a corporate perspective). Right now, the "best" option is to wait for the Windows 8 Pro Surface tablet (not the RT version) which can/should be able to incorporate TrueCrypt (and I bet SecretSync will work too, once they have code written for the Win8 environment).

Steve Jobs was designing the world's best music/video environment when he dictated the iPad specs.  Corporate use was furthest from his mind at the time.

(btw, I totally love my ipad but, this is one of the glaring areas where it lets me down).

Thanks (0)
Replying to Mike18:
avatar
By Anne Fairpo
07th Jul 2012 11:28

@jaybee661 - yes, that's a problem

Yes; if you need to access client files from Dropbox on the move then SecretSync won't be helpful, but neither will any other encryption that you control as far as I know. The iPad has its own encryption but I haven't come across any apps that will unencrypt a file from Dropbox (or other similar storage).

For what it's worth, and the following is probably tl;dr, if I have to take client material on an iPad, I temporarily copy it to Goodreader and password protect it (various times, because I'm paranoid - the iPad is passphrase protected, the Goodreader app requires a password to access it, the files are password protected individually, and they are within password protected folders. Goodreader uses the iPad's encryption system so that password protection encrypts the files, it doesn't just lock them).

Much the same as printing it out, really. It's mildly irritating not to be able to get material from Dropbox on the fly, but I'd really rather not have to worry about the potential for uncomfortable conversations with the Bar Council and the Information Commissioner's Office.

Thanks (0)
avatar
By Nigel Hughes
06th Jul 2012 11:04

Terrific summary John

OK I'm going for a crawler of the year award!

I'm not a dropbox user yet, but have to exchange large files which email can't cope with from time to time.

I've found this really helpful and is a good example of the AW community really coming into its own

Thanks (1)
avatar
By TheFSG
06th Jul 2012 18:50

Dropbox,, Google Drive & Sugarsync

I've tried three syncing software solutions before deciding which one to go for.

Dropbox is the market leader but is quite expensive. Sugarsync is slightly different to both Dropbox and Google Drive in that you choose which folders to sync, rather than having a specific folder that needs to be populated with the folder/files you want to sync.

In the end I went for Google Drive quite simply because of price. The software isn't as nice as Dropbox's but at $2.49 per month for 30GB (5+25) against $9.99 for 50GB (100GB is $4.99/m in Google drive). I've been using it for about 2 months now without any issues.

The other benefits are that you always access files on any machine with Internet access,and if you use more than one laptop these files are invisibly made available on all machines with or without Internet.

One reminder though - these are syncing solutions so if you delete or change a file that's synced old versions will be replaced or removed, unlike a backup service where deleted files may still be available.

Thanks (0)
Replying to TomHerbert:
avatar
By growson
06th Jul 2012 23:49

Might depend on situation

 

Google Drive / Microsoft SkyDrive -- both of these are definitely cheaper than DropBox.  However, I've never been able to get either to work as smoothly as Dropbox (meaning, the dropbox folder is just like any other folder on my computers - local copies of all data that then replicate to the other machines).  Google/Microsoft do not have a local folder - instead, you "map" the network data share so that it appears as a local drive (and file copies will be slower, as it always takes longer to grab a file from across a network compared to a local copy).  At all times, you have to have network access to reach your data - not good if you want to work on files while on a plane, etc.

But if you aren't in "travel mode" and have good high-speed network connections, both of these cloud platforms would be excellent choices as well.   

Thanks (0)
avatar
By growson
06th Jul 2012 23:45

SecretSync - possible issue

 

I just took a look at the SecretSync home page.  Product definitely looks impressive, and I'll definitely check it out in greater depth as a replacement for my current set of TrueCrypt folders/USB keys, which I use for my sensitive information.  Then, Dropbox could do all the heavy lifting.

One possible "death star" snag:  from the SecretSync FAQ page, it sounds like the system automatically does the decryption for you (from the Dropbox "tunnel" folder) and places the non-encrypted file into a folder located on the machine(s) at each end of your Dropbox service.

In my case, my home machine is a laptop - if I were to lose the laptop while on the road, if a thief could get past my Windows 7 password, then they would have access to the sensitive data in the SecretSync folder without any further password protection (though I do have to check out how SecretSync "passphrases" might play into this).  Anyway, this might be a bit of a long-shot as far as security concerns go.  But right now, I have encrypted TrueCrypt containers protecting the data as a second layer of defense.

But if you have excellent net connections and not using in a mobile context, they would be excellent solutions.

 

Thanks (0)
Replying to DJKL:
avatar
By Anne Fairpo
07th Jul 2012 11:49

true ...

growson wrote:

if I were to lose the laptop while on the road, if a thief could get past my Windows 7 password, then they would have access to the sensitive data in the SecretSync folder without any further password protection (though I do have to check out how SecretSync "passphrases" might play into this).  

The passphrase is a secondary layer of protection for your SecretSync files but it doesn't require you to type it in to access the folder.  If a thief can get past your laptop login then they can probably get past passwords to get at data, if they're specifically looking for the data.  For what it's worth, the ICO would rap your knuckles if the laptop wasn't encrypted and password protected, but they don't require folders to be separately encrypted or password protected.

Thanks (0)
Replying to victoriarchalmers:
avatar
By growson
07th Jul 2012 19:46

Agreed

afairpo wrote:

For what it's worth, the ICO would rap your knuckles if the laptop wasn't encrypted and password protected, but they don't require folders to be separately encrypted or password protected.

 

Exactly my thoughts.  Laptop is password-protected and right now (via TrueCrypt)  the data is encrypted.

Saw your other post re US Patriot Act as well - this is another aspect, too.  While I don't have any info that would be of interest to them, it's not my place to make that decision on behalf of my clients.

 

 

Thanks (0)
avatar
By Anne Fairpo
07th Jul 2012 11:46

and finally (should have combined these in one post)

With Google Drive, don't forget that Google has handed over data in a European data centre to the US Government under the Patriot Act before now (as has Microsoft) - http://www.zdnet.com/blog/igeneration/google-admits-patriot-act-requests....

Also note that the EU Article 29 Working Party has just said that safe harbour self-certification alone isn't enough when using US data centres (http://ec.europa.eu/justice/data-protection/article-29/documentation/opi...).

Thanks (0)
pic
By jndavs
09th Jul 2012 10:12

Own cloud server

Why not buy yourself a cheap PC, slap on a copy of Linux and some file sharing software (if you are not happy with the stuff built in)?

You may need to have a fixed IP allocated to the PC (ask your ISP) or use a service such as

noip.com  - and hey presto you have your own cloud server which is completely under your own control and without the monthly subscription.

http://www.webupd8.org/2011/10/owncloud-2-your-personal-cloud-server.html

Thanks (0)
Replying to DMGbus:
avatar
By growson
09th Jul 2012 13:52

Sure, if you have the technical expertise . . . .

jndavs wrote:

Why not buy yourself a cheap PC, slap on a copy of Linux and some file sharing software (if you are not happy with the stuff built in)?

You may need to have a fixed IP allocated to the PC (ask your ISP) or use a service such as

noip.com  - and hey presto you have your own cloud server which is completely under your own control and without the monthly subscription.

http://www.webupd8.org/2011/10/owncloud-2-your-personal-cloud-server.html

 

This is the most preferred approach; however, only if you have sufficient technical knowledge to properly control/monitor access to the server, protect the data on it, etc.  For example - the review on the page link you provided openly points out that this system lacks indigenous file encryption (which DropBox has, even though it has the weakness of being applied server-side, rather than client-side).

Thanks (0)
Replying to tom123:
pic
By jndavs
10th Jul 2012 11:15

Own cloud server

Linux has built in encryption software eg encFS which can be utilised for this, or use something like truecrypt.

 

As far as support goes, there is extensive documentation provided with all Linux distros and also most software.

The 'Linux community' is generally very helpful and of course there is paid for support should you wish to take it up.

Follow the links in whatever distribution you choose to try.

 

Since all the software can be freely downloaded (as in unrestricted and without cost) or found bundled in the distro's software repositries, you don't really have anything to loose.

 

You may be interested in this:

http://www.linuxplanet.com/linuxplanet/tutorials/6985/1

Thanks (0)
avatar
By gavin1977
10th Jul 2012 12:24

Dropbox

Started to use it as a means being able to transfer Sage files from a client to the office since these can become too large to send via email.  However, Dropboix didnt seem to like Sage files.  However, it was great for up loading PDF and excel files and emailing a link to these specific documents in the public folder.  Now using it to put "to be read later" documents in and accessing them during spare moments using ipad.

 

Thanks (0)
avatar
By chatman
10th Jul 2012 12:50

Good article

Thanks (0)
avatar
By paulroach
11th Jul 2012 05:08

Dropbox security

If you invite someone to a Dropbox folder they can then invite others without you necessarily being aware of it.  Has anybody come up with a way round this?

 

Thanks (0)
avatar
By Anne Fairpo
11th Jul 2012 12:31

Doesn't appear to be a way around it, no

All I can suggest on the shared folder point is regularly checking the information as to who has is sharing it - it's available on the Dropbox website when logged in, if you check the folder 'shared options' information.

Thanks (0)
Replying to SteveHa:
avatar
By paulroach
11th Jul 2012 12:51

Shared folders

Thanks for the comment.  That is how we deal with it at present but it does throw a spanner in the works as far as confidentiality of records is concerned.

Thanks (0)
Replying to Ian McTernan CTA:
avatar
By growson
11th Jul 2012 16:25

Private FTP site

paulroach wrote:

Thanks for the comment.  That is how we deal with it at present but it does throw a spanner in the works as far as confidentiality of records is concerned.

 

Borrowing a bit from the concept of your own private cloud server (per the posting re Linux, etc), when I worked at BDO Canada LLP, we had a private FTP (File Transfer Protocol) server to handle client file transmission.  FTP is the process used in web pages whenever you download a file.  An FTP server - besides allowing for file downloads - also allows user to upload files.  In BDO's case, staff could have their clients set up with secure access, and files could then be uploaded/downloaded as the staff person/client needed.

 

Ultimately, this is a better option than Dropbox (as it exists right now) but does require more onus on the accountant to ensure security, access, privacy, etc.

 

Thanks (0)
Replying to SteveHa:
avatar
By paulroach
18th Jul 2012 05:36

New options for shared folders
Dropbox have just added a box that you can uncheck to stop users other than the owner from inviting others. The default is sharing so you will have to go into all shared files if you want to turn this off.

Thanks (1)
avatar
By Michael Wood
12th Jul 2012 11:37

DropBox for temporary sharing, specialists for secure docs?

At Receipt Bank we have had a DropBox integration since last year. We built it because we were asked for it by so many firms. Their experience of DropBox was that it was an excellent mechanism to share files with clients and they wanted us to connect to it so that documents and data could flow straight from DropBox to FreeAgent, KashFlow, Xero, etc.

From our experience we know that many firms trust DropBox as a mechanism for file sharing. For file storage my impression (from the firms I speak to) opinion seems to be a bit more split with many firms preferring industry specialists such as DocSafe for the sharing and storing of key client docs.

 

 

Thanks (0)
avatar
By RajDhawan
17th Jul 2012 21:42

How about for Cloud Accounting purposes...

It is just a matter of time that businesses are all going to be managing their entire business cycle, and consequently, all their business transactions, in the Cloud. 

The biggest concern by far for most people is safety and security of the data. Would drop-box be the answer to this safety concern ? Or is the concern really not a valid one, that cloud data storage is secure enough on its own ?

I would appreciate a response from users who have something to add, or simply to respond.

Rgds,

Raj Dhawan, CPA

http://www.RajDhawanCPA.blogpost.com

 

Thanks (0)
Replying to The Highlander:
avatar
By growson
18th Jul 2012 04:47

I think we've covered this already

RajDhawan wrote:

The biggest concern by far for most people is safety and security of the data. Would drop-box be the answer to this safety concern ? Or is the concern really not a valid one, that cloud data storage is secure enough on its own ?

 

Raj, I think between John's article and the dialogue to date here in the user comments, you've likely got a good expression of the issues already.  For some (and their clients), dropbox is secure enough - meaning, it's not 100% ideal but it is "sufficiently low risk" in their eyes compared to the advantages of the service (and same with similar other product offerings, like SugarSync, Box, etc.).

 

For others, it isn't secure enough (for example, I love dropbox and use it extensively but, I would not trust it with tax information, payroll information (including such information within accounting software databases), medical information, etc. of others).  In my capacity as an information systems auditor and performing the likes of a SAS70/SSAE 16 etc service audit report, I'd probably have to draw attention to the server-side encryption as being inadequate to satisfy COSO/Cobit internal control objectives for proper access to data (in English, the data owner cannot exercise sufficient control that information could not be disclosed to others outside of the owner's influence - namely staff at DropBox in particular).

 

Bottom line:  it depends entirely upon the practitioner and their client's sensitivity for risk (compared to the nature of the data being stored).  For example, I do have the spreadsheet/books of a service club within my dropbox files -- while it would be undesirable to have the information "accidentally disclosed", there's very little harm to anyone if it actually happened (there's no personal info, such as income, birthdates, social insurance numbers, etc. stored in it).  The convenience in this case is well-worth the risk.

 

Another important distinction:  Dropbox is an excellent file transfer synchronization system between multiple systems.  However, it is *NOT* designed for iterative collaborative work, such as available in Office 365's Sharepoint system or Google's Drive (Docs).  Those environments were built to have multiple people accessing the same files simultaneously (such as word processor spreadsheets, and presentation files) and combining their efforts into a unified whole.  I would strongly suggest that no one locate accounting data sets (such as Sage 50) within *ANY* of these environments (and especially Dropbox and its ilk) without first doing a careful assessment as to the underlying record lock provisions.  I'm not aware that any of these shared environments are built to properly handle multiuser database access, without preparation first (Office 365's sharepoint can likely handle systems built upon MS-SQL/Access but again, only with proper configuration).  I'd doubt that Dropbox can do so without high probability of data corruption.

 

 

 

Thanks (0)
avatar
By quintodc
19th Jul 2012 23:31

SugarSync

What about Sugarsync - a fantastic service, were you can select any files folders anywhere on your PC for auto backup / sync between comps.  $50pa for 30Gb can't be bad and works well for me.

Thanks (0)
Replying to lionofludesch:
avatar
By growson
20th Jul 2012 05:02

SugarSync

quintodc wrote:

What about Sugarsync - a fantastic service, were you can select any files folders anywhere on your PC for auto backup / sync between comps.  $50pa for 30Gb can't be bad and works well for me.

 

SugarSync -- from a security/privacy/access perspective -- has a major advantage over DropBox:  it does encrypt the data at the client end BEFORE uploading to the sugarsync servers.

But when I was trying it out (months ago), I found that the file transfer process was no where near as seamless as that of DropBox.  I had numerous occasions where I saved a file in a SugarSync-designated folder on one computer and constantly found delay in having it synchronize on others (and I don't mean a few seconds' delay, I'm talking hours - in fact, I'm not sure that some of the files ever did synchronize without manual manual intervention).  Maybe I had something set incorrectly set somewhere but I couldn't find it.  Dropbox was far more seamless and automatic in its operation.

 

If it's working for you, that's great.  While my experience wasn't positive, I've certainly heard from others that it works well.  Same thing with Box.

 

 

Thanks (0)