More file sync and sharing industry FUD

I shouldn't be surprised, and I shouldn't get angry. But I am, and I do.

More file sync and sharing industry fear, uncertainty and doubt

I received a pitch the other day from a vendor in the enterprise file sharing and synchronization (EFSS) space. I won't name the company. I probably should, to really show my scorn, but I'll deny them the Google juice instead.

Anyway, the pitch told me about how said vendor made a "startling discovery" as it was planning a routine Google Adwords Campaign. It seemed that searches inadvertently turned up sensitive and confidential materials.

Said vendor apparently disclosed the finding to the two other EFSS vendors, who indicated they would address the "security flaw." Now, some three years later, the same thing is happening.

Shock horror, you say. Does this call into question the very notion of cloud-based file sharing and sync? Well, not so fast. You see the devil is, as is often the case, in the details. It seems that the URLs that were publicly accessible were so because the file creators made them so. Apparently users who share links to publicly accessible files are inadvertently typing the public URL not into their browser window, but rather into the Google search window—where Google (helpfully or not) indexes the files, only to be found a few years later by a competitive EFSS vendor.

Are the EFSS vendors to blame?

Let's dive into this security risk—and whether or not it questions the business model of the two "culprits" in this case: Box and Dropbox. The very rationale of cloud EFSS is based on the easy ability to share either within an organization or outside an organization. Indeed, anyone who has ever used these services to share a document knows just how easy it is. And that is the issue: that users, not the vendors, make some mistakes about how they share files.

If asked, no Box or Dropbox user would suggest that their highly personal and confidential files should be stored as publicly accessible ones. Alas, user error has led to this occurring. But let's not overstate this. This is a user error and in no way a vendor one. It's like blaming Ford when someone decides to use an F-150 truck to ram raid a jewelry store. It's the usage of the tool rather than the tool itself that causes the issue.

Should Box, Dropbox and other cloud-based EFSS vendors better educate their users on how to properly use their solutions? Absolutely. But should these companies be blamed when someone does it wrong? Absolutely not.

This is a vendor beat up and should be taken in that vein. Shame on you, unnamed vendor, for resorting to fear, uncertainty and doubt (FUD) in this way.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)