Friday, May 27, 2011

Drop(the ball)box?

Dropbox is a great tool, I use it all the time. Very simple, user friendly and perfect for what I need. Its sweet spot in my opinion (and my main usage pattern) is collaboration or sharing small amount of documents (not digital media, but documents that change over time).

Dropbox got some bad publicity recently regarding the security state of their service.
For those who are not familiar, a quick summary of the two main two points:
1.       A relatively easy way to impersonate other users – simply put, Dropbox identify the user on the device using a file stored locally in a similar location on all Dropbox installations. All Bob has to do to impersonate Paul is copy over Paul’s identification file, and he has access to all his files.
2.       Dropbox possesses the encryption keys for all users’ data – very common with tools that provide web access to user’s files (or other content related services). The big issue was less about the possession of the keys and more around the fact their privacy policy (and marketing messages) has mislead people to believe Dropbox does not have a copy of the key or ability to decrypt users’ data.

While bullet #1 is an ugly security glitch, it is simple to fix and I trust the Dropbox team to take care of it.

Bullet #2 reminds me of the main reason I buy insurance. It is not so much about the actual insurance policy and much more about the trust factor. I just want to know I can trust the insurance agent to take care of my business if something goes wrong. If for some reason the trust is broken, I will replace the insurance agent/company regardless of the price. Incidents will always happen, everyone makes mistakes. It is about bouncing back from an incident, about the reaction after dropping the ball. That’s what breaks or strengthen the trust.
Dropbox messed up, it does not really matter what they think, it is all about the perception. So if I was Dropbox, I will be less concern about proving who is right or “fixing a problem” and more about bouncing back gracefully.

Having said that, consumers have proven time and again that they don’t really care about security, they don’t even care about privacy…
Thinking that people are going to ditch Dropbox because of the recent security issues is not realistic, will simply not happen. Do you remember how many people banned Facebook during the “who owns my photos on Facebook” campaign just a couple of years ago? (hint – several hundred or thousand, while during the same period of time millions new users joined…).

People care about serviceability, productivity, and the coolness factor. Less about privacy or security.
The notion of personal/private information is long gone from the consumer world. Somehow (social media or even plain old email) your data moves/duplicated to the cloud/web. Once in the cloud there is no going back, and it is no longer in your control (try to really delete stuff from Facebook). The Dropbox type of tools simply extends the cloud/web further into your desktop, while your content is syncing between devices it also synced to the “mighty cloud”, and once in the cloud…  

As for enterprise usage – this is a totally different story.

The consumer employees (http://shlomidinoor.blogspot.com/2010/01/we-are-all-consumer-employees.html) continue to build internal pressure to adopt consumer-like tools to simplify and streamline their work. The new generation file syncing/collaboration tools such as Dropbox are a good example of the phenomenon. While great tools they lack adequate controls enterprise IT/IS are expecting. My friends at CloudLock (formally Aprigo) identified a similar opportunity with Google Apps and provide a control layer on top Google’s platform. In a similar fashion vendors will continue identifying other tools originally built for consumers (by “consumer” vendors) and provide the enterprise control layer. Dropbox is a good example.

Bottom line:
As consumers we should keep on using these great tools that improve our productivity.
As enterprises we should look for and work with vendors that will provide the much needed control layer (while maintaining a seamless user experience for the consumer-employee).
As vendors consider it as an opportunity!