The use of multiple “smart” technology devices by an individual has increased dramatically over the past couple of years. Individuals are now using laptops, ipads, smart phones, and every gadget imaginable for work or school. A problem with the use of multiple devices is: how are you able to access a specific document on your laptop when the device is not accessible? The answer is a data backup company. SugarSync is an online data backup company that allows users to backup, share and access personal files from any computer, smart phone or other device with internet access (SugarSync.com). A user simply uploads the information from any device into the secure SugarSync “cloud” storage. When a user makes a change to a specific document already stored in SugarSync, the document is automatically updated (SugarSync.com). If a user is working on a project with a group, the individual can share the files with the other group members. SugarSync is a convenient way to have access to every file stored on the many devices a person owns.
It is imperative that the owner of SugarSync has many security goals in order to protect the vast amount of customer information stored by the company. It is essential that SugarSync maintain the confidentiality of a customer’s documents. Many businesses use SugarSync to backup their information. Therefore, there is personal data that, if compromised, could financially injure a company. Encrypting this data would prevent a hacker from being able to access personal information. SugarSync uses SSL encryption during the file uploading process and the files stored are protected by 128-bit AES technology. The combination of these two technologies protects the confidentiality and integrity of the customer’s information. It is also important that the company prevent anyone from making unauthorized changes to a user’s data. The files must be available to the individuals with authority to access them, while preventing unauthorized users from gaining access. SugarSync does this by password protecting the information, and then using multi-level security. The multi-level security gives higher-cleared individuals the option to provide access to files to other people, or prevent access.
A hacker would be able to exploit the technology of SugarSync by solving a decryption key. By solving the decryption key, the hacker would be able to steal the files in the SugarSync network. Gaining access to these files would allow the hacker to compromise any information that the user stored on the SugarSync network. The hacker could also alter the information being stored on SugarSync after he or she gained access. By gaining access to a file on SugarSync, the hacker could adjust the login name and password, which would prevent the owner from being able to access their files.
Because SugarSync can be accessed from a phone, I find this to be the easiest way for an attacker to enter personal files. SugarSync recently added more security to the Android App that allows a user to protect their files with a pin. However, the user can shut this mode off. A hacker could potentially steal the phone and access the files. Then they could change the password to prevent the authorized user from accessing their files.
As stated before, SugarSync is one of the most secure data backup servers. They run their company by the highest security standards; therefore, I believe the greatest risk with using the technology is in the user’s hands. Most people don’t want to enter a pin every time they access SugarSync on their mobile device. Because of this, I believe many will deactivate the pin security system. I can’t see a major breach in the SugarSync system because of their rigorous security standards, but I can picture a smaller number of breaches into individual files because a user doesn’t password protect their information.
SugarSync already has very rigid security guidelines that protect the customer’s information on the main server. They also back up the files in two state of the art data centers. This prevents total data loss if one of the data centers crashes. Because of the actions they have taken to secure customer data, I think the best recommendation I can give the company is to make sure everything is up to date. This will require the company to research new ways to stay ahead of hackers who attempt to breach their system. I would also recommend that the company make pin codes mandatory on devices such as the android. This would mitigate the risk that unauthorized users access files.
www.sugarsync.com
Posts
The SugarSync data company has a number of impressive security features and has taken a large number of precautions against potential intrusion and data loss. The data it manages is its most valuable resource as well as its primary reason for existence. So it is good to see that an organization with access to so much data and information is taking the necessary steps to make sure that it is secure from possible malicious uses.
ReplyDeleteMy only concern would be malicious use of information from an inside source. Using the cloud form of data storage which allows a group of users access to a central database where they can access and store data can be very difficult to secure. There is the potential for those with malicious intent to take advantage of the information of others. Though I am at a lost as to how anyone would go about securing this type of system or if its even SugarSync's responsibility to do so.
The SugarSync data company sounds very convenient and effective for students and most companies. As always, data security becomes the biggest issue. Again, for students it seems perfect because I do not think that there is a very high demand for hackers to be hacking into student files. However, I think that certain companies need to be careful about what sort of things they store on SugarSync. I think that businesses need to decide what information would really effect them negatively if it where ever accessed by an outside source, and make sure that they are not using SugarSync for that information. Even though SugarSync is reliable in terms of updating their security and are compliant with the highest security standards, I think that there is too much of a risk from an inside intrude to upload information that requires such a high level of security.
ReplyDeleteTherefore, there is personal data that, if compromised, could financially injure a company. Encrypting this data would prevent a hacker from being able to access personal information.
ReplyDeletevdr m&a