Short answer: one word uttered by Dropbox’s head of infrastructure, following a 48-hour outage of Dropbox’s services on January 10th 2014.
And what’s worse is that this one word not only was responsible for the collapse of the mighty undefeatable Roman Empire, but this one word is currently a ticking time bomb that threatens the security and survival of your company.
Itching to know what it is? Well, we need to first quickly travel back in time to 6th Century Byzantine.
Almost the greatest Roman emperor of all time
In the year 536AD, Emperor Flavius Petrus Sabbatius Justinianus (Justinian the First) was at his peak. In just 9 years he had regained Rome’s former holdings in North Africa, fortified the empire’s eastern border, captured Sicily and Sardinia, and restored the Adriatic as a Roman sea. He was relentlessly focussed on growing the empire, pursuing the big ideal of the ‘glory of Rome’ and securing his place in history as the greatest Roman emperor of all time. So much so that he didn’t have time for the ‘little details’ of securing the health and well-being of his citizens.
Within six years, the entire Roman Empire was struck with bubonic plague. 5,000 people were being struck dead every day, commerce was disrupted and the enemies of Rome began to take advantage of this moment of extreme weakness. Justinian’s bid for the ‘glory of Rome’ was ended. And by the time he died in 565AD, the might of Rome had dwindled to a mere 30,000 people, wandering the streets that had once been the homes of a million.
All because of a dangerous bacterial infection of the lymphatic system…carried on the back of a tiny bug called Siphonaptera, better known as the flea.
The one word that knocked out Dropbox for 48-hours straight
Over fifteen hundred years later, another ‘empire’ was facing a miniature crisis. Founded in 2007 by two students out of MIT, the tiny Y Combinator startup has rapidly grown to become the poster child of consumer file sharing services. Many competitors would go on to describe their offering as ‘the Dropbox of our industry’. And with more users than the entire populations of France, Germany and Australia combined (over 175million users) it’s not hard to see why Dropbox has become such a ubiquitous reference point.
But on January 10th 2014, Dropbox took a hit that knocked out its services from the Friday night until Sunday afternoon. One group immediately claimed to have hacked the service. And critics were quick to jump on the bandwagon of bashing Dropbox for once again ‘dropping the ball on data security’.
Now as entertaining as these attacks are in the media, they would seem a little harsh, until one considers the recent history of Dropbox, and sees that the file hosting company has experienced several ‘issues with security and infrastructure’ over the last few years:
- June 2011: TechCrunch reported that all Dropbox accounts could be accessed without password for four hours.
- July 2012: Dropbox announced that an employee’s account had been hacked, resulting in a number of Dropbox users’ being spammed by email.
- March 2013: Dropbox users reported additional spam resulting from the July email leakage.
In this light, it’s not hard to see why Dropbox’s detractors were quick to criticise ‘yet another’ failing of the file hosting company who recently declared their intention to become a trusted cloud vendor for businesses and enterprises.
The terrifying thing though is not so much in what happened on January 10th 2014, but more in what Dropbox’s head of infrastructure had to say about why it happened.
In a post published on the Dropbox blog on January 12th 2014, Akhil Gupta gave an honest and detailed explanation of what had happened. But in his description was one paragraph that contains our sinister word:
“A subtle bug in the script caused the command to reinstall a small number of active machines. Unfortunately, some master-replica pairs were impacted which resulted in the site going down.”
You’ve guessed it. The word was…bug. “An error in a computer program or system”.
And not just any bug. It was ‘a subtle bug’.
As in, a bug that was: “so delicate or precise as to be difficult to analyse or describe.”
“Failing to prepare is preparing to fail.”
So the big question behind the recent Dropbox story isn’t should you trust Dropbox or not with transferring your company’s sensitive documents and files.
Rather, the big question is: what are you going to do to protect your company from the ‘subtle bugs’ and ‘security issues’ of any and every consumer-focussed cloud vendor in the marketplace?
Because regardless of which of the many consumer-based file transfer programme that you may be tempted to use, ‘bugs, errors, and breaches’ are just par for the course with those types of products.
Which is why at Maytech we are passionate evangelists for secure file transfer and urge businesses to insist on only using file transfer services that are fully compliant with global security regulations for their sensitive information. We passionately point out the need for file transfer services to have, as a minimum, basic security features such as:
- End-to-end security with SFTP and AES-256 bit encryption
- Transfer and track functionality
- Data residency – knowing where in the world each piece of your company’s data is being stored
Furthermore, this should be underpinned by choosing a company whose internal procedures are ISO 27001 compliant.
These are just a few of the many features that we build into all our file transfer products as standard. We even have an API so that your developers can create a custom and convenient file transfer system that you own and control. That’s because we fully understand how dangerous it can be to ‘overlook’ or not take seriously the ‘little detail’ of using a file transfer system that is secure.
But whatever system you use, make sure you learn the lesson from Dropbox, as well as the late great Roman Empire: it’s the little things that you really need to watch out for.
Make sure you use a secure file transfer system, and avoid becoming just another footnote in history.
To find out how your company can send files more securely and avoid a ‘Dropbox’ incident, visit the Maytech website for a free trial of any of our products by clicking here now.
Keep posted: #DataOnBoard