There's a great article in the Wall Street Journal about whether companies should allow employees to use consumer file sharing services like Dropbox. Two analysts - Ted Schadler from Forrester Research and Larry Ponemon from the Ponemon Institute share their somewhat opposing views on this. The bottom line, however, is that employees are sharing more information with their colleagues, clients, customers, and other third parties (files, documents, information) to get their jobs done, and that need is only increasing over time. So, either give them the tools to let them share securely or run the risk of your data escaping into the wild, because if you don't they'll find another way to share that information and it most likely will not be secure.

Bill Ho, Biscom 

As you know, HIMSS 2013 just wrapped up. Among the main security challenge with healthcare BYOD (bring your own device) security lies in the dual-use nature of mobile devices. A stolen or lost physician’s laptop will probably already have security measures built in such as whole disk encryption and authentication requirements, but smart phones and tablets, especially personal devices, often eschew these added layers of protection in favor of ease of use, simplicity and quick access.

One of the biggest dangers of BYOD is the latest crop of Dropbox-style synchronization applications. By poking a hole in an institution’s security fabric to synchronize files to mobile devices, the physician is potentially creating a new channel through which confidential patient information could leak. It is important to know that many healthcare institutions have decided to shut off access to these synchronization tools until there’s a way to manage them as hospital applications with centralized control, granular permission and integration with established authentication services.

On the heels of my last blog post about dumpster diving online storage and file sharing services, Wired posted a story on the validity of Dropbox's claims about their data security.

I guess the bottom line is you have to really understand how applications and services handle your information, and how it may affect your own security policies and requirements, especially SaaS services.