RWW reports that online storage company DivShare, has had a security breach. Apparently a malicious user accessed their database which included user e-mail addresses and other profile information. They also say that no financial information has been accessed by any unauthorized parties. It’s not the first of these sort of problems, and there have been many tails of start-ups disappearing without trace and leaving user data floating around the web somewhere.
The specific cause of this breach aren’t important, what is important however is that users of web services feel secure using them. Can they feel secure when the start-up is living off the smell of an oily rag and not knowing where the next chunk of cloud storage (let alone salary paycheck) will come from.
It’s one of the reasons that Xero CEO Rod Drury gives for the fact that they IPOd very early on. Theirs is an application utilising the most sensitive of data, business financial’s, and Rod is adamant that publicly listing was imperative to build trust.
But what about other types of service? I use SugarSync, an online sync/backup solution. I’ve personally spoken with the CEO and I’m comfortable that they’re well funded and stable, but that is a perception based on faith rather than actual knowledge – who’s to say they also won’t go down tomorrow, next week or some other time.
Now I’m not suggesting that it’d be preferable to have every web app on earth rolled into either Google or Microsoft, but I would suggest a two pronged approach from users;
- Think about the end results of security breaches for the web apps you use – use multiple backups (even in the clouds), segregate data and don’t keep super sensitive stuff there
- Do good due diligence on providers. Enterprise customers have long known the necessity of this but individual users need to consider it as well
I know a number of bootstrapped start-ups (or started-ups) read this blog – I’d be interested to hear their thoughts on this subject.