February 7, 2018, Nextcloud Gmbh
One question a lot of people ask us is:
Is it a bad idea to store corporate data on Dropbox?
Or: Should I store my company’s data on consumer grade public clouds like Dropbox, Google Drive or Office 365, among others? There is a lot of reasons why you shouldn’t use such tools to share your corporate (or private) data – here’s an overview of some of the reasons we consider the most relevant.
No control over access to your data
When you share a link to a public cloud via email, every person who gets their hands on the link can see the file you shared. If an email with a public link to one of those public clouds is intercepted or forwarded you have no control over who can see the file. With Nextcloud’s File Access Control tool you can ensure that IP address ranges outside your company don’t get access to files if you don’t want them to be shared with third parties. The key here is: administrators are no longer in control. Instead, employees are. This is a huge legal liability, even if you fully trust that your employees would always respect your company policy and always act 100% responsible with regards to security (like picking strong passwords, among others).
Don’t know where your data is
Whether you care about your users’ privacy or just want to meet your compliance requirements it is essential that you know and can choose where your data is stored. This is extremely relevant in Europe, for example, where every company will have to be GDPR compliant by May 2018. Fines for each incident can go up to 20 million or 4% of a company’s annual revenue
In such cases you could be breaking compliance rules without even being aware of it and be fined. You can read more about Nextcloud and GDPR compliance here.
A single points of failure
Most companies use online storage services provided by a few large companies. That means that a lot of relevant data is concentrated on the servers of very few companies, which are called “single points of failure”. Of course, those servers are very attractive to malicious attackers. And if one of those companies get hacked, every person and company that relies on them will have to deal with the consequences.
Even if the security teams of such big companies are probably very competent they will have to deal with much more attacks as the content of their servers is so attractive. When you run your own infrastructure like you can do it with Nextcloud, you can remove your company’s data from such an attractive server and reduce the risk of being hacked: a powerful benefit of decentralizing data, the way the internet was designed.
You won’t know if you got hacked
Everything gets hacked, whether it is by malicious actors using vulnerabilities in a system or through very basic phishing emails. Despite all your efforts to choose the right online storage solution, you could still get hacked. In that case it is essential for you to be aware of the hack as quickly as possible, as you probably want to be able to take action immediately and limit potential damage.
You won’t get (exactly) what you need
What is better than an online storage solution that works? An online storage solution that works exactly like you want it. Open Source software is known for being much more flexible than big services that try to adapt to everyone by offering a solution tailored for no one in particular. With Nextcloud you can personalize your online storage solution with applications, and if you don’t find the application you need, create your own. Have a look at our Nextcloud App Store! You will finally have a system that works exactly like you want it and be able to build an ideal workflow for your company.
You won’t know what happens with your data
Of course, this is not always the case – there’s plenty of ways to offer services for free without selling users data. However it is the case that some companies, including public clouds, are in the business of selling data and you may want to avoid these services when it comes to your data.
While there it is really hard for you to check if proprietary software is spying on you or has backdoors built in it or if the cloud server it runs on is really secure, with open source you have access to all the code and run it where you want. You may not be able to understand that code but with open source, it is possible for other people and companies to check that the code is free of backdoors and alert its users if they find anything you should know.
It is all about control
In the end, it is about control. With public cloud vendors, you don’t have much of that. Promises, certainly, certifications even. But no guarantees. Self-hosting continues to be the most elegant way of staying in perfect control over your business-critical data, and Nextcloud provides exactly what you need!
Guest post by Marie Gutbub on Nextcloud Blog