Yesterday Dropbox posted an update at the end of their 10/13 blog that noted their servers were not hacked. Apparently the compromised credentials in question were stolen from a different source. At the end of the day, Dropbox isn’t to blame. The stolen credentials were used to access multiple services, including theirs.
So let’s leave the folks at Dropbox alone. Every organization that holds personally identifiable information (PII) is a target. And I agree with Dropbox’s advice to their users should use unique passwords across different sites, and when possible, add a layer of security to make things a lot safer.
Like everyone else, I just want to keep all my work and personal stuff online safe. So the Dropbox brouhaha got me thinking about how hard it is to remember and manage all my user account names and passwords. I’m a Mac guy and have found Apple iCloud Keychain to be helpful for managing my personal login credentials, but it has limitations.
Identity management in the enterprise world
IT pros who are responsible for security and compliance around managed file transfer and/or file sharing security should work with an identity management provider to evaluate solutions integrated with SAML 2.0. These vendors’ products can provide single sign-on (SSO), data loss prevention and two-factor authentication - any and all of which will add layers of security to protect personal and business information.
At the end of the day, security should be accessible to everyone in the borderless enterprise composed of employees, customers and partners.