online backup and file sharing "Dropbox"

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
lewkskywkr-p40
New Member
Posts: 1
Joined: Mon May 10, 2010 9:19 am
Location: Camarillo, California, USA

online backup and file sharing "Dropbox"

Postby lewkskywkr-p40 » Mon May 10, 2010 9:34 am

Have you received any feedback on a program called Drop Box?
It's an online backup and sharing site to manage files. Some members of the Stake Presidency and clerks are requesting authorization for it's use with managing lists and agenda's.
Additional information is available at Cnet.com on the following link. http://download.cnet.com/Dropbox/3000-18500_4-10903856.html
Availability was March 05, 2010.
If you have experience with this program or others like it please advise.
Thank you
Lew Stolworthy
Stake Finance Clerk

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Mon May 10, 2010 11:50 am

lewkskywkr wrote:Have you received any feedback on a program called Drop Box?
You are the first to mention it on these forums.

lewkskywkr wrote:It's an online backup and sharing site to manage files. Some members of the Stake Presidency and clerks are requesting authorization for it's use with managing lists and agenda's.
After reviewing the quote below from the Dropbox site there can definitely be problems in regard to storing Church data on servers not owned by the Church.
Dropbox works just like any other folder on your computer, but with a few differences. Any files or folders inside Dropbox will get synchronized to Dropbox's servers and any other computer linked to your account. Green checkmarks will appear on top of your files to let you know that they're synced and up to date. All data is transferred over SSL and encrypted with AES-256 before storage. Dropbox keeps track of every change made to any of its contents.
The problem here is that content is stored on the Drobox servers.


As long as no Church data is in the files stored on the Dropbox servers It would be no different than those who have discussed the use of GoogleDocs for storing and distrubuting files in other threads.

Personally I would avoid file storage for something like this because the contents of the files cannot be controlled. Someone could include Church data (member names and member information for example) without thinking. Many Church members who do not frequent these forums are not aware of the issues regarding storing files or data on servers not owned by the Church. Hopefully you can bring this issue up to the stake presidency so they will have a better understanding of what could or could not be stored on the Dropbox servers. In the end, the stake president will have to make a call based on his knowledge of Church policies and procedures as to whether he will use the Dropbox service.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

russellhltn
Community Administrator
Posts: 20750
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Mon May 10, 2010 12:57 pm

Keep in mind that all these claims that the sevice is secure are just that - claims. There is no way to independently verify. Even the good ones have lapses.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

lajackson
Community Moderators
Posts: 6137
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Postby lajackson » Mon May 10, 2010 8:46 pm

jdlessley wrote:The problem here is that content is stored on the Drobox servers.

As long as no Church data is in the files stored on the Dropbox servers It would be no different than those who have discussed the use of GoogleDocs for storing and distributing files in other threads.


I use Dropbox for personal files that do not contain any Church membership or financial data. If any of the files I have at Dropbox were to become public, there would be no problem at all. I use it for things like general information or talk notes or reference materials. I have several pdf files of Church manuals that come in handy for talks and teaching. I no longer have as great a need for it, since the outstanding Gospel Library app has come out, but I still have some files with information I personally like to have and use on a regular basis.

I would not put anything with sensitive personal, financial, or Church membership or finance data at Dropbox because it is stored on their "secure" servers. (Neither would I put any of it at GoogleDocs.) But I have found it to be the most convenient way, so far, to get a document onto my iTouch for free. (I know, Docs to Go, but that costs money.)

One of the problems I have with Dropbox is that it does not reflow the text of a pdf file. They are just pictures you have to expand and move around to see.

I am looking into an application called Stanza that will reflow pdf files. (It strips the pictures and any graphical pages, though.) I believe it works with an app on the iTouch and an app on the pc, and transfers the files over the USB port or local WiFi. I do not believe a server is involved.

If I find this to be the case, I might use it for more sensitive documents.

techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Tue May 11, 2010 7:16 am

Do a Google search on the words "DropBox Security" (in quotes) and peruse the results. There are a number of hits addressing the security issue of DropBox.

I wouldn't personally recommend storing any membership or other confidential information on ANY server that the church doesn't have control over. Doing so will put the information at risk of being stolen and used.
Have you read the Code of Conduct?

schester
New Member
Posts: 27
Joined: Sun Sep 30, 2007 10:40 am

Postby schester » Sun Oct 31, 2010 4:48 pm

I personally use dropbox for less-secure document storage. It works great to have access to docs on my desktop, laptop, iPhone and iPad. I too would express concerns over using it for anything that should be secured though.

Maybe the church could setup a church approved and secured dropbox/idisk like service for members to use. Essentially we all work remotely and need a way to maintain and share documents.

Finally, remember that all security goes out the window if you decide to email a file. I use that to justify storing anything we might email anywhere as it is at least as secure as emailing through public internet servers.

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Thu Jun 07, 2012 8:01 am

An old topic but as I'm looking at rolling out a new image to my clerk computers I'm considering 2 solutions to provide communication, document and data sharing, and perhaps online backup (sorta).

Dropbox --> Create a single account for the clerk computers. Each computer will have dropbox installed and I would put my training documents, quick-reference information, but due to the nature of the dropbox use terms no Private Information will be put in documents on the share. Example documents would include, Tax-Exempt forms, Master Training-tracking document, some procedures in our stake, MLS training docs (budget, CUBS, FAQ's etc...)

Spideroak or Crashplan --> Spider-oak and crashplan both provide pre-internet encryption and tools for secure online backup, I am not interested in storing MLS data online, however, the client does provide for a synch process that I would use. Each Unit clerk computer would synch the MLS-backup folder with the stake clerk computer. The stake clerk computer would do the same with one of the other unit computers.

I would value the input of others, and a second look with the terms and value, spideroak and crashplan both pass the Steve Gibson Trust No One methodology which is to allow only the user to have the ability to encrypt and decrypt files and only on their own devices.

russellhltn
Community Administrator
Posts: 20750
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Thu Jun 07, 2012 11:53 am

I'm personally not a fan of using any type of backup or sync until the church clarifies it's stand on the situation.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

sammythesm
Member
Posts: 220
Joined: Tue Jan 05, 2010 2:50 pm
Location: Texas, United States
Contact:

Postby sammythesm » Fri Jun 08, 2012 5:41 am

Love Dropbox. Have been a user since the early days. I originally thought it could be a very easy way to keep an offsite backup of MLS. However, when I learned the church keeps an offsite backup (once a month, I think?) I decided it wasn't as important. It would be nice to have my own up-to-date backups, but if I have all the clerks taking backups, plus the church's backup - I figured dropbox wasn't worth the administrative hassle.

The biggest drawback I've found to using dropbox in a group setting is that most users don't realize that what they do affects other users signed into the account or shared folder. I've often been asked to pull some pictures out of a shared file that someone else has already 'moved' rather than 'copied' and thus removed the entire file for everyone. So this is one pain point.

If leaders wish to access their drop box, my 'policy' is that they Sign in to the web interface and only use the web interface. (Trying to keep the computer clean and reduce the number of personal files floating around on there - plus if they do install the synching client, they will be a victim of what I stated above.)

Regarding security - I'm probably the lone man out here - but I think the church has much bigger data security issues than someone using Dropbox to transfer (via encrypted connection) an encrypted backup of MLS data. I'm sure my stake's clerk computers aren't alone in that the clerks often leave personal and financial data 'laying around' on the computer. Every time I go to do housekeeping on a clerk computer, I find new directories squirreled away of old exports from MLS. Extending the logic - we know that most abuse victims are victimized by people they know - and that most corporate espionage happens from the inside - I think data security threats mostly come because of the volume of people who have access to the clerk computer, who can log on without traceability (everyone knows the computer password), where passwords complexity requirements are not enforced for MLS, where password changes are not enforced in MLS, where MLS does not sign an idle user out after so much time, and where MLS so readily enables data export (and unknowing leaders leave the data laying around).

Fix all those problems first, and then we can talk about hacking heavily encrypted transmissions over the 'net and hacking encrypted MLS backups.

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Fri Jun 08, 2012 5:59 am

Great feedback on dropbox, the issue with logging into the web interface (that I see) is that it takes an additional effort, or step to go get the data, if they can click on the icon in the taskbar I think the data will be more easily used. I will be sure and keep a synch'd copy of my 'originals' in case they go away, and I use PDF to stop people from modifying the original. If they want to modify, I can provide the origina excel or word doc, or however it was created.

While the monthly online backup is a great thing, if your issue happens at the right time, it could be several weeks worth of re-work. I almost wish that an option could be turned on to backup online weekly, or in the send/receive have a checkbox that you can check to do the backup, those of us with broadband this would not be an issue to do each time, if you aren't on broadband, you can choose the times you want to wait it out.

Just a report back about spideroak, I thought it was going to be good, but the synch function, I found out, first requires a backup. So, you can't use this functionality as a 'pass-thru' synch mechanism. It is fantastic functionality, particularly if you are a real multi-device user, iphone, android, windows, mac, etc... But FAILS for the purpose I was looking at. I'm pretty sure that Crashplan will work that way, but I will do some testing to validate.


Return to “Clerk Computers”

Who is online

Users browsing this forum: No registered users and 1 guest