Magnus Stjernstrom recently pointed out Cisco’s advice on how to detect Dropbox traffic originating in your network.
It’s interesting given what it tells us about the concerns of Cisco's customers:
"Dropbox network traffic may consume network resources and may be a vector for data that is leaving the network."
Indeed. While most security organizations aren't going to be overly concerned with network resources getting consumed (unless a sudden pattern change indicates an attack is under way) they are definitely increasingly concerned with the potential for data loss through this kind of cloud storage-and-sharing services.
At first glance and in the grand scheme of things it may not seem all that significant. But it is. It speaks volumes on the effect of consumerization of cloud, and the inherent risk this is introducing to enterprise organizations.
Tools that allow you to move, store and share files in the cloud are incredibly useful, especially when you need to show Grandma the vacation snaps from Disneyland. But, that usefulness is becoming a real problem. As consumers bring these same services into the enterprise, they expect to be able to use them in the same way.
Need to quickly share some data? Throw it up into the cloud. Want to make sure that presentation is available when you arrive on site? Keep a copy where you know it will be available – up in the cloud.
The problem for enterprises is that the level of security required to protect the location of a new oil field is much different from the group hug with Minnie Mouse at Disney. Yet the cloud storage provider doesn't differentiate between the two (and indeed, we should be glad that they can't.)
So it's not surprising that Cisco is offering advice on ways to track cloud storage use on the network: they're responding because their customers are worried.
Of course, the people who should really be worried are the storage vendors themselves. If they are increasingly seen as a security problem by enterprises, they invite the same kind of treatment that P2P file sharing received ten years ago. If a solution isn't found soon, they may start to find their client application appearing in the AV vendor's signature files, ready to be hunted down and killed along with the rest of the malware. And then everyone loses out.