Update (10/21/11): A PM at Box.net posted in their support forums that free personal accounts are using SSL for file transfers, which is great! Other users seemed to be similarly confused about the state of SSL on Box.net, so I’m glad it is resolved now. More details
I still think it’s odd they don’t make a bigger deal about this on their website — it’s such an easy thing to say (Security is important to us. That’s why we always use SSL for file transfers, and have tons of great security features, etc.). Also, they could consider putting the whole website under SSL for added piece of mind. To me, online file storage can be of similar importance to banking — if the file weren’t important, I wouldn’t be backing it up. As a competitive note: the entire Google Docs and Dropbox websites are https.
I understand SSL isn’t the end-all of security, but since I’m on (private) wifi in a large apartment building, I like to think we’re at least making it a little harder to keep bad guys out.
———————————————————————————–
I’m not even sure what the name of the industry is these days: online file space, cloud storage, hosted backup, elastic storage… but it’s free and it’s everywhere now. At work we rely on Google Docs (25 gb), with some limited Dropbox (2 gb) usage as well. I’m eligible for Apple’s 5 gb of iCloud, and through my webhost I have 50 gb. My personal Google account has a bit less than 8 gb space, and I’d guess that I have another handful of gigs through my alumni association.
All-in-all, tons of space, none of which do I really use for personal backup.
However, I saw a Slickdeals.net post for 50 gb free at box.net if you use the iPhone app, and signed up. To be honest, I thought the deal was for Dropbox, so I was pretty excited (and confused when my Dropbox credentials weren’t accepted — took me coming back a day later to realize it was a completely different service!).
Anyhow, I have 50 gb there now as well. However, the features page for box.net personal accounts seemed a little questionable: apparently, you only get SSL file transfers if you are on a business or enterprise plan. I don’t really understand — why does the personal plan on box.net not have secure file transfers?
256-bit SSL encryption for file transfers with Box Business. Enterprise accounts also include server-level encryption.
It’s actually baffling to me. I’m not an expert in this area, but isn’t using SSL considered a best practice for this kind of application?
Is there any cost to putting all file transfers behind SSL? Since each file is probably new/unique to box.net, I’d assume there are no caching implications, and I can’t imagine there is a huge CPU cost given that, well, it’s supported by default for business/enterprise users, and SSL is supported client-side with browsers and server-side with, well, all modern web servers (right?).
It seems to me that with pretty major hacking incidents reported on a daily basis, security should be baked in as a part of the infrastructure of any product — as opposed to used as a feature differentiator between billing plans. Why be reactive to some box.net hacking incident instead of proactively try to protect customers?
The oddest part about this is that Dropbox uses SSL for their basic (free) plan, so you’d think that box.net would do it too just to be on a level playing field with their competitor. Box.net must have justified (internally) some reason why it makes sense not to offer SSL for everyone. Weird.
