© 2014 Accusoft Corporation 1 | Page
Achieving True Security in a Cloud-Hosted World
Introduction
After half a decade of working out the kinks on free, individual user accounts, major commercial
cloud storage services such as Dropbox and Box recently set their sights on the corporate and
small-to-medium business (SMB) paid-subscription market.
Those services have a compelling sales story to tell: Use our cloud to store and share your
company’s files, especially documents. Save yourself the hassle of managing the repository.
Use our apps to make your files easily accessible to those who need to share them, on multiple
supported devices. And trust us to keep them secure.
Attractive though that story may be to some organizations, it runs aground on two basic truths:
1. There are safer methods that make sharing even easier.
2. No matter how many ways providers assure customers that their files are safe, there’s
no escaping the inherent vulnerabilities in putting a third party in control of not only your
document files, but also your encryption keys and log files.
This whitepaper examines the disadvantages of the commercial cloud model for document
storage and sharing, and proposes a safer, more versatile model based on the combination of
secure local storage and HTML5 document viewing technology.
Credibility and Cloud Services
Since rolling out to the corporate market, the commercial cloud storage services have had a
rough time establishing a reputation for security.i
Although most commercial cloud storage vendors share the same vulnerabilities, Dropbox has
emerged as the symbol of the problem, in part because it has experienced some very public
security failures. The company has been linked to the PRISM scandal and the US National
Security Agency (NSA) considered tapping Dropbox’s servers as part of its controversial
domestic surveillance program, according to press reports.ii
But for customer organizations, the main flaw in the commercial cloud model