+ Post New Thread
Page 6 of 7 FirstFirst ... 234567 LastLast
Results 76 to 90 of 95
General Chat Thread, Article: Is DropBox ok to use? in General; Does the new Dropbox safe harbour certification now make Dropbox something we can now recommend to staff, or is there ...
  1. #76

    Join Date
    Mar 2007
    Posts
    127
    Thank Post
    28
    Thanked 5 Times in 4 Posts
    Rep Power
    16
    Does the new Dropbox safe harbour certification now make Dropbox something we can now recommend to staff, or is there still an issue with data leaving the EU?

  2. #77

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    or is there still an issue with data leaving the EU
    I'm sure GD will find one

    [Comment of whole thread]
    (Its non-issues like this that make me despair of modern society! )

    Do a risk assesment - count the possible data breaches - count the possible damage - do the maths
    Simon
    [/]

  3. #78

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Apologies for not putting an update on for this after Daniel's post ... I have been trying to follow it up to try and cover the other queries about The Patriot Act too. I'll stick up a longer article shortly but the summary is as follows.

    Dropbox have now agreed and certified to the US-EU Safe Harbor Agreement, and have put in their entry what they comprehensively cover, process, store, etc ... and this does indeed meet the requirements under the DPA for transfer of data outside of the European Economic Area. The issue that surrounds them being a US company and under The Patriot Act has to be a judgement by the school (as they would for any other service such as Google, Microsoft, Apple, Box, etc) as to whether they believe this is a risk (that a law enforcement agency may seize the data), but understand that we have a similar section in our DPA to cover our companies operating overseas. I have requested an update from the ICO as to whether this needs to be considered a risk and so far, again there is no quotable response, but the points raised previously stand.

    If the issue was the lack of Safe Harbor Agreement then that has now been met, if the issue is with it being outside of the EU then we know that DropBox use Amazon servers in San Francisco and if the issue is one of the The Patriot Act then it is a judgement call as to whether you believe that it is or isn't correct that a law enforcement agency from another country can seize data, in the same manner we have equivalent laws to seize data in the UK and this already applies to many services already used within schools (and there has been no issue so far or significant legal challenge).

    For me ... it is no longer a risk assessment about whether they are a risk as to whether there could be a problem (i.e. break the law but no harm, no foul) but now simply a case of they *can* follow the law ... but, as with all such firms, you are making an assessment about whether they will and there is nothing to indicate that they won't.

  4. 2 Thanks to GrumbleDook:

    elsiegee40 (1st March 2012), steele_uk (1st March 2012)

  5. #79


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by GrumbleDook View Post
    If the issue was the lack of Safe Harbor Agreement then that has now been met, if the issue is with it being outside of the EU then we know that DropBox use Amazon servers in San Francisco and if the issue is one of the The Patriot Act then it is a judgement call as to whether you believe that it is or isn't correct that a law enforcement agency from another country can seize data, in the same manner we have equivalent laws to seize data in the UK and this already applies to many services already used within schools (and there has been no issue so far or significant legal challenge).
    TBH the patriot act is the last of our worries; the US government can already close you down and have you extradited to the states without presenting any evidence to a British court. The fact they might be able to cease my data sort of pails into insignificance given that I could face an indeterminate sentence in a US prison if one of my users so much as looked at some copyrighted material.

  6. #80

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by CyberNerd View Post
    TBH the patriot act is the last of our worries; the US government can already close you down and have you extradited to the states without presenting any evidence to a British court. The fact they might be able to cease my data sort of pails into insignificance given that I could face an indeterminate sentence in a US prison if one of my users so much as looked at some copyrighted material.
    For some organisations it is an issue and the proposed changes to the EU data laws which are likely to deal with these concerns might make some consider it as an issue too, until it is resolved.

    Whilst some may make light of it, the law is there for a reason.

  7. #81
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,762
    Thank Post
    897
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    86
    So what are peoples thoughts on this now?

    We are just rolling out skydrive desktop app to all staff. I need to be able to give them some guidelines on its usage.

    I've heard all the arguments and to be honest I am pretty happy them saving files to their skydrive accounts. They have already been using live@edu email in the same way for a year now with no problems so far.

  8. #82


    Join Date
    Jan 2009
    Posts
    1,225
    Thank Post
    150
    Thanked 238 Times in 164 Posts
    Rep Power
    155
    I've just installed Skydrive app on my laptopm to see what it's all about.

    I'm still not really sure about it, or any 'cloud' based storage, that will potentially have student confidential data saved to it. It's a MS app after all, and it's Windows Live based, which to my mind, makes it a target for hacking, password-publishing and all the rest of it. One of the reasons I gave for retaining our Exchange server and not migrating to Live@Edu.

    I'm firmly of the opinion that, if we used Live@Edu or Skydrive or Dropbox here, someone, somewhere here would store something confidential, their account would get hacked amongst thousands of others and it would all end in tears........and I'm too short-time for that.

  9. #83
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,762
    Thank Post
    897
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    86
    Quote Originally Posted by Earthling View Post
    One of the reasons I gave for retaining our Exchange server and not migrating to Live@Edu.
    We've been on Live@edu for a while now for email and had all those conversations before moving. Now we are on it, I really do wonder what the fuss was all about.

    Touch wood, We have not had a single incidence of hacking or any kind of data loss since we started using it.

    Storing files in the cloud is just another step along that path I think. But I do have the same reservations as everyone else about the security. So far though I have not seen any evidence of this happening on live@edu.
    Last edited by zag; 25th April 2012 at 11:34 AM.

  10. #84


    Join Date
    Jan 2009
    Posts
    1,225
    Thank Post
    150
    Thanked 238 Times in 164 Posts
    Rep Power
    155
    Quote Originally Posted by zag View Post
    We've been on Live@edu for a while now for email and had all those conversations before moving. Now we are on it, I really do wonder what the fuss was all about.

    Touch wood, We have not had a single incidence of hacking or any kind of data loss since we started using it.

    Storing files in the cloud is just another step along that path I think. But I do have the same reservations as everyone else about the security. So far though I have not seen any evidence of this happening on live@edu.
    Touch wood..........

    I think I'm being realistic when I think that it WILL happen sooner or later. Hotmail was always being hacked every couple of years and I'm sure Windows Live will be just as much a target, if (maybe) a bit harder to crack. But hey, if it works for you, good luck. I have other reasons for not wanting to go Live@Edu, too. That's just one of them.

  11. #85
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,762
    Thank Post
    897
    Thanked 416 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    86
    Thanks, as you can probably tell I'm trying to convince myself here as well

  12. #86
    Alis_Klar's Avatar
    Join Date
    Oct 2007
    Location
    East Birmingham
    Posts
    287
    Thank Post
    142
    Thanked 20 Times in 10 Posts
    Rep Power
    17
    If it is now just an issue of password security how is a pupil giving out their password for Dropbox or Live@EDU any worse than giving out their password for the school domain (if you have some form of remote access to your internal servers set up). In fact in this senario if users are compromised on your network then the piossiblilites for some heath-robinson remote access solution being hacked are worse as your INTERNAL network and servers could be compromised.

    My point is surely from a IT security point of view having less "vectors" into your internal network is preferable. Cloud storage is one way of allowing sharing between home and school without opening up your network.

    Google and Microsoft should be tailoring their products to allow lock downs on sharing files with users outside your organisation and the online editing/viewing features should be used to facilitate the disabling of download permissions entirely (of course copy and paste and screenshot is a loophole) so files could not be downloaded from a secure folder and then distributed.

    Another idea is that the web application detects that when you are sending e-mail to an external domain and pop's up a reminder of your responsibilities under the DPA and gives you an "are you sure" message.

    Just basic e-mail has allowed the worst kind of DPA infringements in history but we don't all block hotmail and gmail in schools.

  13. #87
    Alis_Klar's Avatar
    Join Date
    Oct 2007
    Location
    East Birmingham
    Posts
    287
    Thank Post
    142
    Thanked 20 Times in 10 Posts
    Rep Power
    17
    What I'm basically saying is PLEASE CAN WE HAVE GROUP POLICY (like functionality) FOR LIVE@EDU/GOOGLE APPS!!!!

  14. #88

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,061
    Thank Post
    853
    Thanked 2,675 Times in 2,269 Posts
    Blog Entries
    9
    Rep Power
    768
    Quote Originally Posted by Alis_Klar View Post
    If it is now just an issue of password security how is a pupil giving out their password for Dropbox or Live@EDU any worse than giving out their password for the school domain (if you have some form of remote access to your internal servers set up). In fact in this senario if users are compromised on your network then the piossiblilites for some heath-robinson remote access solution being hacked are worse as your INTERNAL network and servers could be compromised.

    My point is surely from a IT security point of view having less "vectors" into your internal network is preferable. Cloud storage is one way of allowing sharing between home and school without opening up your network.
    The main reason you don't want people getting into your servers is so they can't get a hold of all the sweet gooey data inside them - sure them being trashed is annoying but the data is key - if all that data is now external you still have the issues but little control of the system. In short, your protecting your internal network by removing many/all targets of value from it, moving the problem, not solving it.

  15. #89


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by SYNACK View Post
    In short, your protecting your internal network by removing many/all targets of value from it, moving the problem, not solving it.
    The key from a managerial point of view, is that you move it to being some one else's problem.
    Provided you jump through the correct hoops, you get the bonus of deny-ability to boot.
    If MS servers get cracked and data leaked, we've done all we need to from ICO point of view - we checked their safeharbour status and it isreasonable to assume that they have more technical security knowledge to secure their servers than I do. If my servers get cracked and data leaked, I'm in a whole heap load more trouble and could be criminally liable.

  16. #90

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by CyberNerd View Post
    The key from a managerial point of view, is that you move it to being some one else's problem.
    Provided you jump through the correct hoops, you get the bonus of deny-ability to boot.
    If MS servers get cracked and data leaked, we've done all we need to from ICO point of view - we checked their safeharbour status and it isreasonable to assume that they have more technical security knowledge to secure their servers than I do. If my servers get cracked and data leaked, I'm in a whole heap load more trouble and could be criminally liable.
    Sorry, but that is wrong. What you are doing is sharing the responsibility and giving yourself the option of taking someone else to court *after* you have been hung, drawn and quartered first (though the knives will probably be well and truly blunt before they get to a school after having gone through the hosting provider but the risk is still there). You cannot completely devolve legal responsibilities on data protection and safeguarding, and it is the school's legal responsibility to appropriately choose the right partners to work with. This is one of several reasons why the large scale frameworks sorted out by LAs, RBCs and central Govt go through so many legal hoops ... to save schools having to the same amount of investigation because it has already been done and deemed as appropriate as possible.

SHARE:
+ Post New Thread
Page 6 of 7 FirstFirst ... 234567 LastLast

Similar Threads

  1. Primary: Is Eprofile 3.2 latest version to use?
    By SimpleSi in forum Educational Software
    Replies: 0
    Last Post: 9th September 2011, 08:49 AM
  2. Is Microsoft beginning to 'lose it'.
    By Dos_Box in forum General Chat
    Replies: 17
    Last Post: 5th February 2008, 10:31 AM
  3. Which Backup Hardware to use
    By Brad in forum Hardware
    Replies: 19
    Last Post: 28th March 2006, 10:16 PM
  4. Five reasons NOT to use Linux. :)
    By Geoff in forum *nix
    Replies: 2
    Last Post: 31st August 2005, 07:38 AM
  5. Parental Consent to use the internet at school
    By mark in forum School ICT Policies
    Replies: 20
    Last Post: 24th June 2005, 11:18 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •