4specs.com    4specs.com Home Page

Cloud Based Platforms (Dropbox) and V... Log Out | Topics | Search
Moderators | Register | Edit Profile

4specs Discussion Forum » Coffee Pot and Water Cooler » Cloud Based Platforms (Dropbox) and Virus Risk « Previous Next »

Author Message
Robin E. Snyder
Senior Member
Username: robin

Post Number: 690
Registered: 08-2004
Posted on Friday, July 28, 2017 - 12:04 pm:   Edit PostDelete PostPrint Post

more and more of my clients are using shared dropbox folders for job file management. My concern is about being linked to other teams and the heightened risk of exposure to virus, ransomware etc. Anyone else considered this or explored this. One of my projects has 93 team members on the shared folder. I feel like I am at an orgy without any condoms.
Guest (Unregistered Guest)
Unregistered guest
Posted on Friday, July 28, 2017 - 12:39 pm:   Edit PostDelete PostPrint Post

Yeah...my clients (not only my A/E clients, but also A/E's clients) thus far are using Dropbox and ProjectWise...with FTP going by the wayside. My issue with Dropbox is I need to subscribe, at my expense, to be able to upload any specs files. While paying for one cloud service is reasonable, how many other potential cloud services could future clients require subscribing to? My guess A/E's/client's are shifting the some of "true/total" cost of hosting data storage by using cloud services and forcing collaborators to "sign-up" for same?
Anyways, to answer your initial question/statement, unless I'm presuming incorrectly (legally), wouldn't whoever team member introduces the "problem", is "responsible"? Do our consulting agreements need to "assign" responsibility, indemnity, etc. for such instances? Yes, while it doesn't proactively resolve the problem before it occurs (I don't know what else one can/could do...other than "trust" all team members to be very diligent, i.e., practice safe "computing"). The "prime"/"lead" entity that is driving the use of cloud services, needs to establish specific (binding?) criteria for file accessing/uploading, and otherwise using cloud service?
Lisa Goodwin Robbins, RA, CCS, LEED ap
Senior Member
Username: lgoodrob

Post Number: 322
Registered: 08-2004
Posted on Friday, July 28, 2017 - 03:42 pm:   Edit PostDelete PostPrint Post


Nice analogy for a Friday afternoon!
Phil Kabza
Senior Member
Username: phil_kabza

Post Number: 589
Registered: 12-2002

Posted on Monday, July 31, 2017 - 05:11 pm:   Edit PostDelete PostPrint Post

Guest: When a client who "owns" a Dropbox account shares a folder with you, you are able to download from it, and upload to it, without a Dropbox account. You just cannot delete from it (and there are likely some other limitations). You also can and should have your own free Dropbox account, with which you can keep your client shared folders organized. You won't need to pay unless you need considerable capacity or need the team organization of Dropbox for Business.

Check with your IT person about how your own anti-virus protection applies to files moving from the cloud to the Dropbox folder on your hard drive; incoming traffic should be being scanned by your security software.

I feel your pain concerning the array of cloud-based services we encounter in a consulting practice. We currently utilize FTP, Dropbox, GoogleDocs, Basecamp, and ShareFile with various clients.
Anne Whitacre, FCSI CCS
Senior Member
Username: awhitacre

Post Number: 1425
Registered: 07-2002

Posted on Monday, July 31, 2017 - 08:18 pm:   Edit PostDelete PostPrint Post

I work in a large office and we also communicate with contractors (mostly) using file sharing services -- I've used every one that Phil named except ShareFile, and that's probably going to show up on some project.
Phil's advice is what I've seen here too -- the scanning occurs when you download a document onto your own computer. You'll need to make sure your own computer is appropriately protected.
Robin E. Snyder
Senior Member
Username: robin

Post Number: 692
Registered: 08-2004
Posted on Monday, July 31, 2017 - 08:29 pm:   Edit PostDelete PostPrint Post

my understanding is that Ransomware is difficult, if not impossible, to catch. There is also a difference between file-sharing on an ftp site, where you pull of what you need, and dropbox which is sync'd w/ 93 other computers (and all the computers they are all synced with and so on)
J. Peter Jordan
Senior Member
Username: jpjordan

Post Number: 984
Registered: 05-2004
Posted on Tuesday, August 01, 2017 - 10:11 am:   Edit PostDelete PostPrint Post

I got hit with a ransomware "virus" several years ago and learned some difficult lessons. One of the reasons it is difficult to catch is that when activated (e.g., opening a message in which it is embedded), it "messages" the ransom site for the code to hold your stuff hostage. I got a Barracuda system that not only looks at incoming stuff, but outgoing stuff as well. If your "virus protection" systems don't catch it coming in, Barracuda will prevent it from activating.

Not an advertisement, just a report.
J. Peter Jordan, FCSI, AIA, CCS, LEED AP, SCIP
Curt Norton, CSI, CCS
Senior Member
Username: curtn

Post Number: 247
Registered: 06-2002

Posted on Tuesday, August 01, 2017 - 10:17 am:   Edit PostDelete PostPrint Post

Prior to arriving at my current firm, we had a serious issue with dropbox being installed on a local computer and a virus. Our system currently blocks all access to dropbox. I believe that from a security standpoint, you will be much better protected by using the browser access and download/upload as needed. This gives your anti-virus a chance to scan the files.

Add Your Message Here
Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Options: Automatically activate URLs in message

Topics | Last Day | Last Week | Tree View | Search | Help/Instructions | Program Credits Administration