Dropbox drops authentication

What a disaster for dropbox yesterday when their authentication system broke and allowed users to use any password to login.  I am shocked that a major SAAS host would have such a major bug that would allow complete access to any of their accounts.  This is a lot worse than the previous PR issue where they were promising things that they could not due to U.S. law.

This speaks to a very large issue with QA testing on new code.  As one of our network admins here pointed out, it is similar to an anti-virus vendor releasing an update that detects system files as a virus, thus rendering Windows unusable.  There is no excuse when you are that large to not have sufficient testing in place.  We need to expect better from the supposed mature SAAS companies out there.

It looks like Dropbox took a page from the Google PR team stating, “A very small number of users (much less than 1 percent) logged in during that period…”  That just speaks to arrogance and attempts to put some sort of positive spin on a big disaster.  Plus 1% of your customers is around 250,000 users.

This will also be another reason to be very cautious when picking your SAAS vendors.  Make sure you have a balance of security, flexibility, total cost, and recovery.  If your data needs to be secure you need to pick a vendor that matches that security.

Remember, nobody will care more about your data than you will.

Comments

Powered by Facebook Comments

Tags: , , , June 21st, 2011 Posted in SAAS

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Powered by WordPress | Blue Weed by Blog Oh! Blog | Entries (RSS) and Comments (RSS).