back to article High-jacking the Box: Enterprise storage tool's customers leave secrets on web like sitting ducks – including Box itself

Various Box Enterprise customers have inadvertently shared, and probably still are sharing, sensitive corporate data on the public internet. And that included Box itself. Vulnerability-hunting biz Adversis sounded the alarm this week on the information leaks, after finding it was easy to guess app.box.com URLs to organizations …

  1. Doctor Syntax Silver badge

    I wonder how many of these cloud accounts are set up by end users to bypass IT who want to make a big inconvenient fuss about how they do things. Or maybe even use then to do away with an IT department altogether. Is it surprising they end up like this?

    1. Anonymous Coward
      Anonymous Coward

      Been there. The commoditisation of IT makes departmental managers feel they can do things themselves without input from experts in the field. This can be effective in the short term, but usually leads to pain in the medium to long-term. The spam/phishing people move with the times. Where I've seen this happen, the IT (or IS - Information Services as it was) Had informed technical management, but not necessarily the internal experience in, say, incident response. And this is the moment competent experts in the field--or indeed, simply a well-informed IT manager, can make the difference.

      More often than you might expect, things come full-circle.

      So the 2nd lesson is don't give up. A client you may think hates you, may come back when they (eventually, especially when things stop working) understand the value you had brought. Not a panacea, but understanding what's really going on in management with major clients will help with careful, informed planning, epecially if you are a self-employed business.

      Hope this added to the conversation. Cheers...and IT veteran.

      Just my thoughts.

      EDIT: typos.

  2. Androgynous Cow Herd

    Collaboration vs. security

    Box has done an amazing job in creating a collaboration sharing platform, and an even more amazing job of establishing themselves as an enterprise play. I can think of *many* very large SV companies that use the platform...over the horrified screams of the Infosec teams.

    Infosec people are paid to be paranoid...but being paranoid doesn't make you wrong...

  3. This post has been deleted by its author

  4. Anonymous Coward
    Anonymous Coward

    Users include

    Scotland Yard with 50,000 instances for storing CCTV evidence etc,

    Symantec who have a nice video about their use of box

    https://www.youtube.com/watch?v=80i1pShCLAU

    FICO that advises Banks on risk and fraud,

    FDA (inside dealers would love this)

    Other customers on

    https://www.box.com/en-gb/customers

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019