DRAFT DRAFT DRAFT
Talk about Dropbox and Sony as lead in, and then the whole issue of where we invest our trust in the first place.
Part of it is about never truly being able to know, even with third-party audits by independent firms of security procedures, whether a company actually does everything right to the current set of standards. And even if they do, a cracker might figure out a previously unknown weakness that allows exploiting even a well-run company’s data storage or software. On top of that, keyloggers and other malware can override even the best company software.
Where to start?
First, evaluate the kind of data you’re handing over or storing elsewhere. This is true when signing up for accounts or storing data in the cloud.
Next, consider whether you need to retain the key or not. Even with Dropbox, you can opt to use software that lets you own the key by layering it. Or you can use SpiderOak or other solutions that give you the key by default.