What bad timing for Box. On the eve of Boxworks, the enterprise file sync and share (EFSS) vendor’s biggest user conference to date, we saw headlines asking  “Are we too quick to trust cloud storage?”

The question didn’t come out of thin air.

Over the Labor Day weekend, nude, private photographs of model Kate Upton and Hunger Games actress Jennifer Lawrence began to go viral on the web.  They had been taken, it seems (not verified) with iPhones and stored on the iCloud. Hackers allegedly accessed the photos, posted them on the popular image-sharing site 4chan and voila!

Not surprisingly, the photos spread rapidly on social media sites like Twitter.

Consumerization of the Web Flows 2 Ways

Though the cause of the problem now seems to have been identified, the damage is done for Upton, Lawrence and other actresses who fell victim to "ibrute." According to Engadget, ibrute was first noted on code-sharing site Github.  It takes advantage of a weakness in Apple's "Find My iPhone" service and lets hackers access iCloud data.

The iCloud is primarily consumer-grade file storage and syncing service that isn’t meant to safeguard sensitive corporate data. That's the job of companies like Box and its competitors. However, the consumerization of the web flows two ways.  So, it’s only logical to ask why, if the iCloud isn’t secure for personal files, why would Box’s cloud and others like it be secure for sensitive corporate data?

Learning Opportunities

EFSS providers who are cloud-only will, no doubt, point to two or multi-factor authentication, as the answer. They will argue that what happened to Apple couldn’t happen to them.  But for some corporate users, including those at Box client GE, that’s probably not good enough. Long before the photo scandal happened, these enterprise clients said “no way” to storing everything on Box’s cloud. As a result, VMWare’s AirWatch and its Secure Locker offering were called on to solve the problem.

Is Cloud-Only a Problem in the Enterprise?

If Box wasn’t cloud-only, which as of this morning it is, in the GE situation, it would have had a hybrid option that would allow highly sensitive files to stay on premise. Other leading EFSS providers like Accellion, EMC Syncplicity and Citrix, among others, offer this choice to its users.  This leaves enterprises to question as to why they should consider using Box as a solution, when they’re not willing to put everything in the cloud.

And while bringing in an additional vendor might seem like one solution, in most cases, working with one vendor is better than two.

Will Box Find an On-Prem Solution?

We’ve been told by some sources that Box CEO Aaron Levie, who is a magician, has a trick up his sleeve that would be revealed at Boxworks. We’ll be watching. It could be its addition of an on-prem solution, but we doubt it.