Zimbra vs. Dropbox and Evernote; Security and Privacy Policies

Challenges: Ease of Use vs. Security

Dropbox and Evernote are very easy to use and have enjoyed fairly broad market adoption.

Two issues we have with Dropbox are their security (all customer files were left open for several hours in Summer 2011 for anyone to see) and their Privacy Policy, which enables Dropbox to share your files with third-parties who provide support services to Dropbox.

Evernote’s Terms of Service have you granting Evernote a license to all of your Content that you post there. Similar to Dropbox, Evernote’s Privacy Policy also allows them to share your data with third parties. Worse, Evernote will drop cookies and tracking pixels on your devices.

For corporations in regulated industries (e.g. healthcare, financial services), employees who use such services for data covered by, say, HIPAA, may have created a defacto violation – Neither Dropbox nor Evernote to our knowledge execute Business Associate Agreements.

In unregulated industries, much corporate data is highly sensitive, so why would you want to allow a service provider to share it with third parties?

Solution: Zimbra Briefcase and CyberDuck

Zimbra already has a robust file-sharing, Google Docs-like offering in the form of the Briefcase. Until Zimbra releases Project Octupus in version 8, what is lacking in Zimbra now is the ability to synchronize easily the files in your Zimbra Briefcase with the files on your computer.

That functionality however is easily provided by a handy utility called Cyberduck, available for download at http://cyberduck.ch/. Historically, Cyberduck (and Filezilla, another favorite tool of ours) have been used for FTP transfers. As insecure plain-text FTP gave way to FTPS and SFTP, both Filezilla and Cyberduck expanded the number of transfer protocols supported.

But Cyberduck didn’t stop there. They saw that the future was in Cloud Storage, so they added even more secure transfer protocols to enable users to transfer files to Amazon S3 and indeed any storage repository which supports WebDAV over http — like Zimbra’s Briefcase.

So what we do ourselves and have configured for clients needing this functionality but are concerned about Dropbox’s past data breach history and Evernote’s content licensing, is to configure Cyberduck to talk directly to Zimbra’s Briefcase. Cyberduck you see, does Remote-Local Syncing of whole folders trees, so it’s a snap to keep your Zimbra Briefcase and your computer repositories in sync.

The sync process to be fair takes two mouse clicks; you have to remember to actually do it.  But if you need to keep all your corporate documents on your corporate Zimbra system and your corporate laptops, the combination of Zimbra and Cyberduck is a win-win until Zimbra’s Project Octopus comes along later this year.

Hope that helps,


Leave a Reply

Your email address will not be published.