Tag Archives: dropbox

Video Spotlight: Rob Kirkland tells how ShareFile can be an alternative to Dropbox for advisers

Posted on March 12, 2012 by in Video Spotlight

Dropbox is well known among FPPad readers, as I’ve covered the consumer-oriented file sharing service for its mobile apps, a highly-publicized lapse in security, and upcoming integrations with adviser technology providers.

Tackling security head on, ShareFile, another online file storage and sharing service, is taking aim at Dropbox’s lack of enterprise features and built a product it believes is best suited for financial advisers.

In this video spotlight, Rob Kirkland, Sales Executive for ShareFile, talks about the service’s approach to security and how advisers can use it to easily collaborate with an unlimited number of clients and allied professionals.

(click here to view on YouTube)

FPPad Bits and Bytes for January 13

Posted on January 13, 2012 by in Bits & Bytes

Atlanta, Omaha, Las Vegas, Los Angeles…

That describes my homes away from home for the week leading up to and following today. While I didn’t have time to address some of the news that’s come across my wires, I still put together my Bits and Bytes list so you can quickly scan what’s going on in financial planning technology.

Here are this week’s stories of interest:

Erado Shatters 2011 Growth Projection from MarketWatch.com

[I’d like to say I played a part in Erado’s success, what with all the mentions here on FPPad and in my social media compliance presentations delivered across the country. Even so, all the marketing and buzz does nothing if the product fails to deliver on a fundamental need: automated, no-thought capture and archiving of social media messages posted by registered investment advisers and broker-dealer representatives.] Erado, the nation’s leading compliance and archiving firm in electronic communication, formally announces their record-shattering growth in 2011. Amongst many other key milestones, Erado added over 30 new broker-dealer clients and partners, provided social media compliance services to over 40,000 advisors, and will be hiring more employees from the area.

Keeping Files In The Cloud from the Wall Street Journal

[This is a preview of a larger story to which I contributed several ideas on best practices advisers should follow when deciding to use cloud services for file storage. You can view the full article with a free trial to Dow Jones NewsPlus.] Advisers are increasingly turning to Web-based services to hold business-related information, for the convenience of accessing it from anywhere. Some use simpler storage sites, while others are contracting a comprehensive document-management system based in the cloud, which may actually make it easier for advisers to meet some regulatory obligations.

Mercer Advisors Due Diligence Team Selects Orion Advisor Services as Portfolio Accounting Service Partner from MarketWatch.com

[With just one client, Orion effectively boosted its assets under administration by almost 6%. The competition is getting serious between the industry’s top service providers!] Orion Advisor Services, LLC was selected as the outsourced portfolio accounting partner by Mercer Advisors, a total wealth management firm with $3.5 billion in assets under management as of September 2011. The Mercer Advisors due diligence team includes 10 individuals that made on-site visits to a number of portfolio accounting service bureaus, including Orion.

FPPad Bits and Bytes for November 4

Posted on November 4, 2011 by in Bits & Bytes

Wow, what a packed week at Schwab IMPACT! Still, I took time out of my schedule to assemble this week’s top articles in financial adviser technology (and there are plenty!).

First, if you continue to seek guidance regarding online document storage solutions (like Dropbox, SugarSync, et. al.), read my column in November’s Journal of Financial Planning, Evaluating Online Document Storage.

Then, catch my coverage of IMPACT in these two posts:

Here are this week’s stories of interest:

Evolution of Orion from FA-mag.com

[Orion made a series of waves in the technology ocean back in August, which I covered in a series of posts. Here Joel Bruckenstien summarizes how Orion has put some serious pressure on technology providers in the independent adviser market.] Orion Advisor Services LLC is a firm that seemingly flies under the radar of many financial advisors. Orion’s journey from a service bureau start-up to technology innovator has been anything but typical.

Integration Key to Tech Advantage from AdvisorOne.

[You hear this over and over: integrated solutions can offer big time and cost savings. But at least Eric Clarke, president of Orion Advisor Solutions, provides good rules of thumb for advisers seeking new solutions.] Technology is a pervasive part of any industry and one that is constantly changing. One of the keys for advisors to maintain a comprehensive, efficient technology solution is integration.

New Raymond James Social Media Platform Lets Advisors Use LinkedIn, Facebook, Twitter from AdvisorOne.com

[Erado and Socialware have been the beneficiaries of several broker-dealer engagements as of late, but here comes Actiance making news with its deal with Raymond James.] Raymond James has just implemented a new social media platform from Actiance that will allow the broker-dealer to use social media sites including LinkedIn, Facebook and Twitter while complying with Financial Industry Regulatory Authority (FINRA) regulations.

Orion Advisor Desktop updates include performance screens and file sharing

Posted on August 31, 2011 by in Portfolio Management Software

After a fantastic afternoon of activities including a golf tournament and a tour of the Denver Botanical Gardens, attendees of the Gemini + Orion Advisor Forum looked forward to the final day of sessions.

Prior to departing for outdoor activities, Orion provided an update of their Advisor Desktop suite, including a discussion of enhanced performance screens, end-to-end trading processes, and new integration with the Dropbox cloud file sharing and synchronization service.

Enhanced Performance Screens

New additions to the performance screens include two “gadgets,” where performance can be displayed using heat maps or bar graphs. The heat maps are a very slick addition, where they show performance information in shades of red and green (much like the daily return grid on the MorningstarAdvisor.com homepage), and can be configured to show performance by style, model, account, household group, and more.

Dropbox Integration

Big Guns at the Orion Advisor Tech Panel

Big Guns at the Orion Advisor Tech Panel

During the Tech Panel discussion, Orion revealed that its working on an integration with the popular cloud file storage service Dropbox. Orion president Eric Clarke commented that its the company’s first attempt at supporting such a service and aims to simplify the process of sharing documents and information between Orion’s service team and their advisor clients.

Advisors who currently use Dropbox with their clients for other purposes may be able to leverage this new integration and deliver certain reports and data generated from within the Orion system directly to the end client’s shared folder.

Look for the Dropbox integration to be available in the next major release, scheduled for December 2011.

Bug Affects Dropbox Security: What Advisers Need To Know

Posted on June 21, 2011 by in Compliance, Software, Technology

Just last week I wrote a post addressing Dropbox and its use by financial advisers. It’s worth reading, but the summary is:

  • If you are regulated by FINRA, don’t use Dropbox (or any web-based service where you place client information) without the approval of your broker-dealer’s compliance department. Even after approval, document what your policies and procedures are to keep client information safe.
  • If you are regulated by the SEC or state as a registered investment adviser, document the steps you take to protect the security and confidentiality of customer information placed on web-based services such as Dropbox. You may optionally apply your own encryption to files saved in Dropbox to better protect them from unauthorized access.

So what happened over the weekend?

During system maintenance on Sunday, June 19, Dropbox introduced a bug into its authentication mechanism. Click here to read Dropbox’s explanation of the issue.

In summary, for a period of about four hours, correct passwords were not needed to log in and access Dropbox accounts. All that was required was a valid email address associated with an active account.

Make no mistake, this is a serious security issue.

Anyone who might have guessed an adviser’s email address (or even look it up on the adviser’s website) which happens to be used for a Dropbox account storing client files would have been able to access, view, download, et. al. those files without needing a valid password.

However, for advisers who encrypt or otherwise protect documents stored on Dropbox with access passwords, unauthorized access to the Dropbox account would not have yielded access to the contents of the files; only the file names would be visible (for password-protected documents).

The security lapse should never have happened, but it did. I said last week that adding an extra layer of security and/or encryption was optional. I feel I must be more specific in my recommendation of Dropbox.

If you choose to use Dropbox to store and share documents with client information, encrypt and/or password protect those documents prior to placing them in Dropbox.

Yes, this extra security makes sharing documents a bit more convoluted, as clients with whom you share files must remember the password required to access documents. But consider the alternative without the use of the extra layer of security in Sunday’s scenario.

And really, you shouldn’t have to apply your own security, but Dropbox isn’t touting their service for the enterprise market or regulated industries like financial services. They’re first and foremost a company providing a product for consumers. Should you choose to use Dropbox for client documents, take the necessary steps to better protect client information from unauthorized access.

Also, consider alternatives to Dropbox such as SugarSync, Carbonite, Egnyte, Wuala, and more. They’re worth investigating and performing your own due diligence.

Dropbox for Financial Advisers: Is it Safe? Secure?

Posted on June 15, 2011 by in Compliance, Software, Technology

Update 6/21/2011: A bug affected Dropbox’s password authentication mechanism on June 19. Read my follow up post on what advisers need to know about the compromised security.

Financial advisers want to know: is Dropbox, the simple and convenient file storage service, safe and secure? The answer to that question may not be so clear.

Is Dropbox safe and secure?

Can I store and share client documents on Dropbox?

I get asked these questions about Dropbox, a simple and convenient file storage service based in the cloud, quite often at conferences and while consulting with financial advisers.

I’ve discussed Dropbox several times on FPPad (see The iPad for Financial Advisers and Wealth Managers, A Real Life Example of Productivity Tips in Action, and Dropbox Featured in Forbes; Tools Should “Just Work”), but have not specifically addressed security characteristics of the service as they apply to financial advisers and registered representatives.

Frankly, Dropbox’s security attributes of have been a moving target as of late. That’s not necessarily a bad thing for the wildly-popular service, used by more than 25 million people, but it is important that advisers take a close look at how Dropbox communicates regarding its security.

Is It Secure?

I won’t rehash the details of recent controversy over Dropbox’s changes to its statements on security here, but I do want to direct you to a resource that I feel fairly addresses the situation.

Over at TechRepublic, IT consultant Michael Kassner posted an interview with ChenLi Wang of Dropbox’s Business Operations. Read Kassner’s post to gain perspective on Dropbox’s changes to its security statements and how they apply to its users. Click the link below to read it first, then come back and continue reading this post.

TechRepublic: Dropbox: Convenient? Absolutely, but is it secure?

Security Discussion

Flickr: Grey Wind

Now that you have some background on the issue, let’s address security from the financial adviser’s perspective.

Without question, financial advisers collect and maintain personally identifiable information (PII) on clients in order to deliver financial advisory services. Both FINRA and the SEC have requirements in place that FINRA member firms and registered advisers must follow. SEC Regulation S-P, Privacy of Consumer Financial Information, is the primary rule by which advisers must abide to address the protection of client information and records.

With respect to Dropbox, what must advisers do to abide by the requirements?

If you operate under FINRA, you must first ask your broker-dealer’s compliance department what your options are when considering the use of cloud-based applications, including Dropbox. It’s likely your broker-dealer has performed due diligence on a select number of providers which likely include vendors of cloud-based CRM, portfolio management software, financial planning, and document management applications.

Empirically, some broker-dealers have approved the use of services like Dropbox for their registered representatives, while others prohibit its use. So I cannot provide specific guidance for those of you affiliated with a broker-dealer; check with them first.

If you are an SEC or state-registered investment adviser, you must have written policies and procedures in place that address the steps you follow to protect client information. If you elect to use Dropbox, document the steps you take that are designed to (taken directly from Reg S-P):

(i) insure the security and confidentiality of customer records and information;

(ii) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and

(iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

From Kassner’s post highlighted earlier, Dropbox acknowledges that, in “rare circumstances,” a “small number of employees” are able to access user data according to the provisions in Dropbox’s privacy policy (e.g., when legally required to do so). Aside from the rare circumstances, Dropbox’s Wang went on to say:

We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.

So let me challenge you, the adviser, with this question: What steps do you have in place to insure the security of client information stored on other web-based services? Have you performed similar due diligence on your CRM provider, online financial planning software, or even your online e-newsletter service? If you feel those services adequately protect the security of client information, how does that align with your confidence in Dropbox’s ability to provide similar protection?

Encryption

Before concluding this post, let’s briefly address the option of using additional encryption. To better protect client information, records can be encrypted using third-party applications before they’re transferred to web-based services like Dropbox (though I know of no methods advisers can use to encrypt client data stored in, say, web-based CRM. Does that make it more vulnerable?).

Remember, Dropbox stated, “all files stored on Dropbox servers are encrypted (AES 256).” Is it necessary to add yet another layer of encryption to files stored on Dropbox? Perhaps. If additional encryption is applied to documents stored on Dropbox, even if the “small number” of Dropbox employees access files legally under “rare circumstances,” all they will see are encrypted files with no meaningful data.

So, yes, the use of third-party encryption such as TrueCrypt, SecretSync, and others mentioned in Kassner’s post, does add an additional layer of obfuscation to protect against information access by Dropbox employees. But does that mean it is required to comply with regulatory requirements?

I believe the answer is no.

Files are already stored encrypted on Dropbox. There’s a reasonable expectation that the files will remain protected from unauthorized access. Assuming select Dropbox employees do access stored files, citing the legal requirement to do so, that access is likely to be authorized, as it is in response to a request from law enforcement. If this were to happen to you, you probably would have more to be concerned about than Dropbox decrypting your files and providing them to law enforcement.

Best Practices

Let me close with what I believe to be best practices for the use of cloud-based storage services, including Dropbox.

If you’re a FINRA member, check with your broker-dealer’s compliance department before using any web-based service. Obtain approval before storing any client information on such services. Also, document your policies and procedures regarding the steps you take to protect client data when using web-based applications.

If you’re an independent registered investment adviser, document the policies and procedures you employ to protect client data when using any web-based service. For added protection, you may optionally apply third-party encryption where applicable, but I believe it is not a requirement to comply with SEC Regulation S-P rules.

Do you have practical information with respect to these best practices? Perhaps your broker-dealer has raised issues on web-based services that are not included here. Please leave comments and feedback below to help clarify what advisers need to do to protect client data stored in cloud-based services.

 

Full Disclosure: I use Dropbox every day; it significantly simplifies my life. I store both personal and company files on the service. However, I am neither SEC or state-registered nor am I a FINRA member.

For those files that contain private or sensitive information, like social security numbers and bank account numbers, I add individual file password protection. All of these files are in PDF format, so I use Adobe Acrobat to encrypt all document contents with 256-bit AES and require a password to open the document.

Even Adobe PDF document passwords are not a 100% guarantee against unauthorized access. No password-based security system is. But with a combination of mixed case, numbers, and punctuation, the time required to apply a brute-force attack to crack the password may deter unauthorized users from an attempt, and instead seek out more vulnerable targets for an attack. I feel that this level of protection is adequate for my personal situation and acknowledge that the benefits of using web-based services like Dropbox are compelling enough to accept the risk trade-off. Your situation may dictate different considerations.

 

FPPad Bits and Bytes for January 28

Posted on January 28, 2011 by in Bits & Bytes

Again, we’re busy behind the scenes working with new clients, preparing new presentations for upcoming conferences, and writing new content for columns and articles. Blog posts are sporadic, but we still reserve the best tech related stories for Friday’s Bits and Bytes update.

Here are this week’s stories of interest:

New Portfolio Management Software For Advisors; AdvisorEdge Looks Good from advisors4advisors.com

AdvisorEdge is a new portfolio management software (PMS) app that is being launched as a result of a patnership between Mike Kelly of Back Office Support Service, and Matt Abar of FinFolio.

Making sense of document storage confusion from InvestmentNews.com

A good document storage system can offer convenience by allowing advisers and clients to share documents securely over the Internet, no matter where they are.

Take Digital Notes, Discreetly from MorningstarAdvisor.com

When attending conferences, advisors may find the process of using a laptop to take notes too obtrusive. Here’s one alternative that makes the process much more inconspicuous.

How a big Atlanta RIA kept sledding with technology after snow paralyzed the city from RIABiz.com

While most Atlantans spent the week ensconced at home, Balentine employees continued with business as usual with the help of laptops, iPads, iPhones, and NetX360.

One Year Later: Revisiting FINRA’s Social Media Usage Guidelines from CMSWire.com

A year ago FINRA, the regulator that oversees brokers and other financial advisors, released guidelines for social media usage. Since then, financial advisors have carefully tip-toed into the social media landscape, thanks to financial networking sites like LinkedFA.com and Smarsh.

Document Editing on the iPad Remains Convoluted Despite SugarSync’s Update

Posted on April 19, 2010 by in Technology

Two weeks ago I posted a review of the ways I see advisers using iPads in their practices. One of the drawbacks I highlighted was the lack of a native file explorer to easily locate, edit, and save files stored on the device.

I mentioned three apps that can be used to circumvent this drawback (GoodReader, Dropbox, and SugarSync), each with its own pros and cons.

Today, the folks at SugarSync released an update to its iPad app to enable users to perform basic file editing and synchronization with its SugarSync cloud document storage service.

Unfortunately, I still find document synchronization on the iPad, even with the SugarSync update, to be a convoluted process.

Read More…

The iPad for Financial Advisers and Wealth Managers

Posted on April 6, 2010 by in Technology

Apple iPadI’ve had my Apple iPad for about 72 hours and am ready to post my overall reaction to the product and specifically address how I believe financial advisers and wealth managers can use the device in their practice.

The Executive Summary

  • What: Apple iPad Wifi 16GB
  • Pros: Elegant design, sleek & attractive, easy touch interface with nearly no learning curve, 10+ hour battery life
  • Cons: (Besides the 13 referenced below) No native file explorer, editing existing documents is a convoluted process.
  • Takeaway: The iPad can compliment a paperless office, enhance meetings with clients, and provide a single source to access print and online media if you’re willing to work within the limitations of existing apps.

The Review for Financial Advisers & Wealth Managers

What you won’t find in this review are the general statements about the iPad’s cool features (like iBooks, pinch-zooming, etc.)  and the drawbacks (no multitasking, no USB ports, etc.) of the device. Instead, you’ll find my take on how I believe advisers and wealth managers can use the new tablet computer to enhance their daily lives.

If you still feel like you need the basic pros and cons overview of the device, here are two links, one in favor of the iPad’s potential to change computing, and one painstakingly detailed on the drawbacks of the device.

With that out of the way, let’s explore the ways I see advisers using the iPad.

Read More…

Dropbox Featured in Forbes; Tools Should “Just Work”

Posted on November 1, 2009 by in Software, Technology

Last week I wrote about how the Dropbox service prevented minor embarrassment when my presentation slides weren’t loaded on the presentation laptop.

I finally got around to reading the October edition of Forbes magazine and saw Lee Gomes’ Digital Tools column.

Click here to read Forget Disruption. Dive Deep Instead on Forbes.com.

The point of the column is how Dropbox programmers worked extremely hard to tackle some very difficult code, yet the result is a simple and elegant program that just works. Once you “get” the concept of Dropbox and start using it, you wonder how you ever lived without it.

Read More…