Security for Cloud Synced Data (Dropbox and MobileNoter)

Two applications that I am using for file transfers in my new iPad centric practice are Dropbox and MobileNoter. Both of these applications provide cloud synchronization features that allow data stored on my system computer to be synced via the cloud to or from my iPad in encrypted form. Before using these services, I conducted some basic due diligence to assure myself that the security features of Dropbox and MobileNoter were adequate for the transmission of confidential information.

Dropbox explains its security measures in great detail in the memo that I have attached. The security provided appears to be multi-layered and robust.DropboxSecurityOverview[1]

Similarly, MobileNoter explains its security features as follows:

“All traffic between “MobileNoter Windows Sync Client” and the server is transmitted via a secure HTTP channel (SSL Encryption). This ensures that no one can intercept your data when it is being transmitted. This also provides a very high level of security that is enough for most of our users.

In addition to the secure channel, MobileNoter has an option to encrypt user’s data with a user-defined key. Data is encrypted on a Windows PC before it is transmitted to the server and later decrypted on iPhone/iPad/Android device when it is received (and vice versa). This means that your data is transferred through the network and stored on the MobileNoter server in the encrypted form and no one can decrypt it without the key (that only you know).
We suggest turning on encryption if you have sensitive data in your notebooks.

If encryption is turned on, MobileNoter encrypts all OneNote data and Quick Notes using the AES 256 algorithm. You are asked to enter a key when you turn on the encryption. You are asked for the same key on iPhone/iPad/Android device when MobileNoter detects that data on the server is encrypted. Your key is not transmitted anywhere, but it is saved in a local system, so you do not have to enter it on each sync.”

Obviously, attorneys using iPad applications that sync to the cloud, need to be cognizant of the security of the data transferred.  Legitimate application developers should provide the necessary documentation to make this evaluation possible.

I would be interested in hearing whether others agree that the security provided by Dropbox and MobileNoter is adequate for the transmission of confidential data. If not, what additional security feature(s) do you believe is necessary?