Don’t Throw Out Dropbox, Not Yet

While Dropbox is great for collaboration, it does have security risks. Rather than replacing Dropbox, another layer of security can be added that would enable organizations to control which files are uploaded to Dropbox, and who has authority to share these files, writes Ronen Kenig of Safe-T.

Ronen Kenig is vice president of marketing and product management for Safe-T.

Ronen-Kenig-tnRONEN KENIG
Safe-T

Dropbox's vast scale — it boasts 200 million users with business users quadrupling in recent years — shows it’s becoming a valuable tool used for collaboration at the workplace. However, previous security breaches are forcing IT managers to proceed with caution. In 2012, Dropbox email addresses were successfully hacked and then used to send Dropbox users spam. In addition, Dropbox can put organizations at risk by not enabling them to comply with HIPAA, FERPA, SAS 70, ISO 9001, ISO 27001, or PCI certifications. As a result, many enterprises are forbidding the use of Dropbox – in fact, Dropbox is the number one banned application by Enterprises, according to a survey by Fiberlink.

A more sobering thought is that Dropbox is not the only collaboration solution that can be more easily compromised. Other cloud file sharing solutions such as Google Drive and Microsoft SkyDrive have similar limitations.

What Are The Risks?

The reason why Dropbox introduces security risks is that it does not include adequate security controls or monitoring. For example, Dropbox is typically not integrated with an organization’s DLP (data loss prevention) solution that ensures that only authorized users transfer files and that sensitive data, such as credit card numbers and patient data doesn’t leak from the organization. In addition incoming data is not scanned for viruses and malware, putting the receiving organization at risk. Dropbox also does not include a full audit trail of which files were transferred, when and by whom, which is essential for documenting compliance to industry regulations.

With the popularity of Dropbox, IT managers can assume that employees are using it even without official approval, and as a result sensitive data is already exposed. This data might remain on the cloud forever without any control or monitoring. Hackers are aware that Dropbox can contain important data and often make breaching Dropbox a high priority target and they will do whatever it takes to access this information.

Despite the risk, users are not likely to volunteer to give up using Dropbox on their own. Email systems in most organizations don’t enable the transfer of large files (10MB and over), forcing employees to find other alternatives. When users need file sync and share services to collaborate with business partners, remote users and customers, Dropbox is easy to use and the most accessible solution available. If the organization does not provide its users with an easy to use file sync and share solution, then users will find creative, unofficial ways to share their data, which will most likely include Dropbox.

There are other proprietary solutions available as an alternative to Dropbox, but they often add a level of complexity which users resist when they are under pressure to transfer a file. These system include encrypting passwords, requiring recipients to install specialized software, and other additional steps that complicate the process of file transfers and can force users to go back to Dropbox.

Making Dropbox Secure

Rather than replacing Dropbox, another layer of security can be added that would enable organizations to control which files are uploaded to Dropbox, and who has authority to share these files. An open solution that integrates easily with existing security tools of the organization such as DLP, anti-virus and authentication systems and Dropbox would enable all data shared to undergo authentication, data scanning and data encryption. These additional precautions significantly reduce the chances that data shared using Dropbox will be compromised.

Such a system would also include a full audit trail of who transferred which files, enabling compliance in the healthcare, insurance and banking industries and over a dozen regulations including PCI DSS and HIPAA. Providing additional checks and balances can also be used for automated file transfers. This enhances IT productivity and reduces operational costs, by streamlining business processes which were previously done manually using standard file transfer solutions. Perhaps the most significant benefit is that files can be shared easily among partners, suppliers and customers, without requiring additional software or procedures on the receiving end.

According to Gartner, by 2015, about 20 percent of current enterprise content management use cases will be fulfilled by cloud file sync and share services rather than traditional tools. The simpler the solution, the greater the chance that employees will use it. If they are required to change their habits too much there is always the risk that they will be tempted to go back to using Dropbox unprotected. By using security systems with add functionality to Dropbox to make it more secure, employees can do their work with the least amount of disruption, giving IT managers peace of mind knowing that their sensitive corporate data is well protected.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish