Q

With its new security features, is Dropbox safe for enterprise use?

Do Dropbox's new 'enterprise-grade' security features make it safe enough to leverage in the enterprise? Expert Michael Cobb offers his analysis.

My organization has always been wary of allowing employees to use Dropbox, but I heard that it is coming out with some new enterprise-grade security features. Is Dropbox safe now? What are the new security features and do they actually improve Dropbox security? Should they affect how we assess Dropbox risk?

Ask the Expert

SearchSecurity expert Michael Cobb is ready to answer your security questions – submit them now! (All questions are anonymous)

Cloud and collaboration services are a mixed blessing for enterprises. While many of them result in productivity gains, putting enterprise data in the hands of third parties always opens up the possibility of data leakage. Many organizations resist the use of information-sharing services such as Dropbox because it lacks permissions and security controls that would allow administrators to retain control over company data. In an effort to make its service acceptable for business use and to compete in the lucrative enterprise market, Dropbox Inc. has announced a variety of new security features for IT administrators.

The key change in "Dropbox for Business" is that both a personal and a corporate account can be used on one device. While all of a user's folders are combined into one account for convenience, they're divided into two containers: A personal folder for private data and a business folder controlled by the user's IT department. This allows administrators to remove an employee's access to certain files should they leave the company or change jobs within the organization. A user's business folder can also easily be moved to another user through an account-transfer feature, which can be useful in certain scenarios (for example, moving an existing folder to the replacement for an employee who is leaving). Dropbox for Business also integrates with Active Directory, making it possible to quickly add or remove Dropbox users across a company. The product's Remote Wipe function protects data if a device is stolen and makes sure employees can't still access old business files on their device once they leave the company.

Dropbox for Business also offers a new Sharing Audit Logs tool that provides audit capabilities and allows administrators to see exactly who is sharing what with whom and when. This makes it easier to keep track of the apps linked to the account, check user permissions and revoke access remotely if necessary. Admins can also block the sharing of certain files outside of specific teams or prevent employees from having their personal files accessible on their work computer.

The new Dropbox for Business client will be rolled out in early 2014. If employees already have separate business and personal accounts, they will be able to combine them with the new app.

Dropbox's storage complies with the U.S.-EU Safe Harbor framework and is SSAE 16/Soc 1, Soc 2, ISAE 3402 and ISO 27001 certified, and supports SAML-based single sign-on and directory integration.

The extensive redesign of how Dropbox works means it may now meet many enterprises' data protection and compliance requirements. However, as with any third-party service, a full risk assessment should be carried out and all service level agreements should be reviewed before adopting Dropbox. Rivals in this space include Box, Amazon WorkSpaces and Google Drive, which includes secure remote collaboration, a feature absent in Dropbox.

I would suggest taking each possible product for a test drive with a group of security-minded employees to see which best fits enterprise needs. Organizations must ensure a security policy is in place that covers data in the cloud and clearly communicate this policy to employees who will be using the service. Also note that not every employee will need a cloud storage account.

This was first published in February 2014

Dig deeper on Web Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close