Is Dropbox fit for business?

Dropbox logo

For IT departments, the problem used to be external files brought in to the workplace from home on a floppy disk. Then there was the rise of the USB memory stick.

These devices had a habit of housing not only PowerPoint presentations that had been sweated over into a business environment, but also a veritable collection of nasties that may have assembled on said worker's computer.

It was a scary time, and it's hard to find an IT manager who doesn't still break out in a cold sweat when a USB key is produced.

However, the USB pen drive appears to have had its day, thanks to the continuous rise of cloud services, like Dropbox.

The cloud storage company's servers, and those of others like it, fight to keep data secure and encrypted, leaving just an individual's files where, in theory, they're supposed to be.

Yet has the phenomenal growth of Dropbox come at a price, and have IT departments just traded one security risk for another?

How We Got Here

Dropbox was one of a small number of now major services that ended up being the right service at just the right time. At the point when cloud computing services were being talked about, yet rarely deployed by SMBs and mid-sized businesses, here came a service that encapsulated many of the benefits with precious little fuss.

Courtesy of an entry-level free package that came with 2GB of storage and lots of ways to expand that in exchange for spreading the word, Dropbox has accrued over 300 million users since its launch in 2008. That includes more than 4 million businesses using the service.

To many of those users, it's become a vital workplace resource. More reliable than a flash disk (with less chance of it getting left in the back of a taxi), the service is used by people as the main place to store their work files for easy access from pretty much anywhere.

The service's appeal is it that it's just so simple to use. You drop a file in a folder, and it's instantly synchronised to every other machine linked to the same account. With most professionals carrying a tablet and pretty much everyone owning a smartphone, that means work can be carried around without relying on email attachments or time-consuming file transfers.

Packages range from the 2GB entry-level free subscription, through to Pro packages offering up to 500GB space, and business-focused offerings supporting up to 5TB of data (and sporting a price tag of more than $30,000 a year).

The entry-level free package is perfect for those just looking to shift files from one place to the other, and the truth is Dropbox may have effectively replaced the 2GB flash drive, which businesses were quick to ban. But it's also brought with it one or two extra security risks as well.

The obvious one is offset a little by the way Dropbox goes about its business. There have been moments where Dropbox has been inaccessible, and for people relying on the service for day-to-day work, this was a massive problem. A service like this has to be reliable if it is to achieve what its promising users.

The desktop client at least encourages users to keep a local version of their files. So, even though the cloud-based part of the service was faulty, the majority could still access their work.

It wasn't so easy for those relying on online access, or who use more selective syncing methods, though.

Compromised?

But there is a bigger problem. Unsurprisingly, many businesses have expressed concern at the idea of an individual's personal cloud storage service being resident on their work machines.

Notwithstanding the obvious distraction issues of having non-work material residing on business machines (as well as the presence of a third-party piece of software which, to be fair, most business networks can easily block), there's a sizeable issue the other way too, as important business materials are stored in a personal cloud.

This is part of the larger problem associated with the issue of BYOD, which has been a point of contention for businesses and their employees in recent times. Dropbox and other cloud storage services has been an incredibly valuable resource for the rise of remote working and collaboration between teams spread across different parts of the country or even the world.

How, do you police that? Are you cleanly allowed to effectively monitor someone's personal files, even if they're stored and/or accessed on a business machine? Furthermore, what happens when that worker leaves? How can a business retrieve its files? Is it allowed to go into that Dropbox account and make sure nothing business critical is following that employee out of the building?

The Dropbox website claims that files are stored using 256-bit AES encryption, with SSL for security with data transfers. It also says you can unlink lost or stolen devices to prevent snooping.

But Dropbox does not currently have compliance with a range of standards, such as HIPAA, FERPA and SAS 70. These are straight deal breakers for some organisations, who require a level of security and certification in place in line with their own policies.

Control and encryption are crucial. Dropbox argues that it complies with the US-EU Safe Harbour Framework, and that it takes security extremely seriously.

Furthermore, there's a potential vulnerability. A compromised Dropbox account could potentially offer a way into a company's network. This, in turn, opens up malware and data security issues.

Not for nothing are many IT managers and directors concerned at the huge growth Dropbox is experiencing.

USB sticks could be managed a lot easier. Furthermore, there's the inevitable concern over material being held on third-party services.

Does a business want valuable, critical information, on the servers of an independent company, to whose backend it does not have access?

It may sound like scaremongering, but public service institutions have been fairly brutal in blocking cloud services - including Dropbox.

As IT Pro reported back in June 2013, 54 per cent of UK councils have stopped access to cloud services such as Dropbox for users. Is that paranoia, a legitimate security concern, or common sense?

Policies

That said, with the right policies in place, most businesses can comfortably manage the overwhelming number of potential risks Dropbox poses.

Furthermore, for the majority of users, for the majority of the time, Dropbox is fine. More than fine, in fact. It's taken removable storage out of the office, cut back on large e-mail attachments, and proven to be a hugely convenient way of moving files between A and B.

Such is Dropbox's dominance that you'd be forgiven for thinking it was the only cloud storage player in town. With the likes of iCloud, SkyDrive, Box and Google Drive (to name but a few), other services are taking a chunk of the market, and the demand for cheap, reliable cloud storage is only growing.

Workers are simply demanding ways to make remote work simpler, and storing files on Dropbox means that they can instantly access what they were working on in the office, at home or on the train without even thinking about it. It saves time and fits in nicely with the current mood.

Still Evolving

Yet are we being too tough on Dropbox? It's a service that's still evolving, that's proven to package user friendliness with cloud technologies as well as the vast majority of alternatives.

Many businesses have managed the introduction of Dropbox to their servers cautiously, but don't bring the hammer down on it, and there are legitimate reasons for doing so.

Its usefulness can't be denied for many, and businesses do see an advantage to the convenience it offers.

But is it fit for business? To a point, it's hard to deny that it is. But as with most innovations of its kind, it requires careful and often overlooked management, to ensure the business feels the benefit, without the technical sting in the tail.

This article was first pubilshed on 02/08/13 and has been updated multiple times (most recently on 18/07/14) to reflect new information that has become available since its original publication.