Is Dropbox secure?

Dropbox can be a useful file-sharing service, but is it really fit for use in business?

Dropbox was, for a long time, the go to example when people wanted to talk about shadow IT. Fast, convenient and free, it became almost the de-facto way for employees to share documents with colleagues and access them outside of work.

But this convenience came with a price - low security. While this may not be so much of an issue when users are dealing with their own personal data - it is, after all, their own information to use as they wish - it can present serious consequences for businesses, both from a regulatory and an operational perspective.

Since then, Dropbox has made serious attempts to "go straight" in the business space, introducing Dropbox for Teams - now Dropbox for Business - and emphasising security with features like single sign-on (SSO), remote wipe and audit logs.

Yet the question remains - is Dropbox really secure? Can a consumer service retrofitted for the business space ever be safe enough?

Advertisement
Advertisement - Article continues below

First, it is important to realise that there is no such thing as total security.

It has become a clich among the security community to say "it's not if you suffer a breach, it's when" and while this, in my opinion, is a slight over exaggeration, it is reflective of the fact nothing can ever be 100 per cent secure, be it Dropbox, products that were built from the ground up for business, or your own internal systems.

The question, then, becomes "does this product offer an acceptable level of risk?"

The truth is that, despite its reputation as a spreader of data insecurity within companies, Dropbox for Business can be equally as secure as other solutions, including rivals such as Box, Mozy, SugarSync, Acronis or even Amazon S3. Like them, it offers SSL/TLS encryption for data in transit, AES encryption for data at rest, as well as admin features like SSO, two-factor authentication (2FA), remote wiping and shared audit logs.

It has also seemingly recognised the original "shadow IT" problem it created and in 2013 it began to offer personal and professional account linking.

Ilya Fushman, who at the time was head of product, business and mobile at Dropbox, said the feature had been introduced as a result of people being forced to put personal files in their Dropbox for Business account to access them at work.

"As we got more excited about building more features for Dropbox for Business, we kept running into the same problem: just as people often work at home, they also want to have their personal files with them at the office. We needed to build a way to help people keep their stuff separate, but still make both sets available from everywhere," Fushman said in a blog post.

"Each Dropbox will be properly labelled for personal or work, and come with its own password, contacts, settings, and files," he added.

But any solution is only as secure as its weakest link, and at this point it is in the hands of the IT administrators to bring in both a user education programme and the appropriate processes to ensure what data is stored where is compliant with legislation.

Dealing with the latter of these two points first, just because Dropbox is "secure" does not mean it is secure enough to comply with data protection legislation for certain types of data. For example if there is personally identifiable information or data that has to stay within the UK or EU then Dropbox would likely be unsuitable, as all its data centres are located in the US.

Advertisement
Advertisement - Article continues below

Therefore, other data management tools should be put in place to prevent data of this kind from being transferred into Dropbox, or any other inappropriate storage service or device.

Education is an important part of reinforcing security in any setting. When it comes to Dropbox, IT administrators should explain to users how to use Dropbox for Business and its various collaboration and sharing features safely, as well as helping them to link their personal and business accounts if they wish to.

Any restrictions, from not putting business information into their personal account to being prevented from adding certain files to Dropbox at all, should be clearly communicated, both to avoid any accidental breaches and reduce frustration.

So, is Dropbox secure? Well, depending on your appetite for risk, yes it can be - but admins still have their part to play in ensuring that security.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/nas/27920/best-nas-drives
network attached storage (NAS)

Best NAS drives 2019

26 Apr 2019
Visit/cloud-storage/32814/dropbox-business-advanced-review-first-rate-filesharing
cloud storage

Dropbox Business Advanced review: First-rate filesharing

22 Jan 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019