News

10:02 AM
Connect Directly
RSS
E-Mail
50%
50%

5 Dropbox Security Warnings For Businesses

Recent Dropbox hack showed the risks of storing unencrypted, sensitive information on cloud services. Understand these security points.

4. Treat Dropbox As A Public Repository

Until Dropbox adds those stronger security measures, and all employees adopt them, businesses that use Dropbox should inform employees that anything they upload to the service will be treated as "public"--that is, as if it was published to a public Google Group, Yahoo mailing list, or the like.

"If there's any information you're worried about, you're better off encrypting those files before you upload them. But that adds another layer of work for users, and users are lazy," said the threat intelligence manager for Trustwave SpiderLabs, who goes by "Space Rogue," speaking by phone. "It annoys me that companies rely on third-party services like [Dropbox], but that's the way that businesses are going."

Other security experts agreed with that assessment. "Anything that is really sensitive or extremely valuable or needs to be kept very secret, I wouldn't store on anybody else's servers," said Marco Arment, the creator of Instapaper, on his blog. "That, to me, seems ridiculous unless I held the encryption keys--like with the online backup service that I use."

5. Insider Theft: Can You Detect It?

One of the biggest information-leakage threats facing businesses, besides external attackers, is malicious insiders. Thus, when weighing if and when employees can use Dropbox, ask whether your business would be able to detect information exfiltration while it's happening or after the fact. "As an old IT guy, having my employees use something like Dropbox--where the files are no longer accessible to the IT department--makes me very, very worried. Because as an IT guy responsible for data, I want ... to know that if someone gets fired, I still have access to all of that information," said Trustwave's Space Rogue.

Accordingly, businesses should consider restricting employees to use only centrally managed file-sharing services. "If I was looking to get a third-party file-storing service like that, I'd want to ensure that I had admin access to all of that data," he said.

The only catch, unfortunately, is that instead of being baked in, decent cloud security can be a costly add-on. Dropbox, for example, now offers Dropbox for Teams, which adds centralized administration, better security, as well as Active Directory integration. But the cost of the service starts at $800 per year, for just five users.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sconaty
50%
50%
sconaty,
User Rank: Apprentice
10/15/2013 | 8:22:26 PM
re: 5 Dropbox Security Warnings For Businesses
Another option is http://safeboxapp.com. It also encrypts encrypts your content before it is synced to the cloud by Dropbox.

Unlike some of the other tools mentioned in these comments, Safebox doesn't require you to setup an account (disclaimer, I am on the Safebox development team).
John @ FileCatalyst
50%
50%
John @ FileCatalyst,
User Rank: Apprentice
11/20/2012 | 7:29:18 PM
re: 5 Dropbox Security Warnings For Businesses
The B2B file transfer solutions are usually branded under "Managed File Transfer".
There is a number of forums and groups that discuss these issues in depth. Take a look at the LinkedIn Managed File Transfer Group located here http://www.linkedin.com/groups...

There are many vendors that provide software solutions in this space, FileCatalyst is one of these vendors.
Jason Miller
50%
50%
Jason Miller,
User Rank: Apprentice
8/15/2012 | 4:21:09 PM
re: 5 Dropbox Security Warnings For Businesses
There are other options to use with Dropbox or any cloud service, like secreteSync to add an extra level of encryption, the above points are important- there are options to help protect what is placed in the storage.
tonypry
50%
50%
tonypry,
User Rank: Apprentice
8/14/2012 | 6:25:57 PM
re: 5 Dropbox Security Warnings For Businesses
To be a proper business cloud service, security must be the fundamental building block in designing the product. Suggesting that you get that in the Dropbox for Teams product by simply adding a 3rd Party product like Okta for Active Directory integration, which adds further to the $800 cost, does not hold true. It provides authentication, but none of the important group policy functions used by IT departments.

Tony
www.exsafe.net
Claudius
50%
50%
Claudius,
User Rank: Apprentice
8/14/2012 | 4:44:55 PM
re: 5 Dropbox Security Warnings For Businesses
Especially for part 4 (and of course for other reasons), it is important to make sure the files uploaded to Dropbox or other cloud storage services are client-side encrypted. Because even if the files will once be available to the public, the public won't be able to decrypt and use the files.
Our free tool cloudfogger ( http://www.cloudfogger.com ) provides that for al major cloud storage services.

Claudius from Cloudfogger
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Slideshows
Twitter Feed