• 08/14/2012
    10:02 AM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

5 Dropbox Security Warnings For Businesses

Recent Dropbox hack showed the risks of storing unencrypted, sensitive information on cloud services. Understand these security points.

4. Treat Dropbox As A Public Repository

Until Dropbox adds those stronger security measures, and all employees adopt them, businesses that use Dropbox should inform employees that anything they upload to the service will be treated as "public"--that is, as if it was published to a public Google Group, Yahoo mailing list, or the like.

"If there's any information you're worried about, you're better off encrypting those files before you upload them. But that adds another layer of work for users, and users are lazy," said the threat intelligence manager for Trustwave SpiderLabs, who goes by "Space Rogue," speaking by phone. "It annoys me that companies rely on third-party services like [Dropbox], but that's the way that businesses are going."

Other security experts agreed with that assessment. "Anything that is really sensitive or extremely valuable or needs to be kept very secret, I wouldn't store on anybody else's servers," said Marco Arment, the creator of Instapaper, on his blog. "That, to me, seems ridiculous unless I held the encryption keys--like with the online backup service that I use."

5. Insider Theft: Can You Detect It?

One of the biggest information-leakage threats facing businesses, besides external attackers, is malicious insiders. Thus, when weighing if and when employees can use Dropbox, ask whether your business would be able to detect information exfiltration while it's happening or after the fact. "As an old IT guy, having my employees use something like Dropbox--where the files are no longer accessible to the IT department--makes me very, very worried. Because as an IT guy responsible for data, I want ... to know that if someone gets fired, I still have access to all of that information," said Trustwave's Space Rogue.

Accordingly, businesses should consider restricting employees to use only centrally managed file-sharing services. "If I was looking to get a third-party file-storing service like that, I'd want to ensure that I had admin access to all of that data," he said.

The only catch, unfortunately, is that instead of being baked in, decent cloud security can be a costly add-on. Dropbox, for example, now offers Dropbox for Teams, which adds centralized administration, better security, as well as Active Directory integration. But the cost of the service starts at $800 per year, for just five users.


re: 5 Dropbox Security Warnings For Businesses

Especially for part 4 (and of course for other reasons), it is important to make sure the files uploaded to Dropbox or other cloud storage services are client-side encrypted. Because even if the files will once be available to the public, the public won't be able to decrypt and use the files.
Our free tool cloudfogger ( ) provides that for al major cloud storage services.

Claudius from Cloudfogger

re: 5 Dropbox Security Warnings For Businesses

To be a proper business cloud service, security must be the fundamental building block in designing the product. Suggesting that you get that in the Dropbox for Teams product by simply adding a 3rd Party product like Okta for Active Directory integration, which adds further to the $800 cost, does not hold true. It provides authentication, but none of the important group policy functions used by IT departments.


re: 5 Dropbox Security Warnings For Businesses

There are other options to use with Dropbox or any cloud service, like secreteSync to add an extra level of encryption, the above points are important- there are options to help protect what is placed in the storage.

re: 5 Dropbox Security Warnings For Businesses

The B2B file transfer solutions are usually branded under "Managed File Transfer".
There is a number of forums and groups that discuss these issues in depth. Take a look at the LinkedIn Managed File Transfer Group located here

There are many vendors that provide software solutions in this space, FileCatalyst is one of these vendors.

re: 5 Dropbox Security Warnings For Businesses

Another option is It also encrypts encrypts your content before it is synced to the cloud by Dropbox.

Unlike some of the other tools mentioned in these comments, Safebox doesn't require you to setup an account (disclaimer, I am on the Safebox development team).

Secure and control the files you share on Dropbox

I think that if you use Dropbox to store professional or personal files and you want to share them with other people, you need an extra tool to prevent unwanted information leakage.

I use Prot-On because i can decide who and when access my documents and track document use.

Pretty scary result with "LAN sync"

It's not only about Data leach weaknesses, but also the way Dropbox works (billateraly), that makes it a possible danger for our data.

This week I happened to see 5k files "vanish" after I launched Dropbox on both computer 2 (that had an older version of ~8GB documents, and the main computer.

After Dropbox on both computers say "up to date", I soon noticed some folders and documents where missing on computer 2. « That's strange! Well OK, since the're still on my main machine I'll sync them another way. » Then I realized the data had been deleted on computer 1 as well, GASP!

Run to, login, and go to "Events": and amongst many events, read « You deleted 4973 files. » WTH? While on I opened a folder then another etc (tells it to display the deleted files): each one had a random number of deleted folders and files.

I'm so glad I had a backup from that day! While technically possible, restoring from by myself would have been unrealistic with hundreds of folder to open and restore one after the other.

For the record, rsync from the backup says it all:

Number of files: 36,552 (reg: 34,701, dir: 1,573, link: 278)
Number of created files: 5,496 (reg: 5,040, dir: 427, link: 29)
Number of deleted files: 0

Meaning that 5.496 files were deleted on computer 1 in the Dropbox process.
Is it a bug in Dropbox's "LAN" feature? or should I have done another way? Meanwhile I'll never even think of Dropbox as a backup app (nor a real sync one).

Re: Pretty scary result with "LAN sync"

You might find this blog interesting...Do you use Dropbox or Box to backup your most important files and share them with your co-workers or friends? If so, you might just be sharing them with somebody else you've never even met - See more at: