Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Dropbox for Business security explained: is it enterprise ready?

John E Dunn | June 24, 2016
Dropbox now offers enterprise features but they need better separation from its Business service

Dropbox Enterprise v Business

The two are essentially identical, offering similar user account space, admin and collaboration tools, integration with third-parties via Dropbox's Business API, and even user migration (see below).  Enterprise extends the analytics possible on usage and collaboration as well as being designed to manage much larger teams. Dropbox Business has three tiers: Basic, Pro and full-blown Business, with the first two imposing a limit on file recovery of 30 days.

Datacentres: With the ending of the Safe Harbour Agreement covering data transfers between the US and Europe and ongoing uncertainty over its replacement, the EU-US Privacy Shield, Dropbox announced plans to host customer data within a new datacentre in Germany by Q3 2016 running on Amazon Web Services (AWS).  This aspect of the service is still clearly being developed. Compliance: HIPAA, ISO 27001, ISO 27018, and SOC 1, 2, and 3.

Dropbox - migrating 'shadow' accounts

A concern when adopting Dropbox is that some employees might already have been using the service on a shadow IT basis to store business files, precisely the sort of security risk that prompts enterprises to adopt an in-house deployment in the first place. The first task, then, is to identify these accounts, in theory not an easy task. However, Dropbox Business/Enterprise offer capture tools to identify existing accounts and move them within the admin space of Business or Enterprise as well as the ability to import them from Active Directory, LDAP or third-party identity providers.

In BYOD environments, users can use both personal and work accounts from the same device with full data separation. Access to personal accounts from work systems is enabled by the admin.

Dropbox - authentication and SSO

As with most big-brand services, authentication support offers two-step verification which receives PIN codes either via SMS texts message or using a mobile app or, alternatively, through Single Sign-on and an identity provider: Google Apps, Auth0, Ping Identity, OneLogin, Symantec Identity: Access Manager, Salesforce and a defined list of providers work out of the box.  Using SSO obviously requires new users to be registered with those services first. Two-step verification would suit smaller Business users while SSO will be the preferred option for Enterprise because it allows more complex authentication options to be set.  

Dropbox - data control

Admins can enable file sharing for external users through a link with edit or read-only access as appropriate. Passwords can also be set with expiration dates for files while access can be revoked on an individual or team basis. Unlimited previous versions of files can be retrieved.

Dropbox - data encryption

A vexed issue with cloud storage providers. Files are transferred across SSL/TLS encryption and stored at rest using 256-bit AES in 4MB chunks. As with every cloud service, this sort of default security allows employees to gain access to the data under defined circumstances or if requested to though a signed warrant. From 2016, UK data will be held inside a European datacentre.

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.