DropBox has been in the press quite a lot lately with regards to passwords breaches and also with surreptitious behaviour with regard to machine security on Mac. Although DropBox has started to reassure users with ‘how secure we are‘ type information Corporate IT departments will again feel they have cause for concern with regards any internal corporate use of DropBox.
So the key question we are trying here is ‘just do do you solve a problem like Dropbox‘ ? Indeed this is a slightly unfair question in that it is using DropBox to make a point and the reality is we could have picked on one of several cloud storage services as Corporate IT has misgivings with anything Cloud when it relates to files.
Lets break this down and take a look at different steps that can be taken with regards security, visibility and governance:
Firstly, perhaps Corporate IT wants to implement a secure control on how DropBox is accessed. How to achieve this ? SME has a means to achieve this as part of its roll out, in which attempted DropBox link access will result in the user being told that they cannot be accessed and that they should contact Corporate IT for next steps which can be securely adding DropBox to the SME Enterprise Files Fabric for controlled access and use.
(You will note also from the screenshot above that another protective measure can be applied to prevent dropbox files being attached to emails in, for example, Microsoft Outlook. The user is forced only to share a secure link which can be controlled and audited).
OK, so perhaps a blanket denial is too extreme and too difficult to manage given how pervasive it is. DropBox ends up inside of the corporate firewall because it is useful and easy to use. If it is well entrenched and being used what other options do we have to give corporate IT the control they desire ?
Well first IT can abstract its use. Storage Made Easy Enterprise File Fabric enables DropBox to be deployed within a company but without direct access to the DropBox accounts. The user simply sign in using their corporate AD or LDAP authentication details and gains access to storage / data resources allocated to them by internal IT. One of these data resources can of course be DropBox. This abstraction can be an easy way to control access to DropBox and is great if the employee is temporary, perhaps a contractor for example. Employees gain access to corporate DropBox data in a controlled way.
Any interactions with DropBox are also audited and logged, as are any links users share so there is a full compliance trail:
One of the big threats today in IT is a Ransomware attack. When this occurs then files overwritten in a DropBox folder can be written back to DropBox and if there are no prior versions of these files then they are essentially lost. The way SME solves this is by enabling the ability to have what we term as an ‘archive provider‘ that can archive all data stored on DropBox. Each file is stored as ‘new’ so prior versions are always available. The archive provider files can also be stored on cheap commodity storage infrastructures such as Google Nearline or Amazon Glacier.
Another threat that can be mitigated is the storing of sensitive documents on DropBox (or indeed any public Cloud Storage). SME mitigates this by implementing streamed encryption for nominated folders resulting in files being encrypted prior to being stored on DropBox. The key is held by the end user and needs to be supplied prior to the file being able to be downloaded. If the file is downloaded direct from DropBox it will not be able to be opened.
These are some of the ways that Storage Made Easy can aid corporate IT in the security and use of DropBox in a corporate environment. If you would like to know more then please feel free to contact us.