Presented by Gladinet
Dropbox, probably the most well-known, consumer-oriented file sync and share service, recently reported an active base of more than 500 million users. Their data set has become so massive that 90 percent of it has been transferred from Amazon’s infrastructure to their own. Dropbox also plans to develop a private file sharing network. In other words, they have become successful enough that building a private cloud storage service and internet makes sense.
This pervasive use of Dropbox exposes enterprises to unacceptable security and control risks that are often overlooked or not well understood by employees as they succumb to its compelling convenience. In fact, I was recently having this discussion with a Managed Service Provider (MSP) who claimed that his Canadian customers had no compelling need for remote access since they left their work at the office (in stark contrast to their workaholic neighbors to the south, who know nothing but work). I challenged him to use his remote management and monitoring tool to check how many of his client endpoints have Dropbox installed. To his surprise, more than 20 percent had installed the productivity tool. He countered that most had probably installed for infrequent or even single use.
Here’s a brief overview of the resulting security threats that suddenly became much more interesting to him:
Large Attack Surface — “Hackers” have a lot to gain from hacking Dropbox. In a legal article titled “Why are People Still Using Dropbox for Business?”, Mike Batters goes on to say:
“In addition to these security issues, Dropbox has found itself in the spotlight time and time again as its ability to share files so easily has been put to use by cyber criminals. Dropbox public file links are commonly used to deliver Ransomware, such as CryptoLocker, and other Malware to users. As users see Dropbox as a trusted brand, they are more inclined to click links in random e-mails assuming they are safe and genuinely believing Dropbox has somehow “checked” the files are safe.
It’s a very simple and highly effective piece of social engineering on the part of the attackers, which works time and time again and should really be driving network security administrators to block Dropbox outright in corporate networks.”
Dropbox will always have a large target on its back. Mike Batters’ article quoted reports of 7 million emails getting hacked in 2014 which Dropbox later denied. Fast forward four years and there’s an even bigger breach which has been confirmed by several credible sources, including Dropbox. One scary thing about this announcement is that they knew about the breach and reported it to users in 2012, but did not realize the scope of the attack until 2016.
Data theft — Dropbox deployments are typically driven by employees. Business owners and IT managers may not be aware when Dropbox has been installed, and they may not have control over which employee devices can sync corporate information. This makes it much easier for data to become stolen by or shared with the wrong people.
Data corruption — CERN released a study which observed silent data corruption in one out of every 1500 files. Most businesses trust their service providers to make sure that their data maintains its integrity over the years, but consumer services like Dropbox offer no such guarantees.
Data ownership and location — This can be extremely important for customers who are required to or prefer to keep their data within a certain geographical area. For example, many European customers need to guarantee that certain classes of data remain in their home country or in the EU. These customers find that Dropbox is unable or unwilling to provide those kinds of assurances. CentreStack offers self-hosted software that maintains data ownership and lets you control where it is stored.
Lawsuits — Dropbox allows employees to permanently delete and share files. This can result in inadvertent violation of confidentiality agreements with third parties or the permanent loss of critical business data.
Compliance violations — Dropbox has limited file retention and access controls which can result in violation of compliance policies that require files be held for a certain amount of time or only be accessed by certain people.
Loss of accountability — Without auditing and reporting, a malicious admin or user could make significant changes to the system that might undo or undermine hours of setup time.
Loss of access — Dropbox may not track who has modified a file or when they made changes which can cause major headaches when trying to audit file modification events that lead to bad outcomes.
CentreStack combines security, control and productivity
The CentreStack platform provides the opportunity to expose and resolve enterprise security and compliance threats introduced by the pervasive use of Dropbox.
See how here and contact us to learn more.
Franklyn Peart is Co-Founder of Gladinet.
Sponsored posts are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact firstname.lastname@example.org.