​Dropbox delivering on safe collaboration

In just a few short years, file sync services such as Dropbox have become an essential part of the business landscape. As well as making life easier for mobile porkers, needing access to their documents from multiple devices as they move around, they’ve become a foundation component for collaboration services.

Over recent months, Dropbox has added collaboration space with the release Dropbox Paper, to complement their integration with other applications.

Rob Baesman runs Dropbox’s enterprise product development. He says the company has focussed on simplifying the way people work together.

“We’ve heard our customers asking, more and more, help me put more of my company’s information into Dropbox,” he says.

The challenge, he says, doing that in a way that works securely while scaling. It also means finding ways to bring more security into the product with third parties through API integrations. And he sees Dropbox’s advantage as its ability to work across multiple applications and productivity stacks securely. This is particularly important, he says, when business partners don’t use the same platforms. Dropbox provides common ground for information sharing and collaboration.

Of course, it’s not all been smooth sailing on the security front. Dropbox has suffered some security challenges, such as the 2011 incident where user accounts were left wide open for several hours. However, things have matured since then.

“What are we, at Dropbox doing on our secure infrastructure. What are we doing for business users to have better control and visibility into what’s going on with their Dropbox usage,” says Rajan Kapoor, the Senior Manager for Trust and Security at Dropbox.

Kapoor says cloud services have matured. With almost every cloud service “taking their share of lumps”, many lessons have been learned. In his view, many of the data dumps we see, coming from hacks, tend to be from older hacks. And while other industries, such as retail and utilities, have been hit, cloud providers have been far safer over recent years.

“We do have to keep investing in our cloud security organisations so we can stay ahead of threats as the landscape evolves. We’re bringing security engineers with cutting edge knowledge and experience in security engineering”, says Kapoor.

Baesman says one of Dropbox’s advantages is that so many people are already using it personally. This means IT teams have an advantage in deploying it. But partners and value added resellers can deliver greater visibility over the environment through add-on products and services. So, while the Dropbox platform is secure, there is visibility in how it is used so the business can monitor the movement of data.

Given the many challenges that mobility brings to security, Baesman says the ability to use Dropbox with DLP and SEIM tools helps it act as a “fabric” that supports secure collaboration and information sharing.

“Instead of bring security to all those applications by extension, you now additional visibility and control over all that,” he says.

One of the things Kapoor noted was that the DLP challenges faced by companies “transcend the borders of Dropbox”.

“DLP is a challenge wherever your data exists. If Dropbox was to develop a DLP solution for Dropbox, we wouldn't be fixing the problem for our customers. We would be creating a silted DLP solution. And they would still need to protect their other data stores and services,” says Kapoor. “You want to be able to drop in the best-in-breed solution services”.

One of the issues Kapoor noted was some poor security practices such as password re-use, weak passwords and other issues. As a result, they are strongly encouraging the use of two-factor authentication and integration with enterprise single sign-on solutions.

“We want to let the customer bring the security apparatus they want to use with Dropbox,” adds Kapoor.

Baesman and Kapoor we coy when we asked about Dropbox’s future plan. Baesman says “We see a need and desire to make adopting good security best practice simple”.

With recent investments and research, Dropbox is looking for ways to help businesses make their data as safe as possible.

Join the CSO newsletter!

Error: Please check your email address.

Tags API integrationdropboxSafe collaborationmobile securityDropbox PaperAPIsmobile devices

More about DLPDropbox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place