In just a few short years, file sync services such as Dropbox have become an essential part of the business landscape. As well as making life easier for mobile porkers, needing access to their documents from multiple devices as they move around, they’ve become a foundation component for collaboration services.
Over recent months, Dropbox has added collaboration space with the release Dropbox Paper, to complement their integration with other applications.
Rob Baesman runs Dropbox’s enterprise product development. He says the company has focussed on simplifying the way people work together.
“We’ve heard our customers asking, more and more, help me put more of my company’s information into Dropbox,” he says.
The challenge, he says, doing that in a way that works securely while scaling. It also means finding ways to bring more security into the product with third parties through API integrations. And he sees Dropbox’s advantage as its ability to work across multiple applications and productivity stacks securely. This is particularly important, he says, when business partners don’t use the same platforms. Dropbox provides common ground for information sharing and collaboration.
Of course, it’s not all been smooth sailing on the security front. Dropbox has suffered some security challenges, such as the 2011 incident where user accounts were left wide open for several hours. However, things have matured since then.
“What are we, at Dropbox doing on our secure infrastructure. What are we doing for business users to have better control and visibility into what’s going on with their Dropbox usage,” says Rajan Kapoor, the Senior Manager for Trust and Security at Dropbox.
Kapoor says cloud services have matured. With almost every cloud service “taking their share of lumps”, many lessons have been learned. In his view, many of the data dumps we see, coming from hacks, tend to be from older hacks. And while other industries, such as retail and utilities, have been hit, cloud providers have been far safer over recent years.
“We do have to keep investing in our cloud security organisations so we can stay ahead of threats as the landscape evolves. We’re bringing security engineers with cutting edge knowledge and experience in security engineering”, says Kapoor.
Baesman says one of Dropbox’s advantages is that so many people are already using it personally. This means IT teams have an advantage in deploying it. But partners and value added resellers can deliver greater visibility over the environment through add-on products and services. So, while the Dropbox platform is secure, there is visibility in how it is used so the business can monitor the movement of data.
Given the many challenges that mobility brings to security, Baesman says the ability to use Dropbox with DLP and SEIM tools helps it act as a “fabric” that supports secure collaboration and information sharing.
“Instead of bring security to all those applications by extension, you now additional visibility and control over all that,” he says.
One of the things Kapoor noted was that the DLP challenges faced by companies “transcend the borders of Dropbox”.
“DLP is a challenge wherever your data exists. If Dropbox was to develop a DLP solution for Dropbox, we wouldn't be fixing the problem for our customers. We would be creating a silted DLP solution. And they would still need to protect their other data stores and services,” says Kapoor. “You want to be able to drop in the best-in-breed solution services”.
One of the issues Kapoor noted was some poor security practices such as password re-use, weak passwords and other issues. As a result, they are strongly encouraging the use of two-factor authentication and integration with enterprise single sign-on solutions.
“We want to let the customer bring the security apparatus they want to use with Dropbox,” adds Kapoor.
Baesman and Kapoor we coy when we asked about Dropbox’s future plan. Baesman says “We see a need and desire to make adopting good security best practice simple”.
With recent investments and research, Dropbox is looking for ways to help businesses make their data as safe as possible.