Dropbox threw its hat into the enterprise ring last week when it exited beta, and made its Business solution available to workplaces worldwide. However, despite its claims that the solution is now ready for enterprise use, there are still plenty of red flags being raised about their security protocols and functionality, not least being their public cloud architecture.
The ongoing saga of the NSA data collection, started by Edward Snowden’s revelations, clearly illuminates that any data stored by a public cloud service is potentially subject to snooping by government agencies. In addition, public cloud file sharing services also expose customers to these additional data security risks:
Loss Of Control Over Data
Public cloud file sharing services, such as Dropbox, typically co-mingle data from different customers. While this provides Dropbox with storage economies it reduces the control a customer has on where their data is stored and who has access to that information.
Additionally, public cloud providers own the encryption keys to the data housed on their servers, rather than the customer, further increasing the risk of data exposure. For most enterprise organisations these risks are too great and lead corporations and government agencies to select private cloud file sharing for the additional data protection.
Security glitches have the potential to expose confidential data to hackers and other unauthorised users. When a security glitch at Dropbox removed password protection from all user accounts, tens of thousands of files were accessed. Dropbox customers have no idea how many of those files were compromised. Just this January, hackers claimed responsibility for shutting Dropbox’s service down for a few hours.
Users sharing confidential data, such as financial records, outside the approved and monitored processes defined by the IT department, put the enterprise out of compliance with regulations such as SOX.
And users at healthcare organisations can violate HIPAA by improperly sharing patient health information. Because Dropbox does not integrate with most DLP solutions, it limits the ability of enterprises to monitor the content of individual files, which can cause them to be non-compliant.
For most enterprises these risks are too great, and lead many to consider a private cloud file sharing solution. With private cloud file sharing, enterprises retain control and ownership of their data and the encryption keys to access that data. This means that the enterprise organisation is in control of who can access that data including any government agency that requests information or metadata.
Dropbox’s public cloud architecture is a large obstacle to winning enterprise deployments.