Bring-your-own-device policies and a more mobile workforce are putting new pressure on IT and altering the requirements for how employees want (and need) to access corporate data. Dropbox has millions of users and has established itself as the undisputed leader in mobile file access.
Now since so many people use Dropbox for personal reasons, it has found its way into the workplace. This is unfortunate because these companies are putting their data at risk by storing it in a public cloud alongside millions of others. Regrettably, what works for family photos does not work for corporate files. In most cases, Dropbox’s consumer services are quick to install and simple to use, but it presents an unacceptable level of security, legal, and business risk in a business setting
Here are some risks that Dropbox pose to your company;
- Loss Of Data
Due to a lack of visibility into the movement of files or file versions across end-points, Dropbox may backup (or fail to backup) files modified on an employee’s device incorrectly (or not at all). If an end-point is compromised or lost, the inability to restore the most recent version of a file, or any version for that matter, can result.
- Data Theft
The majority of Dropbox’s issues stem from a lack of oversight. Business owners have no knowledge of when a Dropbox instance is installed and have no control over which employee devices can or cannot sync with a corporate PC. The use of Dropbox may allow company data to be synced (without permission) across personal devices. These personal devices, which accompany employees on public transportation, in coffee shops, and with friends, increase the likelihood of data being stolen or shared with the wrong parties exponentially
- Cases in Court
Dropbox gives employees complete control over the ability to permanently delete and share files. This can result in the permanent loss of critical business documents as well as the sharing of confidential information, which may violate privacy agreements with clients and third parties.
- Loss of file access trail.
Dropbox does not keep track of which users and machines accessed a file and when. This can be a major issue if you’re trying to figure out what happened before a file was created, modified, or deleted.
- Accountability issues
Dropbox can result in a loss of accountability over changes to user accounts, organizations, passwords, and other entities if detailed reports and alerts over system-level activity are not provided. If a malicious administrator gains access to the system, hundreds of hours of configuration time can be lost if there is no alerting system in place to notify other administrators of these changes.
- Violations of compliance
Many compliance policies require that files be kept for a specific period of time and only accessed by certain people; in these cases, strict control over how long files are kept and who can access them is essential. Businesses that use Dropbox risk a compliance violation due to Dropbox’s lax (or non-existent) file retention and file access controls.
- Dropbox’s encryption capabilities are insufficient.
Because Dropbox is a public cloud, your confidential data may be completely exposed to cyber thieves. When your cyber security is breached, it can have legal and financial ramifications for your company, not to mention a negative impact on its reputation.
Conclusion
Many businesses have formal policies or discourage employees from using their personal accounts. However, while blacklisting Dropbox may reduce security risks in the short term, employees will eventually find ways to circumvent company firewalls.
The best way for businesses to deal with this is to deploy a company-approved application that allows IT to control the data while granting employees access to it.