As one of the most widely utilized collaboration platforms, Dropbox has no shortage of devotees. With the recent release of the Dropbox for Business API (and the rich security and administrative capabilities it affords), the cloud application provider has established themselves as a compelling enterprise solution.
We know Dropbox offers a number of valuable security features out of the box (no pun intended), including encryption at rest and in-transit, remote wipe and account transfer, and SSO and active directory integration. In short, they offer security at the infrastructure level.
That said, enterprises in highly-regulated verticals or with more in-depth data governance policies may look to complement Dropbox’s native security functionality with security capabilities around the data itself, users, and third-party applications – and now, with Dropbox’s APIs, they can. The following instances illustrate the situations in which behavioral security proves valuable.
Personal Use. Depending on the organization, mixing personal and professional usage of collaboration platforms may or may not be an issue. This becomes a concern when personal use begins to distract and overshadow the productivity boosting functionality that drove platform adoption in the first place. And while Dropbox’s 1TB per user allocation is generous, if a user is storing their catalogue of hi-def movies in their corporate Dropbox account, it may warrant some attention.
Oversharing. More likely than not, your users’ level of familiarity with collaboration levels is variable. This can lead to a “put everything in the cloud and share it with everyone” mentality that gives security operations professionals chest pains. Ensuring users are familiar with the differences between specific, domain-wide, external, and public exposure, as well as understand their security implications, can go a long way in reducing the exposure of sensitive data.
Data Sprawl and Explosion. The ever-expanding list of SaaS collaboration platforms users are leveraging in their personal and professional lives translates to a proliferation in data repositories. By providing easy-to-use corporate sanctioned options for employees, organizations can mitigate this sprawl of data.
While such centralization simplifies management, the associated increase in the volume of data in the cloud introduces a new location to detect and manage sensitive data, out of scope of traditional, on-premises data loss prevention systems.
Backup. The affordability and security of data stored in the cloud attracts many individuals to use Dropbox to store their backup data. While the benefits of automatic backup are undeniable, the possibility of users unintentionally uploading sensitive data is high. Be sure users comprehend the security concerns associated with automatic backup, and understand the scope of what they are backing up to the cloud.
Connected Apps. When users enable third-party applications to interact with their Dropbox account via OAuth, they afford the app privileges within the Dropbox environment. While these permissions allow for some great functionality, they still represent another access point to sensitive information. Should the third-party application be compromised, for instance, the hacker would be capable of leveraging the permissions granted to the app.
The next step. Be sure to check out our free eBook – Cloud Security: The Dropbox for Business Edition to:
- Understand data security considerations relevant to Dropbox
- Walk away with a series of actionable recommendations to build a cloud security program
- Master security-conscious best practices to share with your users
- Obtain sample cloud data protection policies to ensure strong data security and compliance