"Dropbox is vast (it probably should be called Chasmdrop). Boasting over 200 million users - growing four-fold among business users in the last few years - it's not only a great way to get pictures off your phone and onto Facebook, it's an amazing tool for file sharing and workplace collaboration.
But like a giant hole in the earth, it did have a hole, and it was hacked, email addressed obtained, spam sent, the usual, low-level hacker job that leaves IT heads stratching their heads. Unfortunately, it also forced some companies, ones who must comply with HIPAA, FERPA, SAS 70, ISO 9001, ISO 27001, or PCI certifications at risk of being out of compliance. According to a survey by Fiberlink it's the number-one blacklisted or blocked app on business computers. Which, to us, makes little sense, hear us out'¦
Other cloud-base fire sharing services, like Google Drive and Microsoft Skydrive have the same problems, but they're not getting the bad rap that Dropbox has.
So, what are the risks? Dropbox is usually not integrated into a company's DLP (Data Loss Prevention) solution (mainly used for high-level security: sensitive data, credit card numbers, patient information.) This makes IT nervous. It should make you a bit nervous, even if you're in Zoology. Instead of the incoming data being run through the company's virus and malware detection software, Dropbox isn't in the DLP, thus leaving a hole for hackers. And it's so popular, that unless it's a banned app, most company's users probably have it on their computers, making IT more justifiably nervous, and this popularity makes it all the more interesting to hackers, because they know that some of that dropped-off info has to be of the sensitive variety.
Better to ban the baby and the bathwater then, right? Wrong.
The case for Dropbox is simple: add another layer of security, especially one with an auditing trail. This would entail adding Dropbox to the DLP, and keep track of who's transferring what files and to where they are going. Even having Dropbox items run through a layer of encryption will help with the possibility of a breach. And having an auditing trail should keep companies that need to stay in compliance, well, in compliance with a ""paper trail"" of the transfers.
Dropbox should have some form of regulation in the workplace. File transferring services are expensive, and why not keep the most effective file transfer service (Dropbox) available for all? Employees are going to continue to use Dropbox. It's the path of least resistance, and it's a great path, adding some simple regulation and protecting the files that are transferred will keep everyone happy and productive. And keep IT less nervous, because IT has enough to worry about.
Keep Dropbox, just keep it safe."
