Solve the Dropbox
Problem with Enterprise
Content Connectors
Whitepaper | Solve the Dropbox Problem with Enterprise Content Connectors
An Accellion Whitepaper – Solve the Dropbox Problem with Enterprise Content Connectors
Executive Summary
Dropbox is one of the most popular services in
“shadow IT” and its use by employees has
created information security concerns for most
enterprise organizations. This whitepaper
provides an overview of the common
approaches taken by organizations to solve the
Dropbox problem and a recommended
enterprise solution for securing Dropbox while
enabling its use.
2
Whitepaper | Solve the Dropbox Problem with Enterprise Content Connectors
An Accellion Whitepaper – Solve the Dropbox Problem with Enterprise Content Connectors
Dropbox is Popular But Risky
Chances are, employees within your organization are using Dropbox for
sharing and syncing files, regardless of whether or not you have approved
its official use. Dropbox is one of the most popular services in “shadow IT”—
the products and services that employees adopt without IT approval. The
Dropbox service is used by so many businesses—including 95% of the
Fortune 500, according to the company's press releases—that your
employees may have adopted it if only to exchange information with
vendors, customers, or other external organizations who use Dropbox. By
2014, Dropbox had amassed over 300 million users. The odds are excellent
that some of these users work at your organization.
But regardless of the popularity of Dropbox, its use in the enterprise creates
substantial security risks. It was originally developed for people to share
personal documents, music, or family photos. In its design, convenience
trumps security. Dropbox makes file sync and sharing easy, but for years
has lacked basic security controls such as encryption and monitoring. Over
the years, the service has also suffered some embarrassing security lapses,
such as an outage in 2011 that left all files in the service without password
1
protection or monitoring for four hours. To this day, the company is unable
to say which files were accessed and by whom. After IBM audited the
distribution of its proprietary data and found confidential files such as
product plans widely distributed on the Internet, it banned employees from
2
using Dropbox. Other enterprises have followed IBM's lead and banned
Dropbox from their networks.
Dropbox has attempted to address some of these concerns by introducing a
new service called Dropbox for Business. Alas, the new service does not
meet many expected standards for data security. For example, Dropbox for
Business is available only as a public-cloud service. Enterprises do not have
the option of hosting the service in their own private clouds. And Dropbox
controls the encryption keys that are used to protect data, rather than the
enterprise. Dropbox for Business is a step in the right direction, but it still
falls short of the standards for security and control expected by enterprises,
especially those in regulated industries such as finance and healthcare.
You might be tempted to block Dropbox or may have already tried to do so.
But complaints from users probably quickly followed. If partners and
vendors are using Dropbox to share files, blocking Dropbox makes it harder
for your employees to work with those external parties.
For many organizations, Dropbox is a fact of life. Is there a way to make it
more secure, manageable, and compliant? Can Dropbox be made safe for
business?
1
2
http://readwrite.com/2013/04/10/dropbox-tries-to-lure-back-enterprise-customers
http://www.computerworld.com/article/2504123/byod/mobile-devices-bring-cloud-storage----and-security-risks----to-work.html
3
Whitepaper | Solve the Dropbox Problem with Enterprise Content Connectors
An Accellion Whitepaper – Solve the Dropbox Problem with Enterprise Content Connectors
Solutions to the Dropbox Problem
There are a number of ways that enterprises have attempted to resolve the data
security issues related to Dropbox. These solutions fall into three approaches:
Option 1 – The IBM Approach
The IBM Approach to solving the Dropbox Problem consists of blocking access to it.
By blocking the network port the service uses, and denying any access to the
system, as IBM did a few years ago, some organizations have taken a hard line
approach to rein in unauthorized storage of enterprise content in Dropbox. While
completely blocking the solution may provide greater data security for an
organization, it creates a number of other issues that decrease employee
productivity. One example of this is external vendors or partners who want to use
Dropbox to share graphics or event plans with members of your marketing team. By
blocking the network port, the marketing team is not able to access files shared with
them by external parties via Dropbox. As a result, employees seek workarounds for
sharing information with external vendors - decreasing productivity, and encouraging
team members to introduce additional ‘shadow IT’ solutions into their work
processes. As with many hardline approaches, blocking Dropbox has in many cases
exacerbated the problem of unauthorized, and unmanaged usage rather than
solving the problem.
Option 2 – The Ostrich Approach
Other enterprises have chosen to ignore the data risks involved with Dropbox usage
and have simply turned a blind eye to untracked and unmanaged Dropbox usage by
its employees. A survey of IT practitioners from the Ponemon Institute found that
62% of respondents knew of employees using their own private accounts to store
business data in public cloud services like Dropbox and Google Docs. Only 26% of
respondents said that these services were permitted. Not attempting to regulate data
sharing through an unsecure solution such as Dropbox means these organizations
are putting sensitive enterprise content at risk. While individual employees may be
increasing productivity using unsecure solutions such as Dropbox, they are at the
same time increasing data security risks for their organization. The ostrich approach
to Dropbox is not a solution, because it ignores the issue rather than resolving it.
Option 3 – The Accellion Approach
In considering the different ways that enterprises can address the Dropbox problem,
Accellion realized that an entirely new approach was needed when it came to
enterprise content. What if instead of trying to stop employees using Dropbox the
problem was turned on its head and reframed as how do we make Dropbox use safe
for business? As long as the IT team has auditing and logging control over
information why should it matter where enterprise content is stored? What if
employees were able to access and use whatever content systems they choose,
whether it’s an on-premise SharePoint server, or a cloud-based solution like
Dropbox. Instead of blocking access to certain content stores, what if employees
could use a single interface that lets them securely access content from any content
stored on any device. This is the solution Accellion provides via kiteworks and the
kiteworks Dropbox connector.
4
Whitepaper | Solve the Dropbox Problem with Enterprise Content Connectors
An Accellion Whitepaper – Solve the Dropbox Problem with Enterprise Content Connectors
The kiteworks Dropbox Connector
The kiteworks Dropbox connector enables enterprises to support content sharing via
Dropbox while bringing Dropbox activities into the secured and auditable
environment of kiteworks.
kiteworks by Accellion enables mobile employees to securely create, access, and
share up-to-date enterprise content, wherever it is stored. kiteworks provides content
connectors to a myriad of on-premise Enterprise Content Management (ECM)
systems, as well as public-cloud storage solutions including Dropbox.
The kiteworks content connectors make it easy for mobile workers to access and
share files from any cloud storage solution, ECM platform, and on-premise file store
all via a single interface. Users can quickly and securely view, edit, upload, and
share files from tablets, smartphones, laptops, or desktops. Additionally, users can
move, combine, and share content from multiple content sources with internal and
external users.
The kiteworks Dropbox connector ensures that all access to content stored on
Dropbox is managed securely through one interface, so IT administrators maintain
full control over access rights. With the kiteworks Dropbox connector, IT can monitor
all Dropbox file distribution and access by employees, and generate reports for
compliance and security audits. Files that were previously unmanaged and
unmonitored in services like Dropbox become trackable and manageable through
the kiteworks connector.
Using kiteworks to Work Securely with Dropbox
Configuring the kiteworks Dropbox Connector is easy. The IT administrator
installs the kiteworks Dropbox connector and configures it with the security
policies and access controls already in force in the kiteworks platform. When
users log in to kiteworks, they will be able to access Dropbox folders that are
shared with them by external parties and will also be able to access their own
Dropbox folders and files.
Users can:
•
Move Dropbox folders into kiteworks.
•
Share and email Dropbox files securely through kiteworks in compliance
with the organization’s security policies and access permissions.
•
Create kiteworks folders combining files from Dropbox, Box, OneDrive,
Windows File Shares, Home Drives, SharePoint, and other ECM
platforms.
•
Download, lock, update, and comment on Dropbox files and other files
in kiteworks folders.
•
Sync Dropbox files and other kiteworks files across mobile devices.
•
View metadata for any Dropbox file in kiteworks.
•
Collaborate with other internal and external users and share status
updates in an activity stream.
5
Whitepaper | Solve the Dropbox Problem with Enterprise Content Connectors
An Accellion Whitepaper – Solve the Dropbox Problem with Enterprise Content Connectors
Figure 1: Dropbox folders in the kiteworks platform. kiteworks gives authenticated
users access to all files in connected content stores
Figure 2: Users can select any files in their Dropbox folders and perform secure
operations upon them, such as downloading, sharing through a secure, trackable
connection.
6
Whitepaper | Solve the Dropbox Problem with Enterprise Content Connectors
An Accellion Whitepaper – Solve the Dropbox Problem with Enterprise Content Connectors
Figure 3: kiteworks users can create custom folders (such as Shared with Vendor
above) that combine files from multiple sources. They can edit and share those
files, view comments about them, and assign tasks in a secure, monitored
mobile-first environment.
The kiteworks solution
The kiteworks platform provides a central, comprehensive solution for securing data
access from all content stores both in the cloud and on-premise. When employees
access content through kiteworks, IT administrators can be certain that the content
access and use complies with security policies and best practices, and that content
distribution to internal and external users is monitored and logged. kiteworks gives IT
administrators full control and visibility into all content sharing and storage.
The kiteworks solution is designed for enterprise use:
•
A mobile-first design that supports the devices that workers prefer to
use. The kiteworks user interface was designed for tablets and
smartphones. The same interface is available on desktop and laptop
computers, providing a consistent user experience across devices.
•
Enforcement of existing access controls and other security measures.
kiteworks enforces the access controls of connected content stores
including cloud content storage, ECM platforms, and provides additional
security measures, such as secure containers on mobile devices, AV
scanning, and support for remote wipe.
7
Whitepaper | Solve the Dropbox Problem with Enterprise Content Connectors
An Accellion Whitepaper – Solve the Dropbox Problem with Enterprise Content Connectors
•
Centralized monitoring and reporting. kiteworks provides centralized
monitoring, audit trails, and reporting, supporting compliance with
regulations such as HIPAA and SOX.
•
Integration with existing solutions such as Data Loss Prevention
(DLP) solutions. kiteworks integrates with DLP systems, LDAP servers,
SSO services, and other key IT services deployed in enterprises today.
Conclusion
In many organizations, employees rely on Dropbox for working with partners, vendors,
and other external users. Banning Dropbox from the network is not a viable option for
these organizations. Productivity would suffer, and users would likely seek risky IT
workarounds that would keep file sharing outside the purview of the IT department.
Organizations can make Dropbox usage secure, manageable, and compliant with the
kiteworks platform and the kiteworks Dropbox connector. The kiteworks Dropbox
connector brings Dropbox content and activities back under the control and watchful eye
of the IT department, ensuring information security requirements are met.
Thanks to the kiteworks content connectors from Accellion, Dropbox can be made safe for
business use. For more information about kiteworks by Accellion, and the kiteworks
Dropbox connector, please visit www.accellion.com.
About Accellion
Accellion, Inc. provides the leading mobile content platform to increase enterprise productivity and ensure data security and compliance. The
foremost provider of private cloud solutions for secure mobile content management, Accellion offers enterprise organizations the scalability,
flexibility, control and security to enable a mobile workforce with the tools they need to create, access and share information securely, wherever
work takes them. More than 12 million users and 2,000 of the world’s leading corporations and government agencies including Procter &
Gamble; Indiana University Health; Kaiser Permanente; Lovells; Bridgestone; Harvard University; Guinness World Records; US Securities and
Exchange Commission; and NASA use Accellion solutions to increase business productivity, protect intellectual property, ensure compliance
and reduce IT costs.
ACC-WP-0315-Making-Dropbox-Safe-Business
© Accellion Inc. All rights reserved
Whitepaper
| Solve
the Dropbox
Problem with Enterprise Content Connectors
For additional
information:
www.accellion.com/resources/whitepapers
Email: [email protected]
Phone: +1 650 485 4300
Accellion, Inc.
1804 Embarcadero Road
Palo Alto, CA 94303
8