Ignore Dropbox at Your Peril

It is crazy to think that just five years ago no-one had heard of Dropbox. I struggle to think of anyone, either friend or colleague, that doesn't use the service - or one of its equivalents - for sharing files.
|

It is crazy to think that just five years ago no-one had heard of Dropbox. I struggle to think of anyone, either friend or colleague, that doesn't use the service - or one of its equivalents - for sharing files.

Many used to use these cloud storage services to access and sync documents, but with the proliferation of mobile devices and the innovation executed by these companies, users are now sharing every type of file between laptops, tablets and even on their smartphones.

However, as with every new technology, there are the good and bad sides.

Sharing data through these cloud services makes life easier for those who work from home or those who have to travel with business, keeping them productive and with access to all their necessary data wherever they are in the world.

But for corporations big and small, the security is an issue. As with any public cloud service, these files are stored in large multi-tenant data centres, but unlike signed contracts with established cloud providers, there are no SLAs and little information as to what security is put in place.

This, of course, puts fear into the IT department. Files containing data confidential to the business could be flying around over the internet with little knowledge of the company and, if those are leaked, all hell could be unleashed on those tasked with the responsibility of keeping data safe.

The traditional approach to this is just to ban the services. By implementing policies to stop employees using Dropbox, Box.net or Evernote, or even blocking the domains on work computers, it puts the security team's minds at rest and reassures them they have done all they can to keep the data away from these services.

This method no longer fits with the world we live in though.

Firstly, users will break the policy if it means better productivity for them and allowing them to get their job done. Also, as I have mentioned with the proliferation of mobile devices, it won't be hard for users to get round any policies put in place by using Dropbox or their iPad or smartphone.

It is bad enough when people are using these services and you know about it. If employees are doing it under the radar, you have even less control of your data, as the knowledge of where it is gives the IT department the power.

The point is that IT security professionals can no longer 'just say no' when it comes to such services. They have to find a way to embrace them as securely as possible, otherwise they risk being the ostrich with their head in the sand as all those around them continue to use the services, whatever the risk.

This doesn't mean IT teams should panic though. Dropbox have created a business version which can provide a lot more comfort to security professionals, whilst allowing employees to work in a familiar format.

What might bring even more reassurance, however, is a number of other firms, such as Box and Ascellion, which come from a security background and have a lot more enterprise level experience, are introducing their own versions, providing safe alternatives from trusted names, whilst also providing the same levels of usability and productivity employees have got used to with their consumer services.

The second set of offerings are likely to cost slightly more than the freebie consumer titles, but many still work with the pay per month per user cloud model of pricing and require little set up time or training.

Whether you chose an established security vendor or an internet cloud service, IT departments need to embrace this new way of working. Not only will it give you a more productive workforce, but it will take the risk away of ignoring this growing technology which, whether you like it or not, will be used by your employees at work and at home.