2013-12-02

Co.Labs

How Dropbox Spawned A Cottage Security Industry

Dropbox For Business recently launched, offering enhanced security features... but a host of third-party providers beat them to the punch.



If you run a small business or work in an enterprise setting, you know the routine for sharing files. Depending on your organization, you use Google Drive, Dropbox, Box, iCloud, or seemingly millions of other competitors. The need to share information and collaborate on projects means that cloud storage platforms are everywhere... and it has spurred its own sub-industries. One of these is the demand for security services for cloud file sharing.

Let's say it: Security at Dropbox, Box, and Google Drive is excellent, surely, but it isn't perfect. It's commonplace (and smart) for organizations to share sensitive documents via VPN or thumb drives when corporate competitors and other snoops lurk. But many employees don't always follow company policy or even the law; as I discovered at Fast Company last year, many doctors use Dropbox to store patient health information even though the federal government prohibits it.

Other times, speed and expedience trump security practices. A robust industry of companies offering additional encryption and security systems for cloud services has popped up, and eager enterprise customers pay for the added layer. They do it for good reason: Earlier this year, security researchers Dhiru Kholia and Przemyslaw Wegrzyn successfully gained access to private user files. If they could do it, others could too.

This is a major reason why Dropbox recently launched Dropbox for Business, an enterprise version of their cloud offering with enhanced security and collaboration features. On top of standard Dropbox features such as two-step verification, the new offering includes certifications and compliance for Amazon S3, file recovery and version history, disk wiping, and other additions aimed at a business audience. But it's still based on their core service; in an official statement, the company said "It give(s) you a personal Dropbox and a work Dropbox on all of your devices so you’ll never have to choose between them. It’ll be like having your house keys and your work keycard on the same keychain."

One of these cloud collaboration security companies in Dropbox's ecosystem, Massachusetts-based nCrypted Cloud, offers a core product which, among other things, lets users share and revoke access to individual files on demand with collaborators and layers on top of Dropbox. The company is currently working on layering their technology on top of Box for 2014. Their tool is used by organizations like Imperial College of London to allow safer file sharing for sensitive data; Ncrypted Cloud's model, says CEO Nicholas Stamos, emphasizes strict protection of all data in the cloud hard drives, and balancing between personal privacy needs and corporate data governance requirements. He added that they are supported through separate but equal privacy and audit controls providing extensive forensic level auditing trail for end users and information security professionals that show which users accessed which files at what time from which computer, device, or browser.

Ncrypted Cloud is just one of a variety of security startups and projects working in the added-cloud-security field. Onehub, Truecrypt, AeroFS, and Boxcryptor, among others, all offer similar services. It isn't just that Dropbox and Box can become very real security liabilities for companies because they're trusting data storage to a third party; it's also the fact that, for the sake of business and making investors or stockholders happy, it's preferable to add that extra security just in case.

All of this is a boon for smaller cloud storage providers. Companies like WatchDox promote their services to heavily regulated industries like health care by warning of horror stories caused by lax security on the mega-services. Other providers such as Rackspace emphasize that their products, which can be harder to use, offer clients more security for their buck.

It matters to businesses that a whole industry of second-layer security services for Dropbox have popped up and are thriving. But it matters even more to Dropbox. The company is currently seeking $250 million in financing to help fund a rumored IPO. But security remains as a weak spot for the company; Jeffrey Mann of research firm Gartner told The Daily Beast's William O'Connor that Dropbox is "The scourge of enterprise IT departments" because of its perceived risks. While companies struggle with preventive solutions for cloud storage security issues, Dropbox (and Box, and Google Drive...) have to deal with a much more serious immediate problem: The market perceives them as relatively unsafe. For products that want to become as much a part of contemporary office life as Microsoft Office or Salesforce, that's a considerable obstacle.

[Image: Flickr user Žarko Drinčić]






Add New Comment

1 Comments