Why Dropbox Is Among the Most Blacklisted Applications
File sync and share applications like Dropbox and Box remain among the most blacklisted applications by companies.
15 April 2014
File sync and share applications like Dropbox and Box remain among the most blacklisted applications by companies, largely because of how easy it is for sensitive or valuable data to be moved out of the security of the enterprise. Even with data encryption and other security measures, files can be copied or transferred almost effortlessly, making data leakage a real threat.
The solution is true file-level access controls and authorization, as well as portable data security. Most file sharing applications like Dropbox can’t support this because they apply authorization controls at the folder level. This isn’t enough: if you move a file out of the Dropbox folder, it may not be protected and you have effectively lost control of the information. For most enterprises this is unacceptable – hence the high rates of blacklisting.
The answer is to apply digital rights management (DRM) or information rights management (IRM) to individual files, technologies familiar to many of us who own a Kindle or another reader device, or to those who buy music or movies from places like iTunes. These consumer services provide a form of DRM support to protect copyrighted materials, and in a similar way enterprise file sharing and collaboration applications with DRM protect files from being copied, viewed, printed or altered. Strong DRM even supports remotely shredding files after they have been shared and copied. DRM supports lifetime control of files – just what an enterprise needs.
DRM also makes it possible to understand precisely what happens to a file – how it was shared, who viewed it, and when. This detailed logging capability is critical, especially in regulated industries.
To be trusted by enterprise IT teams, file sync and share applications have to support DRM. Until then, they’ll remain on the blacklist.
Mushegh Hakhinian represents Intralinks at the Cloud Security Alliance SME Council, is a certified information systems security professional, and is a frequent contributor to industry publications. Prior to joining Intralinks, Mr. Hakhinian lead security functions at a multi-tenant online banking service provider and an international bank.