Interview: Rajan Kapoor, Director of Security, Dropbox

Written by

Digital transformation – the use of new, fast and frequently changing digital technology to solve problems – is now a vital and integral part of running a business. As such, it’s become increasingly commonplace for organizations to implement various cloud technologies that allow them to store, share and access data and documents with ease, speed and efficiency, giving rise to a host of companies providing such services.

One company that has seen particular growth and success in this market is Dropbox, founded in 2007. Dropbox is now one the world’s largest file-sharing and storage providers, supporting over 600 million global users and 400,000 business teams.

Of course, at the heart of any such service must be a strong focus on the security of data, and Infosecurity recently met with Dopbox’s director of security, Rajan Kapoor, to discuss the mechanics of security within the file-sharing and transfer industry.

How would you rate the current, general standard of security within the file sharing and transfer landscape?

The expectations of account security have shifted in the past few years. Authentication is at the forefront of protecting accounts. The standard today is to support comprehensive authentication options like Single Sign On (SSO) and multi-factor authentication (MFA). We expect to see passwords start to be used less in the next few years as emerging standards like WebAuthn mature.

The industry is also warming to the security research community. Examples include publishing a vulnerability disclosure policy, standing up a comprehensive bug bounty program and making sure it’s easy for the public to report vulnerabilities without consequence. This is a shift from the more adversarial way ethical hackers have been treated in the past. Leveraging the independent security research is a powerful way to validate the underlying security of your platform and has led to advances that have made the entire industry safer.

What are the benefits of using a file sharing and collaboration service such as Dropbox?

Using cloud-based collaboration platforms ease security burdens on IT teams while providing industry-leading security. When deploying a cloud solution, you are outsourcing part of your security to experts devoted to securing your data. There is no need to have an on premise server as all the data will be held with Dropbox, freeing up IT teams from the burdens of constantly monitoring and patching their own infrastructure.

Furthermore, not only can you and your team store, sync and collaborate on all your files in one safe place, but you can control which devices have access to your data. Employees and teams can centralize all of their content in one solution – you can create, organize and share Google Docs, Sheets and Slides content, as well as .docx, .xlsx and .pptx files, all from within the Dropbox workspace. Another benefit of this centralization is creating a unified access model across all of this content, so it’s clear who exactly has access to your data.

What are the security challenges for a file hosting/sharing service?

Maintaining ease of use without compromising security is paramount. If your security controls make it hard for employees to use the service, employees will move on to another, easier to use service that may not be as secure, taking your data with them. This balance of ease of use with enterprise grade security is possible but hard to pull off. At Dropbox, we spend a lot of time focusing on the usability of our product, and that includes how we design our admin console and the security controls we offer. If you make it simple for users to take the steps necessary to secure their data, you will increase adoption of the tools that protect your organization.

What steps does Dropbox take to ensure the security and safety of users’ data?

Dropbox is a secure and trusted infrastructure that supports over 600 million global users and 400,000 business teams. Our distributed infrastructure, with multiple layers of protection and support for standards and regulations like ISO 27001 and HIPAA, help keep data safe.

With Dropbox admin features, users can simplify team management with in-product controls as well as support data security and compliance. These controls allow for deciding who can see data and for how long, and are backed up by comprehensive logging and auditing that gives a complete picture of what is happening to a user’s data.

The Infosecurity Magazine Editorial team will be at RSA Conference 2020 on Booth #4139 - get a free EXPO Only pass on us, using code: XE0UINFSMG

What’s hot on Infosecurity Magazine?