The general consensus about Dropbox within business is that it is an excellent service, but lacks security. This lack of security is not primarily specific (although the firm did suffer a security failing last summer), but rather a lack of visibility into and control over how stored and shared files are used. One of the criticisms, for example, is that employees leaving the company (either through termination or leaving to join a competitor) will automatically take any potentially sensitive files stored in their Dropbox accounts when they leave the company.
One way to defeat shadow IT is to sanction it. The new Dropbox Team (the corporate multi-user offering) dashboard seeks to make that more attractive. This service is paid-for – currently around $800 per year for a team of five, but more for increased storage or additional team members. The new dashboard provides the team leader with greater visibility and control over which members can access individual files, and what they can do with those files. In particular, if a team member leaves the company or just the team, access to the stored files can be immediately blocked.
This in itself does not prevent an employee opening a separate personal account and using that to exfiltrate sensitive files, but makes it more likely that it would be a planned (and probably illegal) act. However, the greater part of the shadow IT use of Dropbox is likely to occur simply because staff are seeking to make their jobs easier and more efficient. By providing an official Dropbox Team account, the need to do that becomes less pressing – and Dropbox will benefit from increased income while business benefits from increased control.
A second new security feature within the new dashboard is the ability for the team leader to insist on and ensure the use of two-factor authentication by the team members. Optional two-factor authentication was announced by Dropbox last July. It followed the breach involving users’ re-used passwords. “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts,” announced the company at the time. Two-factor authentication can solve this issue, and the team leader can now insist upon it, and ensure that individual team members do not subsequently turn it off.
It is possible that this improvement to the corporate Dropbox may be the start of preparation for a Dropbox IPO. IDC estimates that the enterprise file-sharing market will be worth $20 billion by 2015, and Dropbox is currently valued at around $4 billion.