Solve the Dropbox Problem with Enterprise Content Connectors
An Accellion Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors Executive Summary Dropbox is one of the most popular services in shadow IT and its use by employees has created information security concerns for most enterprise organizations. This whitepaper provides an overview of the common approaches taken by organizations to solve the Dropbox problem and a recommended enterprise solution for securing Dropbox while enabling its use. 2
An Accellion Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors Dropbox is Popular But Risky Chances are, employees within your organization are using Dropbox for sharing and syncing files, regardless of whether or not you have approved its official use. Dropbox is one of the most popular services in shadow IT the products and services that employees adopt without IT approval. The Dropbox service is used by so many businesses including 95% of the Fortune 500, according to the company's press releases that your employees may have adopted it if only to exchange information with vendors, customers, or other external organizations who use Dropbox. By 2014, Dropbox had amassed over 300 million users. The odds are excellent that some of these users work at your organization. But regardless of the popularity of Dropbox, its use in the enterprise creates substantial security risks. It was originally developed for people to share personal documents, music, or family photos. In its design, convenience trumps security. Dropbox makes file sync and sharing easy, but for years has lacked basic security controls such as encryption and monitoring. Over the years, the service has also suffered some embarrassing security lapses, such as an outage in 2011 that left all files in the service without password protection or monitoring for four hours. 1 To this day, the company is unable to say which files were accessed and by whom. After IBM audited the distribution of its proprietary data and found confidential files such as product plans widely distributed on the Internet, it banned employees from using Dropbox. 2 Other enterprises have followed IBM's lead and banned Dropbox from their networks. Dropbox has attempted to address some of these concerns by introducing a new service called Dropbox for Business. Alas, the new service does not meet many expected standards for data security. For example, Dropbox for Business is available only as a public-cloud service. Enterprises do not have the option of hosting the service in their own private clouds. And Dropbox controls the encryption keys that are used to protect data, rather than the enterprise. Dropbox for Business is a step in the right direction, but it still falls short of the standards for security and control expected by enterprises, especially those in regulated industries such as finance and healthcare. You might be tempted to block Dropbox or may have already tried to do so. But complaints from users probably quickly followed. If partners and vendors are using Dropbox to share files, blocking Dropbox makes it harder for your employees to work with those external parties. For many organizations, Dropbox is a fact of life. Is there a way to make it more secure, manageable, and compliant? Can Dropbox be made safe for business? 1 http://readwrite.com/2013/04/10/dropbox-tries-to-lure-back-enterprise-customers 2 http://www.computerworld.com/article/2504123/byod/mobile-devices-bring-cloud-storage----and-security-risks----to-work.html 3
An Accellion Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors Solutions to the Dropbox Problem There are a number of ways that enterprises have attempted to resolve the data security issues related to Dropbox. These solutions fall into three approaches: Option 1 The IBM Approach The IBM Approach to solving the Dropbox Problem consists of blocking access to it. By blocking the network port the service uses, and denying any access to the system, as IBM did a few years ago, some organizations have taken a hard line approach to rein in unauthorized storage of enterprise content in Dropbox. While completely blocking the solution may provide greater data security for an organization, it creates a number of other issues that decrease employee productivity. One example of this is external vendors or partners who want to use Dropbox to share graphics or event plans with members of your marketing team. By blocking the network port, the marketing team is not able to access files shared with them by external parties via Dropbox. As a result, employees seek workarounds for sharing information with external vendors - decreasing productivity, and encouraging team members to introduce additional shadow IT solutions into their work processes. As with many hardline approaches, blocking Dropbox has in many cases exacerbated the problem of unauthorized, and unmanaged usage rather than solving the problem. Option 2 The Ostrich Approach Other enterprises have chosen to ignore the data risks involved with Dropbox usage and have simply turned a blind eye to untracked and unmanaged Dropbox usage by its employees. A survey of IT practitioners from the Ponemon Institute found that 62% of respondents knew of employees using their own private accounts to store business data in public cloud services like Dropbox and Google Docs. Only 26% of respondents said that these services were permitted. Not attempting to regulate data sharing through an unsecure solution such as Dropbox means these organizations are putting sensitive enterprise content at risk. While individual employees may be increasing productivity using unsecure solutions such as Dropbox, they are at the same time increasing data security risks for their organization. The ostrich approach to Dropbox is not a solution, because it ignores the issue rather than resolving it. Option 3 The Accellion Approach In considering the different ways that enterprises can address the Dropbox problem, Accellion realized that an entirely new approach was needed when it came to enterprise content. What if instead of trying to stop employees using Dropbox the problem was turned on its head and reframed as how do we make Dropbox use safe for business? As long as the IT team has auditing and logging control over information why should it matter where enterprise content is stored? What if employees were able to access and use whatever content systems they choose, whether it s an on-premise SharePoint server, or a cloud-based solution like Dropbox. Instead of blocking access to certain content stores, what if employees could use a single interface that lets them securely access content from any content stored on any device. This is the solution Accellion provides via kiteworks and the kiteworks Dropbox connector. 4
An Accellion Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors The kiteworks Dropbox Connector The kiteworks Dropbox connector enables enterprises to support content sharing via Dropbox while bringing Dropbox activities into the secured and auditable environment of kiteworks. kiteworks by Accellion enables mobile employees to securely create, access, and share up-to-date enterprise content, wherever it is stored. kiteworks provides content connectors to a myriad of on-premise Enterprise Content Management (ECM) systems, as well as public-cloud storage solutions including Dropbox. The kiteworks content connectors make it easy for mobile workers to access and share files from any cloud storage solution, ECM platform, and on-premise file store all via a single interface. Users can quickly and securely view, edit, upload, and share files from tablets, smartphones, laptops, or desktops. Additionally, users can move, combine, and share content from multiple content sources with internal and external users. The kiteworks Dropbox connector ensures that all access to content stored on Dropbox is managed securely through one interface, so IT administrators maintain full control over access rights. With the kiteworks Dropbox connector, IT can monitor all Dropbox file distribution and access by employees, and generate reports for compliance and security audits. Files that were previously unmanaged and unmonitored in services like Dropbox become trackable and manageable through the kiteworks connector. Using kiteworks to Work Securely with Dropbox Configuring the kiteworks Dropbox Connector is easy. The IT administrator installs the kiteworks Dropbox connector and configures it with the security policies and access controls already in force in the kiteworks platform. When users log in to kiteworks, they will be able to access Dropbox folders that are shared with them by external parties and will also be able to access their own Dropbox folders and files. Users can: Move Dropbox folders into kiteworks. Share and email Dropbox files securely through kiteworks in compliance with the organization s security policies and access permissions. Create kiteworks folders combining files from Dropbox, Box, OneDrive, Windows File Shares, Home Drives, SharePoint, and other ECM platforms. Download, lock, update, and comment on Dropbox files and other files in kiteworks folders. Sync Dropbox files and other kiteworks files across mobile devices. View metadata for any Dropbox file in kiteworks. Collaborate with other internal and external users and share status updates in an activity stream. 5
An Accellion Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors Figure 1: Dropbox folders in the kiteworks platform. kiteworks gives authenticated users access to all files in connected content stores Figure 2: Users can select any files in their Dropbox folders and perform secure operations upon them, such as downloading, sharing through a secure, trackable connection. 6
An Accellion Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors Figure 3: kiteworks users can create custom folders (such as Shared with Vendor above) that combine files from multiple sources. They can edit and share those files, view comments about them, and assign tasks in a secure, monitored mobile-first environment. The kiteworks solution The kiteworks platform provides a central, comprehensive solution for securing data access from all content stores both in the cloud and on-premise. When employees access content through kiteworks, IT administrators can be certain that the content access and use complies with security policies and best practices, and that content distribution to internal and external users is monitored and logged. kiteworks gives IT administrators full control and visibility into all content sharing and storage. The kiteworks solution is designed for enterprise use: A mobile-first design that supports the devices that workers prefer to use. The kiteworks user interface was designed for tablets and smartphones. The same interface is available on desktop and laptop computers, providing a consistent user experience across devices. Enforcement of existing access controls and other security measures. kiteworks enforces the access controls of connected content stores including cloud content storage, ECM platforms, and provides additional security measures, such as secure containers on mobile devices, AV scanning, and support for remote wipe. 7
An Accellion Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors Centralized monitoring and reporting. kiteworks provides centralized monitoring, audit trails, and reporting, supporting compliance with regulations such as HIPAA and SOX. Integration with existing solutions such as Data Loss Prevention (DLP) solutions. kiteworks integrates with DLP systems, LDAP servers, SSO services, and other key IT services deployed in enterprises today. Conclusion In many organizations, employees rely on Dropbox for working with partners, vendors, and other external users. Banning Dropbox from the network is not a viable option for these organizations. Productivity would suffer, and users would likely seek risky IT workarounds that would keep file sharing outside the purview of the IT department. Organizations can make Dropbox usage secure, manageable, and compliant with the kiteworks platform and the kiteworks Dropbox connector. The kiteworks Dropbox connector brings Dropbox content and activities back under the control and watchful eye of the IT department, ensuring information security requirements are met. Thanks to the kiteworks content connectors from Accellion, Dropbox can be made safe for business use. For more information about kiteworks by Accellion, and the kiteworks Dropbox connector, please visit www.accellion.com. About Accellion Accellion, Inc. provides the leading mobile content platform to increase enterprise productivity and ensure data security and compliance. The foremost provider of private cloud solutions for secure mobile content management, Accellion offers enterprise organizations the scalability, flexibility, control and security to enable a mobile workforce with the tools they need to create, access and share information securely, wherever work takes them. More than 12 million users and 2,000 of the world s leading corporations and government agencies including Procter & Gamble; Indiana University Health; Kaiser Permanente; Lovells; Bridgestone; Harvard University; Guinness World Records; US Securities and Exchange Commission; and NASA use Accellion solutions to increase business productivity, protect intellectual property, ensure compliance and reduce IT costs. Email: sales@accellion.com Phone: +1 650 485 4300 Accellion, Inc. 1804 Embarcadero Road Palo Alto, CA 94303 ACC-WP-0315-Making-Dropbox-Safe-Business Accellion Inc. All rights reserved 8 Whitepaper For additional Solve information: the Dropbox www.accellion.com/resources/whitepapers Problem with Enterprise Content Connectors