Since its launch in 2007, Dropbox has continually impressed the industry with its growth in the cloud file sharing space. Recently, the company announced that they have more than 400 million registered users and their users synchronize 1.2 billion files every day. The company also boasts 150,000 Dropbox for Business customers as of ‘Dropbox Open’, its invite-only event for business customers. With companies such as News Corp, National Geographic, and Under Armour talking about their collaboration stories and the benefits of using Dropbox for Business, Dropbox has cemented its position as a dominant player in the enterprise file sharing and collaboration market.
Cloud file sharing and collaboration tools have become an important part of the business workflow with the average company uploading 5.6 TB of data to file sharing services each month. As enterprises increase their adoption of cloud services, they are looking for ways to increase the security of information and to maintain compliance. Cloud service providers like Dropbox have put in place several security measures including ISO 27018 certification and two-step authentication to protect information in the cloud, but companies are still vulnerable from risky user behavior, compromised accounts, and other threats. To address these challenges, companies are using Cloud Access Security Brokers (CASBs) to provide added security so that they can leverage the productivity benefits of Dropbox while protecting their information.
Here are 5 ways enterprises can use a CASB to secure their Dropbox usage.
Standardize on Dropbox
The average organization now uses 1,154 cloud services, of which 61 are file sharing services such as Dropbox, Box, and Google drive. A CASB can help provide visibility into all of the cloud services used within the company, including usage by categories such as file sharing, as well as the risk associated with each service. With this information, the IT team can block the risky services or coach their employees towards Dropbox with automated messages when they login to other file sharing services.
Scan for sensitive data
McAfee’s (formerly Skyhigh Networks) recent Cloud Adoption & Risk Report shows that, of all documents stored in file sharing services, 37.2% are shared with someone other than the document’s owner. Of these, 9.2% contain sensitive data, including personally identifiable information, personal health information, confidential company information, and customer information. Using a CASB, companies can scan pre-existing data on Dropbox and identify files that contain sensitive data. This insight can be useful to companies in multiple ways. First, they can remediate exposure of files with sensitive information by deleting or revoking access. Next, they can identify users that have uploaded this sensitive information and work with them to address this issue. The on-demand scan can also be helpful in tracking down publicly shared sensitive files. Dropbox users may have inadvertently created links that made sensitive files accessible publicly. Companies can identify these files and revoke public access immediately.
Enable secure collaboration
“Dropbox was the best solution for digital collaboration” says Eric Friedman, Director of Sales and Revenue Operations, Foursquare. The company uses Dropbox as a central file system to organize and share documents across their San Francisco, New York, and London offices. With over 2 billion connections in its network, having multiple users collaborate on a file is a key value proposition Dropbox enables for enterprises. But sometimes, employees share company information with external partners or teams that are not authorized to access the information. A CASB can help address this concern by helping enforce sharing policies based on domain and content. So, companies can apply policies that prevent sharing of sensitive information outside the company domain. CASBs also help in creating domain whitelists and blacklists, so organizations can maintain control over which partners can receive certain information.
The recent EU Safe Harbor developments are an example of the compliance issues faced by companies as they move their information to the cloud. Traditionally, companies have enforced compliance policies by applying data loss prevention (DLP) rules to data on-premises. They are now using CASBs to apply DLP rules to information uploaded to cloud services. These rules include blocking files that have sensitive information such as Social Security Numbers and proprietary source code, or preventing downloads of files to unmanaged devices. CASBs are also used to extend on-premises DLP policies to the cloud and leverage remediation workflows. So, if a user uploads a file into Dropbox, the CASB passes it to the on-premises DLP platform and, depending on the policy definition, allows the file to be uploaded or blocked/quarantined.
Detect and remediate threats
Recent predictions from Gartner state that through 2020, 95 percent of cloud security failures will be the customers’ fault. Though companies have made large investments in protecting themselves from external attacks, they remain vulnerable to threats from insiders as well as compromised accounts. CASBs are leveraged to monitor user behavior for anomalies and alert the IT or Security teams if a data breach threat is detected. These anomalies can include insider threats, such as when a user downloads excessive information or a privileged user deletes a large number of accounts. CASBs can also detect compromised accounts based on parameters such as location and frequency of login attempts. So, if a user logs in from multiple locations in short timespans (indicative of impossible travel) or if several login attempts are made on an account, the CASB highlights these as anomalies indicative of compromised accounts and flags them for further investigation.
As Dropbox makes big strides into enterprise market by providing productivity capabilities that span across PC and mobile devices, the innovations by CASBs in the cloud security space are paving the way for easy adoption by both users and IT. We at McAfee announced next-generation security and data governance capabilities for Dropbox to deliver actionable insights and management over data without altering end-user experience. It is another step forward in enabling enterprises to adopt the massive productivity benefits offered by the cloud while while meeting security, compliance, and governance requirements.
About the Author
Categories: Cloud Security