I am a heavy (and paying) user of Dropbox, using it both for business and personal storage and synchronization. Although I find the service incredibly useful, Dropbox is far from perfect, especially for business users. So I thought I would take a few moments to talk about what I’d like to see Dropbox improve.
The Ultimate Honeypot
I often wonder why Dropbox hasn’t yet had a major security breach. Considering the number of people I know who use the service and the incredibly personal and valuable data I know they store there, Dropbox must be one of the richest targets on the Internet!
I must assume that their employees are doing a decent job of keeping on top of the inevitable and continuing hack attempts, but eventually they must fail. After all, it is obvious that user data is not accessible to the company. I hear everything is protected with a single encryption key…
One of the signature elements of Dropbox is global deduplication of data. All uploads are “hashed” with a digital signature which is checked against all the data from every other user. If I upload a file that Dropbox has already “seen”, I’ll get a pointer to their chunks rather than my own. This would be impossible without universal access to the data itself.
This means that the Dropbox software, and thus their staff, can access any user’s data. So hackers probably spend a good amount of time trying to convince the staff to let them in using social engineering, spear phishing, and similar tricks. Plus, if they found a hole in the software and got into the Dropbox servers, hackers could likely access all the data everywhere.
More Than Single Sign-On
Dropbox for Teams sucked. Sure it added a unified control panel for accounts associated with a business, but was ridiculously limited: There was no Active Directory or LDAP integration for single-sign-on. Now that Dropbox has revved Teams into “Dropbox for Business” and added Active Directory and Single Sign-On, they’re set, right? Not exactly.
There’s still no content audit or control mechanism, so users can use “unlimited” online Business storage for whatever they want, be it personal or sensitive (see “Security”). About the only thing an admin can do is see who’s sharing what outside the Business and the last thing they did. That’s not much functionality.
Dropbox really needs to step up their game to appeal to corporate IT folks. But it doesn’t seem that they have any idea what these customers might want. Yes, they added AD support. But what about everything else?
Dropbox really reminds me of Apple: They don’t know anything about enterprise IT and don’t seem to care.
The Single Account Limit
The worst aspect of Dropbox in business environments is the fact that it’s absolutely useless for existing Dropbox users! See, the Dropbox client software (be it PC, Mac, iOS, etc) can only access one account. So each device can be associated with either a user’s own personal Dropbox account or the Business account, but not both.
Considering that Dropbox for Business is supposed to allow companies to wrestle a bit of control back from “rogue” Dropbox users, this sucks. The very people you’re trying to attract will rebel and complain that they can’t access their personal data anymore! They’ll resist this just as much as any third-party product.
Dropbox’s answer to me when I asked this question resulted in a massive face palm: “Share data between a user’s Business and personal account!” Seriously? There’s no way I want to give my employer access to my personal data or vice versa!
The only real solution is for the Dropbox client to support multiple accounts, but the company is reluctant to do this. I suspect that they fear users would just create multiple free accounts instead of paying for the service!
Note: There are hacks to access multiple Dropbox accounts on PC or Mac, but these are not a complete, appropriate, or advisable alternative for businesses.
Drowning In Sync Updates
Another serious challenge for Business users of Dropbox is that the service is “all or nothing” when it comes to syncing. Once more than a few users are actively using a Business account, file updates start coming fast and furious! But users that turn this off with Selective Sync lose all local access to those files!
Selective Sync allows a Dropbox user to turn off syncing of certain folders on certain clients. This helps reduce the amount of data downloaded and could also reduce the flood of syncs for a folder actively used by others.
But Selective Sync is all or nothing: Turn off a folder and it disappears from your Mac or PC with no offline access or even any indication it was ever there! Users have to re-enable an entire folder to see anything in it, resulting in a potentially-large download before they can get to work. And you can’t “Selective Sync” a file, just a folder.
The phone, tablet, and web clients work differently, showing the entire share but only downloading on demand. This is useful if you need to download something from a rarely-used folder, but it’s not useful if you’re on the go and lack connectivity!
Plus, Selective Sync is buried under “Advanced” preferences. I imagine most users don’t even know it’s there.
Although Dropbox for Business is an improvement over the nearly-useless Teams product, Dropbox needs to do a lot:
- Integrate client-side encryption of data, even as an option, so we don’t have to go “third-party”
- Share more security information so we feel better about trusting it with our data
- Create a real “Enterprise Dropbox” offering with real IT integration and content controls
- Add multi-account support to all clients
- Improve Selective Sync and allow on-demand downloading for Mac and PC clients
- Improve offline access for phone and tablet users
Until we see these, I will not recommend Dropbox for use with corporate or sensitive personal data. Although I am a (paying) customer, I am not completely happy with the product!
Image credit: peptic_ulcer