Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Box, Dropbox, or drop both?

David Geer | March 11, 2014
Does either meet enterprise security standards for cloud-based file sharing?

If an enterprise customer wants to use Dropbox in compliance with regulations such as HIPAA and FIRPA, third-party developers offer applications that work with Dropbox and some of those applications help organizations to meet those specific regulatory requirements, according to Piper.

Kinds of data permitted
Hackers could create "floating" attack staging platforms inside these file sharing services. Due to the nature of these file sharing services, says Gordon, they heavily defend customer files from the outside in, but don't examine them as carefully from the inside out.

"Specifically, due to a desire to be all things to all customers, many of these vendors follow a guiding business principle to acquire ever larger shares of the customer segments that they target by allowing almost totally unrestricted content storage within their systems. Some of that content can be highly toxic and lethal," explains Gordon.

Hackers can easily store and share malware in these systems. "Since these systems are often used without the oversight and knowledge of IT and apart from compliance functions within the enterprise, the services can bypass the most basic elements of user awareness and oversight in favor of ease-of-use and flexibility," says Gordon.

But according to Box, its various controls make floating attack platforms inside the service highly unlikely. "While Box does not restrict the kinds of files customers can upload, Box is not a live, runtime environment. Scripts and executables cannot run within the platform," says Shirk. Further, Box enables customers to run A/V scans on Box content to mitigate any potential for infection. "And, we restrict file conversion and interpretation only to known file types (.doc, .txt, .xls, etc)," says Shirk.

Dropbox, however, doesn't take as many precautions as Box does. Though Dropbox can store any file type, Dropbox users agree to not misuse the service, according to Louie. "We review reports of abuse and violations of acceptable use policies and take appropriate action when necessary," says Louie.


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.