Dropbox hit the market at a time when users were struggling with a way to share large files across devices. It was simple to use and made syncing easy. At first, people used it primarily to share photos and personal files. Once installed, it required very little effort to use. Simply drag files to a folder and ‘voila’ they were available on other devices.
This simple file sharing method clearly had business value so users started to install Dropbox on their work machines. This migration of the Dropbox consumer application into corporate environments sent shockwaves through IT. These user-installed applications are called “Shadow IT” as they perform functions that should be owned by IT but are not approved by the company. Instead, they are installed, without permission, by users.
User-installed Dropbox presents several issues. The most important issue is security. With Dropbox, files can enter and exit the organization without any IT control. Dropbox effectively bypasses all of the protections that IT has in place to secure the corporate environment. So instead of incoming files being scanned for viruses, as they would if they came in via email attachment or from an FTP server, they can be directly inserted into the corporate environment without any of the checks-and-balances that would ensure security. Likewise, information can be sent out of the company, to unauthorized devices or users.
The other major issue is oversight and control. For organizations that must adhere to regulations such as HIPAA, FERPA, and SOX, this lack of oversight also puts their compliance in jeopardy. Central to most of these regulations is the ability to audit file transfers to demonstrate compliance. With user-installed applications, there is no central point of control or oversight. Without this, there is no compliance.
So while Dropbox has been a winner for users, if not implemented as a company-wide solution, it creates risk for the security of a company’s data and gives IT teams quite some heartburn, especially those who have to adhere to regulatory compliance.
In contrast, Biscom’s Verosync product, a secure dropbox alternative, has all of the enterprise capabilities that make IT happy. This begins with security that meets all major regulations such as HIPAA, FERPA and SOX. It is also has detailed tracking, auditing, and reporting capabilities that support compliance. Finally, the solution was built to be as seamless as possible for the users. This means that there is little training required before users can start syncing files securely.