A more secure alternative to Dropbox?
Best Dropbox alternative: How enterprises can deploy their own secure EFSS solution as a safe alternative to Dropbox
There is no denying that Dropbox has gained a fair amount of popularity in the file-sharing universe. Its ease of use has revolutionized the space and most consumers today use Dropbox as a means of storing and sharing data – perhaps much more so than any other alternatives to Dropbox in the market. However, when it comes to enterprises, Dropbox’s penetration has been more modest – primarily because of several important data security and privacy considerations that business data demands. Business data tends to be sensitive in nature and any leaks or breaches of data tend to be viewed more gravely by enterprises and their stakeholders.
Dropbox has certainly added a number of enterprise-class security features and gained certifications that make it more acceptable to enterprise IT, teams. But apart from the fact that it still has a “consumer-ish” tag to it (which leads to lowered credibility with enterprise IT teams), there are some real shortcomings (as do other cloud storage services such as OneDrive and Google Drive) which give enterprises pause.
Business data tends to be sensitive in nature and any leaks or breaches of data tend to be viewed more gravely by enterprises and their stakeholders.
Data Security and Privacy Risks
1. Control over encryption
Public cloud file services like Dropbox do encrypt data in the cloud, but they retain the ability to decrypt that data if they need to. This is true not just of Dropbox but of almost any other major cloud storage services similar to Dropbox. The encryption they provide is NOT Zero-Knowledge (the technical details of Zero-Knowledge-Encryption or Zero-Knowledge-Privacy can be quite involved and is best left as a topic for another blog post). While it is true that Dropbox or the other services have little need to view and steal enterprise data – this does surface a risk to a number of businesses who are sensitive to regulatory compliance.
2. Foreign Government or Regulator demands for data
An unfortunate side-effect of the above shortcoming is that Dropbox or other Dropbox-like services may be compelled to turn over business data should there be a demand from a foreign government or regulatory authority under whose jurisdiction they fall. Many governments, due to the increased frequency of terrorist activities, have imposed laws that give them unfettered access to business data via SaaS providers like Dropbox. In many cases, such data is required to be turned over in an unencrypted form and there may not even be a need to get the permission of the data controllers (i.e. the business) beforehand.
3. Demand For Hybrid Model
Enterprises like to have access to logs which lets their IT teams walk backward and audit all actions that took place. These audits may be necessary as a matter of course or in response to an incident they are investigating.
Public cloud file services by their very nature are not fully transparent because business customers don’t have access to actions that the cloud service administrator may take. For instance, while audit logs may exist for all actions that were performed by business users – logs visible for customer consumption rarely if ever capture administrative actions. For instance, did a Dropbox employee have to decrypt and view your business’ data – even if for a legitimate reason?
Public cloud file services by their very nature are not fully transparent because business customers don’t have access to actions that the cloud service administrator may take.
How Enterprises can approach the problem using a secure dropbox alternative?
So, what do businesses need to do if they wish to provide their employees all the benefits of a Dropbox like service (Dropbox alternative), but without security and privacy concerns?
For one thing, businesses could opt for Enterprise File Sync and Share software which they can purchase in a BYOL (Bring Your Own License Model) and implement themselves on their own infrastructure. This doesn’t necessarily mean they can’t use it as a cloud service – they can in fact deploy the solution in their own Amazon, Microsoft, or Google cloud account and have complete control over the setup.
This step ensures that the business’ IT team is in sole control over the solution and has full control over audit logging. This also removes the concern of un-encrypted data being turned over to a foreign government or a regulatory authority without following due process.
But if the business is hosting the software in a cloud (like Amazon, Microsoft, or Google), how do they ensure that data is not only encrypted but is encrypted using keys that are known only to the enterprise? In other words, how do they ensure Zero-Knowledge-Encryption?
Enterprise File Sync and Share services such as Parablu’s BluSync ™ are designed specifically to keep enterprises in mind.
BluSync provides file services, and also allows secure collaboration and file sharing with external stakeholders. But all of this is accomplished by ensuring industrial-grade encryption with strict enforcement of segregation of duties – in other words, BluSync lets the business always control the encryption keys for their data.
Parablu calls this Zero-Knowledge Privacy. BluSync passes all data through its secure cloud gateway and encrypts the data using AES-256 while ensuring that the IT administrator can change those encryption keys at any point if they wish to. While every user gets assigned a unique key for their data’s encryption and decryption, all of these keys can be changed with immediate effect if the IT administrator wishes to. The Administrator can cause this change by simply changing one element of the ‘key material’ – also called a ‘salt’, which immediately results in all user keys being regenerated.
Regulations like GDPR tend to take a softer stance with businesses that suffer data breaches but can prove that the data was encrypted or anonymized beforehand. This makes sense because encryption lessens or eliminates the chances of a breach of privacy breaches even if there is a breach of data. And if the business can prove that the data was encrypted with them having full encryption key control, it naturally puts them on an even stronger platform from a regulatory compliance standpoint.
if the business can prove that the data was encrypted with them having full encryption key control, it naturally puts them on an even stronger platform from a regulatory compliance standpoint.
Thus, even if BluSync were configured to use OneDrive or Google Drive as a cloud storage target – the enterprise can be sure Microsoft or Google can only turn over encrypted business data in response to a demand from a regulatory authority or a foreign government.
The Best Dropbox alternative that protects your privacy
The best dropbox alternative BluSync also offers several features that make it appealing as a secure EFSS offering for enterprises that require privacy for regulatory reasons.
1. Highly Secure Sharing
BluSync enables ways to share files securely inside and outside the organization. This is carried out using safe, time-sensitive, self-destructing URLs which are equipped with complex password protection, multi-factor authentication, and IRM controls (prevent recipient download/print/save, etc).
Administrators can also exercise control over which users are allowed to share files, the type of files which are allowed (or disallowed) for file sharing, email domains that are allowed (or disallowed) for file sharing, etc.
In case of a file that is shared accidentally, the shared URL link can be disabled– preventing access immediately.
2. End-to-End Encryption
With BluSync data stays encrypted at all times, be it in transit or at rest. All data in transit always travels over secure channels (at least TLS 1.2 with strong ciphers) and is encrypted at rest using industrial strength AES-256 encryption. And the control the enterprise has on the encryption keys ensures that the data-sharing repository is not only secure but also private to the enterprise.
3. Secure collaboration
BluVault offers a deployment mode where the backup agent runs on the user’s endpoint device (desktop, laptop, Macbook etc.) in an invisible mode. This significantly reduces the possibility of an end-user trying to forcibly stop the backup agent from running or making any attempts to uninstall it.
4. Email alerts and Reports
BluSync allows secure collaboration using the concept of Mini-Clouds. A mini-cloud is an insulated, shared folder space that groups of internal or external users can access simultaneously. It is a collaboration that is highly secure and efficient. This capability is further enhanced by allowing an IT administrator to create one of these mini-clouds and then make a business owner the “admin” for the mini-cloud. Any further addition/deletion and management of users is left to the mini-cloud admin without the IT administrator having to be burdened with those tasks. All mini-cloud operations are of course fully audit-logged for compliance.
5. Automatic malware scanning on upload
BluSync also offers an automated way to verify that all files that are uploaded for sharing or collaborations are free of malware. This proactive measure ensures that any infected or malicious files are not accidentally uploaded and potentially compromise the recipient(s).
6. Built-in reporting and audit logs
Reporting and time-stamped recorded logs of all data uploads and sharing activities ease the BluSync IT administrator’s workload drastically. BluSync maintains comprehensive logs that are auditable and also has an array of built-in reports that provide insights into all activity while helping identify any anomalies that demand instant precautionary actions.
Reporting and time-stamped recorded logs of all data uploads and sharing activities ease the BluSync IT administrator’s workload drastically
7. Centralized management and monitoring
BluSync comes with the ability to centrally manage and monitor all sharing and collaboration activity. Using BluSync policies, administrators can easily enable highly secure sharing parameters as described above. Policies can be changed and pushed out to users no matter how numerous and how widely spread they may be. Unified audit logging also gives administrators the visibility they need to track and monitor how the data is being treated when it is shared and take any actions as required.
8. No cloud storage and file type restrictions
And best of all – BluSync can be run pretty much anywhere. Being a cloud-agnostic solution, it offers the freedom for businesses to use any cloud storage of their choice. AWS, MS Azure, or even services like OneDrive or Google Drive, BluSync supports them all. It also eliminates all limitations around filenames, file sizes, folder sizes, path lengths, and special characters that enterprises sometimes have to painstakingly work their way around.