Dropbox is great. It really is. Who knew
we had a universal need to share large files with each other?
By providing a simple, free service for uploading files to the Web, Dropbox lets people quickly share documents and files with colleagues, partners, and anyone else they choose. Dropbox has caught on with people looking for an easy way to upload data (say, an important sales report) from work and then retrieve it later, perhaps when they get home, or give permission to someone else entirely to download it.
Actually, we've had the ability to share files for years, just not as simple or user friendly as Dropbox. We've had FTP, HTTP and email as methods of moving large amounts of data outside of the organisation. We have also been able to buy Managed FTP solutions to do the same thing in a secure, controlled way. The trouble is, these methods have always required system administrator status, or begging IT helpdesks for a favour, or been subject to restrictions on file size and access.
Dropbox gets round all of that by providing a cloud based solution (free for the first 5GB) that enables anyone to upload files from their company's network to the Web and then share with anyone they choose. Which is a great idea. However, in terms of data security, it can be a seriously bad idea. For one thing, when we upload to Dropbox, we have no control over where the data resides and the question of who then owns data becomes blurry. Also, we are going against good corporate governance by allowing users to send data out of the company, and data leakage becomes an issue. And then, security of data held outside of our network control is a concern - we have recently heard of hacking attempts on Dropbox which may have resulted in data breaches - hacking attempts may result in your company data being exposed.
This is where Microsoft SharePoint can help. Companies with a requirement for Dropbox, but worried about security can look to SharePoint to provide the same functionality but with proper access controls, audit trail and enterprise security. For example, SharePoint Server 2010 can be used to set up an externally facing site which requires users to authenticate against the company's network (Active Directory Services or Forms-based Authentication) to upload a file within a standard Document Library disguised as a simple "dropbox" style set of folders. But we can configure this Document Library to use any of SharePoint's document management features, way beyond what is possible with Dropbox, in order to control versioning, block unwanted file types, insist on metadata, and so on. We can also automate alerts to notify users, set item level permissions, automate expiry of data and even index content within an enterprise search engine. Plus, of course, data remains at all times on servers owned by the business and protected within the company network. And we can add an additional layer of security by using a VPN solution like Microsoft Threat Management Gateway or a two-factor token solution, such as Swivel.
Yes, there is the slight disadvantage that this solution is not necessarily free like Dropbox, but with the additional security and control features, it is probably worth the relatively small cost to any company worried about data leakage. We may need to cover some SharePoint or Windows licensing costs depending on the exact audience for our solution, but by using the free Foundation version of SharePoint 2010, these can be kept to a minimum. And if hardware costs are a concern, we can look at the a hosted cloud solution, either with Microsoft's own Office365 offering, or via a third party cloud provider.
If you would like to explore the idea of using Microsoft SharePoint as your corporate Dropbox, please get in touch by saying hello@yorcloud.co.uk.