When IT directors worry about employees using unapproved services for work, Dropbox is often near the top of the list. Today, the company took a few serious steps toward changing that.
Dropbox is the most popular online file-sharing service for consumers, with more than 100 million users. A lot of these users bring it to work: Dropbox says the product is used in 95 percent of the Fortune 500 and by 2 million businesses total.
A little more than a year ago, the company created Dropbox for Teams with unlimited storage to try and capture more formal business use. But the product has been sorely lacking when it comes to IT control -- administrators on a Dropbox for Teams account have been able add and remove members, but that was about it.
Dropbox heard loud and clear from enterprises that they had to do more. Thomas "Tido" Carreiro, growth engineering lead for the company, told CITEworld that the company talked to current and prospective customers and came up with two big gaps they needed to fill: more visibility into what users are doing with Dropbox, and more control over specific sharing features.
Today, Dropbox began addressing those needs. Admins on Dropbox for Teams can now do the following:
- View detailed activity of individual users or groups, including the IP addresses and device types from which they've accessed the account, third-party apps that they've linked to the service, and when they've invited additional members to share files in the account. Admins can then block devices and apps by user -- for instance, an admin could disable a particular phone if the user lost it -- or block activity from unrecognized or suspicious IP addresses.
- Control some sharing permissions by individual or team -- for instance, admins can set whether members of a group may share folders and links outside that group, or join shared folders outside that group.
- Require all users to turn on two-step verification, and block any users who don't have it enabled (previously, users could turn it off).
- Look at billing details and manage licenses.
This is still a fairly incomplete list, especially compared with more enterprise-focused tools like Box. The sharing controls are very broad -- there's no way to set user-level permissions by file or folder, for instance. There's no way to "whitelist" approved IP addresses for an entire group, no way to set up subgroups, and limited integration with directory tools like Active Directory. There's also no way to block personal Dropbox accounts while still allowing users to access a Teams account -- it's all or nothing.
The service also remains resolutely cloud-based -- there are no plans for an on-premises version right now -- and stores data (encrypted) in Amazon S3 rather than its own data centers.
But Carriero insisted that today's improvements are just a first step, and said that the company is looking at adding more features for admins at a fairly rapid pace.
"It's not the final step forward, but it's hopefully a pretty big first step into wearing away at these IT admins." The goal is for admins to realize that "we can audit what's going on and feel good about it, and our end-users can feel good about it because they're able to do what they're asking to do."
But make no mistake, Dropbox remains focused on the end user.
"This product was designed for end users ... and that's why they're clamoring for it at work. It's also really simple to deploy, it's not a big process if you decide you want to start using it. Everyone solves it themselves, they put it on the devices they need, and there are no firewalls or questions whether it will work on this device or that device."
He was particularly encouraged by a story of a company that blocked Dropbox, only to find that users started running to the local Starbucks to upload and download files. Dropbox had become so essential to their workflow, they literally couldn't live without it.
"We hear a lot of stuff like that, that's absolutely what this launch is about. It's a pretty big step forward in addressing a large percentage of these concerns."
Dropbox will probably never be locked down enough for certain uses, like governments sharing classified data or health care organizations storing medical records. But for the 95% of companies who are already using it informally, adding these kinds of admin controls could take it a long way toward acceptance -- and close off some growth for more enterprise-focused competitors like Box, Egnyte, and Huddle.