What is Dropbox? If you ve been living under a rock
What is Dropbox? Your life s work, wherever you are
The Good
The Good A System Administration marvel 300 million files saved per day as of 5/23/2011 That s 1 million files every 5 minutes! Must handle backup/versioning for all these files Smart idea: a lot of the computationally expensive work is done locally (hashing, comparing, indexing) A local DB caches what it knows about server to save time Using hashes, only save each file once with millions of users each with a Lady Gaga mp3, this obviously helps GZIP compression LAN Sync
The Good A useful tool for a sysadmin s personal use Store your documentation, access anywhere Automatic versioning Collaboration with other system admins
The Good Can outsource backup and synchronization with it As a System Admin, telling your users to use Dropbox for their work files; no need to make your own backup or sync solution then Works for small organizations without strict policies. A high school comes to mind, where a teacher can store their lesson plans and even personal data in their Dropbox the school s IT department doesn t need to worry about this challenging issue of backup/sync.
The Good Symbolic links can give Dropbox super powers Want to sync something, but can t move it to your Dropbox because a program depends on it staying where it is? Just make a symlink! Game saves Application settings Windows supports it (mklink), and obviously so does Unix-based systems including OSX (ln). Similarly, sync programs like SyncToy (Windows) or Conduit (Gnome) help similar use cases
The Good/Cool Random cool things you can do Dropbox as a CDN for a Wordpress site, similar performance to S3 and Google CDN http://www.labnol.org/software/dropbox-cdn-forwordpress/18266/ Save automatic home video captures to your Dropbox to monitor from anywhere; no need to setup video server Have torrent client monitor a folder inside your Dropbox for new.torrent files, to automatically start torrent downloads at home from work/school http://lifehacker.com/5175362/start-bittorrent-downloads-athome-from-any-computer-with-dropbox Set Windows 7 desktop to be a slideshow of a shared Dropbox folder; your friends can add photos and you ll automatically start seeing them
The Good/Cool More random cool things you can do Store your itunes Library in your Dropbox works seamlessly, and can stream the music (albeit without playlists) from anywhere via website or mobile apps MailDrop monitors IMAP e-mail folder for attachments, automatically puts them in Dropbox http://www.getmaildrop.com Synchronize your passwords by putting a portable password manager like KeePass in your Dropbox
The Bad
The Bad User s personal files going through your network Even with all the tricks Dropbox uses to minimize network traffic, if a user has their itunes Library synced, there is going to be some serious bandwidth usage. Who knows what kind of files they have synced, which are now traveling into your network viruses, illegal music, etc.
The Bad Doesn t scale for organizational use clearly meant for individual use and very specific sharing use cases No Role-Based Access Control to files No sense of hierarchy to sharing No central administration no way to know how much data is improperly shared
The Bad Users demand synchronization At the very least, they expect their work e-mail on their smart phones we already heard a story in class about how badly this can expose a company With the many devices everyone has, they will find some way of sharing files, whether you want them to or not
The Ugly
The Ugly Compliance What if a doctor transmits a patient s health care record? What if a broker transmits a stock recommendation? These are against federal law and regulations, not to mention data leak issues.
The Ugly Company leaks Save a confidential document in your Dropbox at work. Gets synchronized to your iphone while at a Wi-Fi hotspot. SSL to the rescue you hope. Data leakage internally, or externally, can lead to: loss of competitive advantage, regulatory violations, and fraud.
The Ugly Security concerns Not encrypted correctly To enable disk space savings, Dropbox hashes your unencrypted data and stores it in a way so that their servers can access the unencrypted data. https://www.dropbox.com/help/27 https://www.dropbox.com/help/28 This is a huge personal privacy concern, as well as an issue for corporations with confidential data. Not to mention, the 4 hours when anyone could access anyone s Dropbox files. http://www.wired.com/threatlevel/2011/06 /dropbox/
Solutions?
In Many Cases, Blocked Many System Administrators respond very simply, by blocking access to Dropbox altogether. At two Fortune 100 companies I worked at, employees were physically unable to install their own software due to security constraints. In one case, even the Dropbox.com website was blocked. As a System Admin, we can block the sites and the programs, but that s not a real solution.
Try to create your own solution: DIY Secure workspaces to storing, syncing, sharing files. Require 24/7 protection, password authentication, encryption, role-based access control Central administrative oversight: monitoring, revocation, auditing, reporting Integrate with existing authentication (SSO, LDAP, etc.) Add in versioning, redundancy, and ubiquity (mobile/web/crossplatform) Still want to block Dropbox/etc. to force usage of DIY solution This is a HUGE engineering undertaking only large enterprises with tons of resources can pull this off. You d still be hard-pressed to design a system where human stupidity cannot compromise your data
Recommendation: Middle Ground A personal-focused off-the-shelf solution (Dropbox) lacks controls a mediumsized company needs. A DIY solution is beyond the scope of what most IT departments can handle. Middle ground: Off-the-shelf enterprise-focused solution. An example: Virtual, hosted desktops (e.g. VMWare View). Your company-wide SSO can log you into your desktop session on any company-owned computer, globally. Has all your files/email/etc. Allow login from home via secure VPN, but only to access the virtual desktop never to use your own personal system to access a company network. This accomplishes synchronization/ubiquity, and the hosted systems can be made redundant and highly available with usual techniques. The virtual sessions can be easily monitored and audited. Does not address: data sharing, versioning.
VMWare View Video If have time: http://www.vmware.com/products/view/overview.html
The End