Eight Security Risks of Dropbox, OneDrive and Google Drive

“What makes it unsafe for my organization? And how can we avoid the use of these consumer applications?” In this blog series we’ll tell you all about it.”

Why do employees use Dropbox?

Consumer-grade file sync solutions (referred to as CGFS solutions) pose many challenges to businesses that care about control and visibility over company data. The best-known solution that falls into this category is Dropbox Personal, but the same applies to the regular, and free, versions of OneDrive and Google Drive.

1. Data Theft

Many of the issues with CGFS solutions emanate from a lack of oversight. The IT administration and business owners are not aware of product installations and cannot control the devices that are able to sync with corporate shares. With information being replicated on countless personal devices, the administration loses control over the information and the risk of data theft or abuse drastically increases.

2. Data Loss

As the design of sync solutions is such that changes to files and folders are directly synced to all connected devices, any file deletions or incorrect changes will automatically be carried through on all synced devices. If no history retention or deleted-file protection is in place, the previous versions will also be lost in the cloud. Also, the system can easily be abused by an end-user to permanently delete files.

3. Corrupted Data

A study by CERN shows that silent data corruption is introduced in about 1 out of every 1500 files. Most users or organizations trust solutions to keep the most recent and correct versions of any file, without realizing that there are little solutions that implement any protection against data corruption. Even if back-ups are realized, most CGFS organizations do not expose an easily accessible channel to request a copy of backed-up data.

4. Sharing Critical Information

Personal sharing solutions do not give central oversight over what information is shared, and with whom. As soon as information is shared, no limits can generally be placed over the period of accessibility or the number of downloads. This lack of control can lead to losing or sharing business-critical documents, increasing the risks of breaching privacy agreements and conflicts.

5. Compliance Violations

As CGFS solutions have little to no file retention and file access controls, compliance violations are a serious possibility. Compliance policies often require files to be held for a specific duration and to be only accessible to a number of people, in which case strict access controls and oversight are imperative.

6. Loss of Accountability

The lack of reports, alerts and logs of user activities can lead to a direct loss of accountability. Both individual document changes as changes to user accounts, organizations, passwords and policies cannot consequently be tracked, leading to a risk of unmonitored and unauthorized changes to files and configurations.

7. Loss of File Versions

As CGFS solutions do not maintain all file versions nor keep a history of changes with the respective persons, devices and dates, changes to files can lead to a direct loss of information. Incorrect changes or local data corruption can lead to file versions being permanently lost, without being able to track the cause and source of the loss.

8. Government Access

A final risk to deserve mention is not limited to consumer applications, but applies to many business-grade solutions as well. The US have launched a number of initiatives such as the Patriot Act and PRISM designed to access information managed by US companies such as Microsoft, Google, and Dropbox. Many users inside and outside of the US do not appreciate these programs and start to look for solutions proposed out of more privacy-friendly countries.

Business applications propose solutions to many of these known issues, without sacrificing the features that make the consumer file sync services so easy and practical to use. As a consequence of these risks many companies have formal policies against or discourage employees from using their personal applications, accounts or devices.

So what are the most effective ways of preventing the use of personal file sync solutions? And how can the above risks be minimized?
Continue reading here.

You can find our terms and conditions, prices, and features compared to both Dropbox Personal and Business here. Do you have any remaining questions for us? Just give us a call or send us a message – we will answer to any requests you might have. Are you curious for the possibilities for your business? Start a free trial or get started with a personal online demonstration. Anything’s possible – just ask!

  1. We use Onedrive and Office 365. We travel a lot and often work off-line for extended periods of time, changing and deleting files and especially editing photos while not connected to the internet. My concern is that once we are back online and Onedrive starts syncing, it undo the changes we have made while off-line/ and or create duplicate files . Can this be? If so, syncing can create untold damage and conflicts on especially our very large photo files.
    Your response and advice will be much appreciated.

    1. The Onedrive app should be able to detect which files were modified and which have been deleted once your device is online. This is how it works with vBoxxCloud, if there is a file conflict vBoxxCloud also gives you options to securely solve this. You can keep the original file intact and the changes you have made while on the road are also saved. Safe travels!

  2. It’s a good question, especially while many people moved to remote work during the pandemic and started using cloud storage more often. As I know, even Snowden told a few years ago that Dropbox is not a very secure one. Due to the fact that they pass all the user’s info on govs request. In such a case, I don’t really understand why it should be trusted.

Leave a Reply

Your email address will not be published. Required fields are marked *