Greg Knieriemen

Reality check: Most enterprises aren’t adopting Dropbox… and for good reasons

Blog Post created by Greg Knieriemen Employee on Jan 11, 2018


Dropbox has had phenomenal success as a consumer file sync and share tool. What started as one man’s frustration with thumb drives has become a market leader in 10 years with over 500 million registered users and more than 1.2 billion files synched daily. With this success, Dropbox is well on its way to an expected IPO later this year.


A challenge for Dropbox is to cross the bridge from consumer users to business users. Accelerating revenue growth with business users is no small feat and Dropbox isn’t the first to try to slay that dragon.


There’s also a more functional question of whether businesses need another technology silo to manage and share files? When Apple tried to acquire Dropbox in 2009, Steve Jobs quipped that they were "a feature and not a product."


It’s true. Just look at how many established IT vendors and start-ups are in the sync and share business and how difficult it can be to differentiate one from another. As Dropbox and others have shown, the real difference comes in whether you target consumer or business users.


In 2018, the challenge is even greater for enterprises. As businesses rapidly adopt cloud services – public, private and hybrid – file sharing is indeed a feature of an overall enterprise data management strategy. What enterprises don’t want is another silo of data to manage. They want those tools functionality inherent in their systems whether it’s on premises or off premises.


Earlier this year, Dropbox CEO Drew Houston mentioned that employees have files stored in Dropbox as well as on their companies' physical servers commenting "this makes no sense" and he’s absolutely correct – it doesn’t make any sense. Then add in all of the copies in email, in content management systems, in cloud storage services, on websites, in user devices etc. and then with the replication, backup and archives of all those copies there can be tens of thousands of copies of the same file scattered all over the place.


Control of data.


Enterprises want complete control of data and they want it to easily integrate and complement their existing systems in a flexible consumption model. They don’t want or need another silo of data to manage but they do want privacy and security with broad application support.


At the risk of sounding like a commercial, Hitachi is no stranger to this space. In fact, the Hitachi Content Platform (HCP) is one of the few solutions to provide enterprise file sync-n-share capability in a highly flexible storage ecosystem. With over 1 million enterprise seat licenses sold in the last three years, HCP Anywhere is widely relied upon for enterprise file sharing whether enterprise data is on-premises or off-premises.




While Dropbox is quick to tout their security protocols, in the last few years data security seems to have become a challenge for Dropbox. Whether it’s 60 million account details shared online or the risk of system exposure from dropbox-tweet-1.pngenhancements to the client, as a publicly accessible and highly visible service, Dropbox has inherent risks. As Legal Technology identified, “Dropbox will remain a target and are always going to be attacked in this way as any ‘hackers’ have much to gain.”


For Dropbox, security and ease of use sometimes seem to be in direct conflict. While Dropbox does provide encryption for files at rest, it also acknowledges certain points of vulnerability. From the Dropbox web site:


  • Dropbox doesn't support the creation of your own private keys.
  • Dropbox doesn't provide for client-side encryption.


While any file sharing tool is susceptible to security risks, enterprises are looking for access, visibility and control to manage their potential exposure. Encryption key management is a critical enterprise requirement. As long as Dropbox controls the encryption key, they have access to the files stored on their services – and that’s a problem. From David Culley:


Besides, I do believe them that they’ve “implemented multiple levels of security”. I do believe them that they’re backing up my files to save me from data loss. I really do believe them that they’re encrypting my data using 256-bit Advanced Encryption Standard (AES) to protect me from hackers. But that’s useless if they have the private key to decrypt my data; when they are able to access my data when they’re legally required to. It’s not security I’m concerned about, it’s privacy! I don’t worry about Chinese or Russian hackers. I worry about Dropbox itself spying on me and collaborating with the NSA.




Central to any data management strategy is control of data: Who has access to what data and when?


One of the ways that Dropbox optimizes their use of storage is to dedupe the same files across all of its users. Rather than having thousands of the same file physically stored on their infrastructure, they store it once with unique access to each user. While many enterprises use the same technology to optimize their storage utilization, it may create privacy vulnerability for a public cloud provider like Dropbox. Noted security researcher (and Principal Technologist in the Speech, Privacy and Technology Project at the American Civil Liberties Union) Christopher Soghoian notes:


While the decision to deduplicate data has probably saved the company quite a bit of storage space and bandwidth, it has significant flaws which are particularly troubling given the statements made by the company on its security and privacy page.


For consumer users of Dropbox, these issues are probably not a concern unless you are trying to store and share copyrighted material. For business users, however, these issues are commonly considered as part of a broader security and privacy policy.


Flexibility and Portability


Another emerging issue for enterprises is how enterprise file sync-n-share data is managed. As private, public and hybrid cloud options evolve, flexibility and portability are now often a key part of the strategic planning for corporate data. Dropbox file sharing tools are merely a subset of the data a typical business will manage and, as mentioned earlier, it’s functionally an additional silo of data that needs to be managed separately. This means that data management has an additional level of complexity.


In contrast, the Hitachi Content Platform provides true centralized content management with the flexibility to move data from on premises to multiple cloud services including Amazon, Google, Microsoft, Hitachi Cloud Services or any S3-based service. This level of flexibility provides long term data management options that can evolve as business requirements and budgets change.


Control of data, management and costs


As access points, end-point devices and mobile applications continue to proliferate, data sprawl becomes an issue. In the new digital age, organizations are being held more accountable for data management practices; having to prove they manage, find, delete, share and process data in certain ways based on ever-changing regulatory landscape, the silo’d approach may not be an effective one. Beyond enabling simplification of legal, compliance and general data governance, there is also value in a more centralized data management approach and that is to be able to use the data yourself for analytics, insights and decision making. Again, try extrapolating insights on data usage or trends by comparing or combining data in Dropbox with other data sets residing in other silos across the organization.


Ultimately, this is about control of data (including security and privacy), the management of that data and the control of costs. It also goes back to the simple premise that Dropbox is a feature, not a solution. While Dropbox is truly a fantastic consumer tool, it may not be a practical or reasonable option for businesses.


For more reading…


Here are just a few stories from tech publications just in the last 18 months: