Companies: Just Say No to Consumer-Level File Sharing

dropbox file sharing illustration

Dropbox is a big consumer-based file sharing service, famous among users for its simplicity — and infamous among IT professionals for being unmanageable. Consumers typically love Dropbox for its ease of use, ubiquitous presence and a free basic plan, and freely download it to their personal devices.

At the same time, many organizations are pushing for Bring Your Own Device (BYOB). Many employees are doing it anyway, and turning it into a policy saves companies a lot of money in equipment and upgrade costs. However, many of those personal devices are loaded with Dropbox and users have every intention of using a free service that works for them. But the fact is that Dropbox and similar services do not comply with company governance and compliance regulations. They are also not transparent to IT, which has no idea where mobile data is stored in the Dropbox universe or any way to control it.

So what seems like a minor decision on the part of an individual user – keeping Dropbox to share personal and work files — becomes a widespread risk when the number of corporate users grows. Suddenly corporate data is being shared to non-company repositories, people and clouds. Data is ungovernable and uncontrollable. Consequences of non-compliance and data loss can be severe.

This does not mean to say that Dropbox is a shoddy service; it’s not. File sharing applications of any size must invest in reasonable performance and data availability. This is as true for Dropbox as for IBM. (There have been security intrusions but Dropbox is hardly alone in suffering that.) The issue is that Dropbox is fine for most consumer usages, but when those same consumers use Dropbox to share work files, then there is a problem.

Even if a company adopts the “if you can’t beat ‘em, join ‘em” plan and buys Dropbox file sharing services for its employees, the costs from Pro or Dropbox Business scale up sharply with data growth.

However, IT cannot simply insist that corporate users stop using Dropbox. Many users are running it on their personal devices and have no interest in replacing it. Simplicity is the key to adoption here: enterprise file sync and share (ESS) products are full-featured with layers of policies, administration, encryption, and audits. If the interface is simplified for the user then well and good; otherwise employees simply will not use a complicated enterprise product – especially on their own devices.

Meanwhile, beware claims of enterprise scale among file sharing vendors. True ESS products are also true enterprise scale. Even when a file sharing vendor lists the enterprise among its customers, they are far more likely to mean that they sold their product to a small workgroup in a larger company. Workgroup and departmental sales can be perfectly profitable for file sharing services; but true enterprise scale they are not.

The best ESS products serve both end users and IT: they offer simplified interfaces for end users, and centralized management consoles, secure access controls and governance services to IT. They must also be highly scalable, capable of protecting tens of thousands of files, hundreds to thousands of users, and multiple devices per user. Ideally they should also support mobile access.

In Part 2 we’ll discuss best practices for enterprise file sharing products.