Best practice to block Dropbox usage

  • We have users sync their data at company with their home computer. What's the best way to block it?

    • Block *.dropbox.com
    • Find out all dropbox IPs and block IPs.
    • For windows users, deploy GPO to prevent dropbox installation.

    This doesn't really really sound like a solution to your problem of data leakage, because Dropbox is not the only way to transfer files. Once they can't use that, they'll email themselves, or FTP, etc. You need to make sure your users start following policy and enforce it.

    @user15580. Some of your questions have great answers. If you find an answer that is useful to you, please consider accepting it. Have a look at How does accepting an answer work?

    Having a dropbox client folder that syncs could be problematic. Think about it. Now someone's home computer gets pwned and they have a straight shot to a computer on your network.

  • rook

    rook Correct answer

    9 years ago

    Using Dropbox is not inherently a greater security risk than other methods of data transfer. I work at a security consulting firm and we often use Dropbox to move encrypted archives to our clients. We also use SFTP, but this seems to be problematic for some of our clients.

    A better policy is that all company data must be encrypted at rest. This policy should include company laptops, servers, cloud services and anywhere else you maybe storing company data. Make sure you educate your employees about storing and transferring data in a secure manner. Blocking Dropbox may have adverse effects, such as forcing employees to use less secure methods of transferring data. I have found that employees will find creative ways of doing their job, and its not always secure.

    Well said. The risk is not placing the information on Dropbox, the risk is unnecessarily storing potentially sensitive data in an unsecured fashion.

    Encrypting data at rest is good, but not a solution for data leakage by employees abusing the system and does not at all protect data that employees might send up to Dropbox. I'd suggest more emphasis on the employee education portion of your answer, plus stronger administrative enforcement of company policies regarding data leakage.

    @Iszi I'll just overwrite my lady gaga cd-rw with government secrets while limp singing to "bad romance". Or put another way, even the US government can't stop this.

    @Rook As I recall, it was a CD-RW labeled "Brittney Spears". Again, just an example of how full disk encryption is ineffective against careless users.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used