Three Ways to Block Dropbox in the Workplace
BYOD has empowered employees to get work done on their own time and in the manner they enjoy, but it also poses serious security risks for companies when employees use insecure consumer-grade file sync solutions to store and share sensitive corporate data.
December 9, 2014
The BYOD (bring your own device) trend has been on the rise everywhere recently, with employees eagerly bringing devices such as iPads and smartphones into their workplaces. While BYOD has empowered employees to get work done on their own time and in the manner they enjoy, it also poses serious security risks for companies when employees use insecure consumer-grade file sync solutions, such as Dropbox, to store and share sensitive corporate data.
Given the security risks associated with the free version of Dropbox–such as its inability to protect shared links with passwords, expiration dates or download limits–business owners should understand the different ways they can block employees from using Dropbox in the workplace. Three of these network security methods are manual firewall configuration, next-generation firewalls and DNS configuration.
1. Manual Firewall Configuration
Companies can manually configure their hardware- or software-based firewalls to prevent access to Dropbox from machines connected to the corporate network.
Dropbox uses ports 80 (HTTP) and 443 (HTTPS) to transmit data between its servers and users’ computers, but blocking these ports is not a desirable option because browsers use these same ports to access the Web. As a result, IT administrators who want to manually configure their corporate firewalls to block Dropbox should block all of Dropbox’s IP addresses. These addresses can be found here.
There are, however, two important limitations to this approach. First, manual firewall configuration does not impact personal mobile devices employees carry into the office that are not connected to the corporate network. These include their mobile phones, which can still access Dropbox over a cellular network. Additionally, IP address blocks can be circumvented through proxy servers.
2. Next-Generation Firewalls
Rather than resorting to manually blocking IP addresses and websites using a traditional firewall, companies can use a “next-generation firewall” (NGFW) to precisely monitor and block Internet traffic.
Normal firewalls rely on administrator-specified rules to block specific IP addresses and domains. NGFWs, however, can inspect individual packets of data to identify where they are coming from or going to. Next-generation firewalls can also be used to determine who is using specific applications (for example, Dropbox) and provide IT administrators with granular control of applications and users to block such usage. Additionally, IT administrators can use content filtering enforcement agents to block Dropbox on company notebooks, even when employees take these devices home.
Next-generation firewalls are certainly effective on the PCs they control. That said, they can be expensive and complex to configure. Still, using hardware network security appliances with NGFWs is much more effective than manually configuring traditional firewalls.
3. DNS Configuration
There is a third option for system administrators who want additional protection on top of what a traditional firewall offers: utilizing a cloud-based network security solution such as OpenDNS to enforce website and application content security.
OpenDNS and other tools work as an intelligent “layer” on top of the traditional DNS system, analyzing the traffic flowing through the network and giving administrators the ability to monitor and filter traffic as needed. Customizable DNS services can be configured to block all traffic involving Dropbox’s website or desktop application, and they can work in concert with firewalls to provide a complete network security solution.
Unfortunately, using OpenDNS or similar services to block a popular application such as Dropbox may not go over well with some employees. Savvy users may simply adopt other insecure consumer-grade file syncing products, such as Microsoft OneDrive, or may transfer important files to a personal USB drive–which could amplify the very security risks business owners want to avoid.
Conclusion
It is important to take a step back and understand why business owners should go through the trouble of blocking Dropbox in the workplace: The opportunities for sensitive corporate data to leak abound and pose serious risks to companies’ livelihoods. It is therefore imperative for small- and medium-size companies interested in giving their employees the flexibility of file sharing and syncing to adopt a secure, business-class solution.
Business-class file sync solutions such as eFolder Anchor are as easy to use as Dropbox, but are substantially more secure. Anchor includes robust file syncing and sharing options, and is supplemented by features that business owners and IT administrations can use to keep track of their data. To learn more about how to deploy Anchor to your clients, visit efolder.net.
Neeraj Periwal is Marketing Coordinator, eFolder. Guest blogs such as this one are published monthly and are part of MSPmentor’s Cloud-based File Syncing and Sharing Infocenter.
About the Author
You May Also Like