Online file-sharing apps such as Dropbox gained a foothold in large organizations because they were easy to use. At the same time, they often rankled corporate IT because of security concerns. Now these sync-and-share vendors are battling to find the right balance of enterprise security features and ease of use.
Box and Dropbox represent vendors that customers say reside on opposite sides of the security-usability spectrum. Dropbox began as a consumer product that had a running start in the market as employees signed on to use it for work, while IT administrators consider Box to have the most secure product because it was designed for the enterprise.
Dropbox responded to calls for more security with its Dropbox for Business, but some IT personnel remain more comfortable with Box.
Dropbox claims more than 200 million users, while Box said more than 40% of Fortune 500 companies and 34,000 organizations overall are customers.
"The world has been trained on Dropbox. They have 275 million users," said Terri McClure, senior analyst at Enterprise Strategy Group (ESG). "It's so simple my grandmother can use it. Everybody I talk to now is dealing with [the security vs. usability issue]. When we ask customers about their biggest challenges, security is first and training comes up second. That makes usability really important."
Eric Quinn, director of IT at Syracuse, NY-based engineering firm C&S Companies, said his company sanctioned Box as the company's online file-sharing application approximately a year ago because of its strong security features. So far, 50 of its 450 employees use it.
"We don't want people using Dropbox on personal accounts because it could get us in[to] legal issues," Quinn said. "We chose Box because of its built-in security features, but we realize we can't stop people from using something. We can't control everything they do. We realize people will email files to personal [accounts] in Dropbox, so we give them a good solution that can help them make a better choice."
Students at Smithfield, R.I.-based Bryant University receive IT-issued laptops and are encouraged to use smartphones and tablets in their classrooms to collaborate with each other and faculty. The university's IT team sanctions Box, but Rich Siedzik, Bryant's director of computer and telecommunication services, said many teachers and students use Dropbox instead.
"It's almost impossible to prevent that," Siedzik said. "We try to solve the problem with awareness. People use what is most convenient and fastest. We were behind the curve, so they started to use [Dropbox] and we have to make the case for Box and make it more institutionalized."
Personal file-sharing accounts fuel security concerns
Last year, an ESG survey found that 70% of managers know or believe users have business data stored in personal file-sharing accounts. Cloud vendor Ctera Networks' 2014 Enterprise Cloud Storage Report, a research study of 200 IT professionals conducted in early 2014 by independent panel research firm Research Now, found 25% of organizations have implemented private cloud file sync-and-share tools. Thirty-one percent of respondents indicated they experienced corporate data leakage in 2013 as a result of employees sharing files via often-unsanctioned online file services.
In addition, 71% were concerned or extremely concerned about data breaches. According to the Ctera survey, 55% of organizations with 30,000 employees or more expressly forbade the use of software as a service-based file-sharing products.
Dropbox and Box are far from the only options. There is a glut of online file-sharing apps available, and file-sharing capabilities are being built into cloud storage offerings. Vendors looking to gain IT sanction know they have to be security heavy.
Bojan Dusevic, Intermedia.net's director of product management, said the early wave of online file-sharing apps focused more on the user perspective but didn't make the connection that IT administrators needed to sanction such products.
"Dropbox is very easy to use," Dusevic said. "But there was a gap left in controls and securities, so there are thousands of IT administrators having nightmares [about] Dropbox use in their environments."
Dusevic said the first requirement for an online file-sharing product that balances usability and security is to create applications that build on existing human habits. SecuriSync is designed as a desktop client instead of a Web portal.
"The idea is not to introduce a fat application," Dusevic said. "You build on the existing habit. There are vendors in the space that install thick applications. They chose to install a new application and [employees] don't want a new Web portal that has to be learned like [Microsoft] SharePoint."