For companies that use cloud-based solutions, one popular option is Dropbox, a cloud storage system with more than 500,000 US clients that use its enterprise system, Dropbox Enterprise. This number increased by 50,000 since 2019 (an increase of 11.11%), indicating its growing popularity among businesses.
Dropbox appears to be a solution designed to avoid data loss, which is the unwanted or unplanned removal or tampering of data that often includes sensitive information. Data loss also includes data that has been lost or corrupted, rendering it inaccessible or unreadable by the intended user.
Enterprise data loss can happen for a multitude of reasons. One of the most common is a system failure, which includes hard disk drive (HDD) crashes on desktop and laptop computers. In just the US, 140,000 hard drives crash each week. Mechanical failure is to blame for 60% of these hard drive failures, and misuse leads to failure in the other 40%.
Natural disasters (for example, floods and fires) can destroy or permanently damage computers and backup storage systems such as hard drives. This loss can be detrimental for businesses: 50% of companies that lost data due to a natural disaster immediately filed for bankruptcy.
Data breaches also cause data loss. Egress’ Insider Data Breach Survey 2021 found that 94% of organizations experienced insider data breaches in the previous year. The Ponemon Institute’s Cost of a Data Breach Report states the average cost of worldwide data breaches in 2020 was $3.86 million.
In many of these cases, data loss could have been avoided if businesses utilized a cloud storage system that offers automatic data backup. This shift could have a wide-ranging impact on organizations: one study reports that 55% of companies still use on-premises (physical) servers.
But Dropbox is not a failsafe approach to data storage. In a study involving IT leaders, 84% of respondents reported human error as the leading cause of serious data breach and data loss incidents. Employees who failed to follow established security procedures were responsible for attacks in 74% of organizations.
Even with a system such as Dropbox in place, data loss and data breaches can still occur. It is therefore vital that organizations consider another level of security for their data backup.
This article highlights the current trends among business backup storage solutions as well as the security risks of Dropbox and how they can be mitigated with other solutions.
The Current State of Enterprise Backup Storage Solutions
According to 56% of IT professionals, the increased amount of remote work due to the global pandemic has led to an increase in data breaches. This is due in part to more human error by remote workers when sharing files and accessing shared servers.
As a result, many companies turned to cloud-based storage solutions for off-premises collaboration. By 2021, nearly 50% of all corporate data was stored on the cloud. Even entities such as Google, Facebook, Twitter, and LinkedIn moved their processes to cloud computing servers.
Companies in certain industries, however, still rely on on-premises solutions that are more customized to their needs. For example, up to 25% of companies in electronics and hardware do not use the cloud, and 16% of government entities remain cloud-averse. Up to 17% of finance organizations rely primarily upon on-premises servers. In many cases, the hesitation to move to a cloud-based system stems from logistics related to migration.
Solutions such as Dropbox may help avoid data loss from physical servers, but they also come with their own security challenges. For example, Dropbox is not immune to situations that cause data loss, such as human error and cyber-attacks.
File Security Limitations of Dropbox
Dropbox has a history of data attacks. In 2012, an undisclosed number of emails and passwords were stolen from Dropbox’s servers. In 2016, Dropbox admitted that this attack had involved the login credentials of 68.6 million users.
The gap between the Dropbox hack and its announcement about the severity of the attack raised eyebrows for many users. How do they know if sensitive data stored on Dropbox is safe? And how can businesses using Dropbox ensure data security for their customers and clients?
Dropbox does offer some security features such as the following:
256-bit Advanced Encryption Standard (AES) encryption. AES encryption employs blocks of cryptographic code in lengths of 128, 192, or 256 bits. With 256 bits, there are 2256 possible combinations to hack the key, making it virtually impenetrable.
Secure Sockets Layer/Transport Layer Security (SSL/TSL). Dropbox encrypts data in transit, which is further protected by 128-bit or higher AES encryption. Files at rest are encrypted using 256-bit AES.
Despite these security measures, there are still possibilities for data stored on Dropbox to fall into the wrong hands or become lost.
Dropbox enables users to store files in public folders, which could easily be accessed by anyone. These files could also easily be uploaded to the wrong location, allowing access to unauthorized (or potentially nefarious) individuals.
Dropbox users are also still at risk of being victims of cyberattacks such as phishing. In a phishing attack, users are tricked into giving up their personal credentials and access to Dropbox accounts.
Dropbox does not offer the enterprise-grade, purpose-built security controls that many organizations need, such as the blocking of actions like copying, printing, or saving.
Dropbox does not offer redaction tools, which means that IT cannot control the levels of privacy within documents.
What to Look for in a New Data Backup Solution
With so many issues regarding security and use, it’s in your best interest to invest in an enterprise-level data backup solution. Some of the most important factors to consider are cost, security, ease of use, and regulatory compliance.
Many factors influence a data backup solution’s costs. Before researching the costs of different systems, take into consideration the following:
The amount of data that will be stored.
The number of users that need access to the solution.
Additional security measures (such as two-factor authentication).
Customer service, training, and support costs.
Data migration costs.
When evaluating data backup solutions, consider the following security features:
Encryption. With encryption, data has an extra layer of protection in the form of uncrackable codes. Encryption ensures that even if your data falls into the wrong hands, it cannot be read.
Multi-factor authentication. Multi-factor authentication is an added layer of protection that requires users to not only enter one form of authentication, such as a password, but also pass through another layer, such as fingerprint identification on a smartphone.
Custom controls for IT. When IT can control certain aspects of a data backup solution—such as file and folder-level security and access—they can better tailor the system to your organization’s specific needs. (For example, your organization’s compliance requirements.)
Ease of Use
The right solution balances security with ease of use. If backup processes are overly complex or require multiple steps to initiate the backup process, people will be less inclined to back up data regularly. Look for tools that enable automatic backups and are easily accessible to employees whether they are on-premises or offsite.
Carelessness is responsible for 60% of insider security incidents, and this behavior often stems from not understanding the importance or full scope of your data backup strategy. Since human error is one of the main causes of data breaches, employees must be adequately trained on internal file and folder management.
Data security and storage-related requirements vary by industry: finance, healthcare, and insurance, for example, are subject to strict data standards since they deal with particularly sensitive information. These requirements may influence your choice when evaluating a data backup tool.
Some examples of regulatory standards are as follows:
Payment Card Industry Data Security Standard (PCI DSS). Any entity that deals with cardholder data must comply with PCI DSS requirements, which include practices such as managing access control, encrypting cardholder data transmissions, and monitoring access to data and network resources.
The Health Insurance Portability and Accountability Act (HIPAA). Healthcare-related entities must comply with HIPAA rules—including taking preventative action to identify and protect against real and anticipated security threats that could compromise electronic protected health information (ePHI).
The System and Organization Controls 2 (SOC 2). The American Institute of CPAs’ Service Organization Control reporting platform provides the framework for protecting customer data. SOC 2 gives organizations five trust services criteria that they can use as a framework for developing internal controls related to items such as data privacy, processing integrity, and system security.
Alternative Data Backup Solutions to Dropbox
There are many choices when it comes to backup storage solutions. If Dropbox does not offer the enterprise-level data backup solution that your business needs, consider other solutions.
Alternatives to Dropbox for business data include:
Google Drive. Perhaps the most well-known option, Google Drive is free for all Gmail users but can be upgraded to enterprise accounts with pooled data sharing. Google Drive and all the apps in Google Workspace automatically sync with your desktop and smartphone.
Microsoft 365. Microsoft 365 is a cloud-based suite of Microsoft applications and services, including Microsoft Teams, Word, OneDrive, and more. It automatically syncs your folders and files to the cloud, ensuring they are available across a range of devices.
Secure Data with WinZip Enterprise’s Powerful Backup Routines
WinZip® Enterprise enhances the security and efficiency of the solutions such as Google Drive, Office 365, and SharePoint. While these solutions sync data, they often rely on third-party tools to back up your data and store it on a secondary storage platform.
Thanks to its native integration with leading cloud storage services, WinZip Enterprise gives you the ability to back up to any connected cloud account. Among its many enterprise tools is WinZip Secure Backup, which provides automated endpoint backup for additional data security. Additional features of WinZip Secure Backup include the following:
Deduplication (the removal of redundant data).
Compression (the reduction in file size).
Encryption (the encoding of information to make it impossible for third parties to decipher).
WinZip Enterprise protects data in transit and at rest with advanced encryption methods, including 256-bit AES encryption. This enables your IT department to implement and uphold data security standards across the workforce, including multi-cloud network environments.