Back in November, Dropbox released an early adopter version of its Groups feature for customers using Dropbox for Business.
The goal was to allow IT admins to manage access to content stored inside Dropbox for Business in the same way that they would expect to manage access inside their corporate networks.
Since the early adopter release was made available it has had over 12,000 downloads allowing Dropbox to fix any issues before final release.
The finished version of Groups is now available for public download (opens in new tab) from the Dropbox website and looks like a mix of SharePoint and Directory Service management. Users can be assigned to groups in the same way that they are assigned groups in Active Directory.
They can then be given rights in that group to control what they can do. Once given the Admin role, however, they can now only fully manage the group that they are in but create other groups.
It will be interesting to see how this pans out for companies using Dropbox. By allowing group admins to not only control their own groups but then open and control other groups has both positive and negative issues.
On the positive side, it gives them some autonomy over what they can do without having to keep referring to IT. With the increase in collaboration this makes it possible to bring people together around a single issue and easily exchange data.
On the downside, the explosion in groups can become a real problem to manage. This is something that all IT administrators experience when they first deploy collaboration. Users often create groups and then forget about them, leaving data spread out and unmanaged.
This is a security as well as a management issue and how Dropbox responds in terms of better graphical tools to track the sharing of content and the frequency of group use will be an indicator of how seriously they take this issue.
Alongside the announcement of Groups, Dropbox has released an API for Groups which will allow companies to integrate Dropbox for Business with their existing IT systems. In the blog post which announced the availability, Dropbox noted that CloudLock, Netskope, Bitium, Elastica, OneLogin ,Okta, Ping Identity, Centrify, Skyhigh, and Windows Azure have all begun building integrations between their management and DLP solutions.
Dropbox is also targeting integration between Active Directory and LDAP with API for Groups. This is more significant than many organisations may realise.
Shadow IT where users duplicate their login and password data on external systems is a major source of stolen credentials. These credentials are then traded by hackers and often used in targeted hacking attacks.
There are several benefits here:
- Users can take advantage of a single sign-on process across their corporate IT and Dropbox for Business groups.
- Employees who leave a company will have no access to corporate data held on Dropbox for Business.
- IT can extend its data management controls from existing systems into Dropbox for Business.
Benefits always come with a downside. In this case there will be additional pressure on Dropbox to ensure that they way it holds user credentials is the most secure in the industry.
This is because any breach of Dropbox credentials has the potential to allow attackers an easy route into corporate IT environments and the announcement of this solution will inevitably attract attackers looking for just this opportunity.
Despite the potential risks here, Dropbox has made a smart move by releasing not just Groups but also the API for Groups. This makes them much more business ready and should enable them to start competing with companies such as Box in the enterprise space.