Dropbox for Biz Raises Its Privacy and Security Play

When we think of companies that set the bar for security and privacy, Dropbox may not be the first that comes to mind. But it may be one of the leaders in the industry, at least if today’s announcement is an indication.

This morning the file sharing and collaboration service is announcing a major milestone in that area, according to Patrick Heim, head of trust and security at Dropbox. What is it? Certification for ISO 27018 — a new standard for privacy first published last August.

“We saw an opportunity to lead in this space and demonstrate our commitment to user trust,” Heim told us during a pre-announcement interview. He added that Dropbox is among the first companies to achieve this certification.

And when Heim used the word “lead” he wasn’t talking specifically about the file sharing or EFSS space, but industry leadership in cloud. Consider that Microsoft (Azure and Office 365) was the first to become certified in ISO 27018. And that was only a few months ago.

What It Means

For Dropbox for Business users, the certification brings with it the following commitments from Dropbox:

Your organization is in control of your data. We only use the personal information you give us to provide you the services you signed up for. You can add, modify or delete data from Dropbox when you need to.

We'll be transparent about your data. We'll be transparent about where your data resides on our servers. We'll also let you know who our trusted partners are. We'll tell you what happens when you close an account or delete a file. Lastly, we'll tell you if any of these things change.

Your data is safe and secure. ISO 27018 is designed as an enhancement to ISO 27001, one of the most accepted information security standards in the world. The requirements for security and privacy, such as those around encryption and strict employee access controls, go hand-in-hand.

You can verify our practices. As part of our adherence to ISO 27018 and ISO 27001, we will undergo annual audits by an independent third party to maintain these certifications. You can view our ISO 27018 certificate here.

And while Dropbox for Business competitors will no doubt point out that they’re light years ahead of the world’s leading consumer file-sharing vendor, Heim has an answer for them. He and his team are continuing to invest in security features such as remote wipe, expiration links, view-only permission and unified sharing settings that give individuals and companies more control and visibility…but they’re providing to business customers a management console that enables a company's IT and security teams to control usage and keep an eye on their data.

Not only that, but Hein also reminded us that the Dropbox for Business API launched in December, enabling customers to develop their own integrations into Dropbox and the opportunity to "plug in" partner products for encryption, e-discovery, monitoring, archiving, authentication, etc.

“Through our API and partners, customers can select the right combination of security capabilities that meet their specific needs while maintaining the Dropbox experience that their employees love,” he said.

Expanding Enterprise Adoption

The big test, of course, is what companies think, what they buy and how widely they’re willing to implement it. Dropbox for Business boasts 100,000 corporate customers to date and that list is growing, according to Heim. In just the last week Yahoo, FMC, and California State University – Fullerton subscribed to the service. Earlier this month The Absolut Company, Hard Rock International and MKTG signed on.

Given that Dropbox has 300 million consumer level users who store and share their personal files via the service, it’s probably safe to that many of them would like to use the same service work. At least that’s what Heim is betting on. “We are the global de-facto file collaboration solution,” he said, adding, “Business today is all about collaboration."

The one thing Heim didn’t spend much time talking about is himself, but it’s worth noting that he came to Dropbox from Salesforce.com, where he was the Chief Trust Officer. He must have done something right working for its CEO, Mark Benioff, since we rarely hear anyone question the enterprise-worthiness of the Salesforce Cloud.

If he can do the same for Dropbox for Business then sky may be the limit since the earth, at least for now, from a consumer perspective has already been won.

Creative Commons Creative Commons Attribution 2.0 Generic License  Title image by Chilanga Cement.