Category Archives: DropBox

Appointment, Box, Cloud Storage, DropBox, News & Analysis

Dropbox sets the enterprise in its sights with new hires

Dropbox is boosting its investment in personnel to add enterprise users

Dropbox is boosting its investment in personnel to add enterprise users

Cloud storage provider Dropbox is doubling down on the enterprise, hiring experts in traditional small and medium size IT channel and direct sales and product design to help gain traction with businesses.

Just over a week ago the company hired Thomas Hansen, who most recently served as worldwide vice president of small and medium business at Microsoft where he led SME sales globally, to the newly created role of global vice president of sales & channel.

“We’re scaling at an extraordinary pace, and Thomas’ insights will help us accelerate Dropbox adoption even further,” said Dennis Woodside, Dropbox’s chief operating officer. “We have a huge opportunity ahead of us, and we’re building an incredible team to go after it.”

And just this week the company also hired Todd Jackson, Dropbox’s first vice president of product. Jackson hails from Twitter, where he most recently served as director of product management and led the company’s content and discovery teams. He has also held fairly senior product design positions at both Facebook and Google.

Jackson is replacing Ilya Fushman, Dropbox’s former head of product who left for Index Ventures two months ago.

With the new hires Dropbox is looking to bolster its position in the enterprise, the quickest way to gaining seats, against rivals like Box, which heavily targets niche verticals and large traditional organisations as well as startups and smaller firms. Dropbox claims to have over 100,000 business using its platform while Box maintain it has closer to 44,000 organisations as customers.

27001, DropBox, Information security, ISO 27018, News & Analysis

Dropbox the latest to adopt public cloud privacy standard

Dropbox is the latest to adopt one of the first public cloud-focused data privacy standards

Dropbox is the latest to adopt one of the first public cloud-focused data privacy standards

Cloud storage provider Dropbox said it has adopted ISO 27018, among the first international standards focusing on the protection of personal data in the public cloud.

The standard, published in August 2014, is aimed at clarifying the roles of data controllers and data processors in keeping Personally Identifiable Information (PII) private and secure in public cloud environments; it builds on other information security standards within the ISO 27000 family, and specifically, is an enhancement to the 27001 standard.

ISO 27018 also broadly requires adopting cloud providers to be more transparent about what they do with customer data and where they host it.

In a statement the company said the move would give users more confidence in its platform, particularly enterprise users.

“We’re pleased to be one of the first companies to achieve ISO 27018 certification. Privacy and data protection regulations and norms vary around the world, and we’re confident this certification will help our customers meet their global compliance needs,” it said.

Mark van der Linden, Dropbox country manager for the UK said: “Businesses in the UK and all over the world are trusting Dropbox to make collaboration easier and boost productivity. Our ISO 27018 accreditation shows we put users in control of their data, we are transparent about where we store it, and we operate to the highest standards of security.

Earlier this year Microsoft certified Azure, Intune, Office 365 and Dynamics CRM Online under the new ISO standard. At the time the company also said it was hopeful certifying under the standard would make it easier to satisfy compliance requirements, which can be trickier in some verticals than others.

DropBox, Genius Scan, News & Analysis, Philippe Plichon, Polabox, Stupefix

Dropbox targets France with new Paris office

Dropbox has opened a new office in Paris

Dropbox has opened a new office in Paris

Dropbox has announced the opening of its Paris office, the company’s third European location. The cloud storage incumbent wants to redouble efforts to target French businesses.

The company also has offices in Dublin and London, and the Paris team, led by Philippe Plichon (who up until recently served as director retail & tech at Google), will seek to grow the company’s business in France.

“We’ve seen huge success in France, so Paris is a natural choice for us. The number of Dropbox users in France has doubled over the past two years, now accounting for one out of every five French Internet users. The Paris-based developers of Genius Scan, Stupefix, and Polabox have also taken to Dropbox, building integrations into their popular apps. And more French companies are choosing Dropbox for Business every day to help them work smarter,” the company said in a statement.

“In the next three years, we expect over 2.5 million French businesses to be using at least one cloud service.”

The company said it has a strong position internationally – over 70 per cent of Dropbox users are located outside the US.

The office opening comes just a couple of weeks after cloud storage rival Box moved to strengthen its business in the region. Box hired former Microsoft cloud sales exec Jeremy Grinbaum to lead its commercial expansion efforts in France and southern Europe.

Amazon AWS, Amazon Web Service, DropBox, Google, Google Drive, Microsoft, New Relic, Splunk

Amazon AWS Moving ‘Up the Stack’ to Applications

Amazon Web Services has entered the applications end of the cloud world with several recent releases:

  • Log monitoring and admin with Logs for CloudWatch
  • Collaboration and file sharing with Zocalo
  • Mobile application development with Cognito, Mobile Analytics and a new Mobile SDK

Logs for Cloudwatch works with the AWS CloudWatch network monitoring console to collect log file activities which can then be stored and analyzed in AWS Kinesis. The new tool automatically moves logs from instances and aggregates them into a central service where exceptions can be set directly on those applications.

Third-party products already that, and companies like Splunk, Logentries, and New Relic , which launched its new Insights real-time analytics tool just hours before the AWS news, will all be watching this very carefully (probably also very nervously).

The new AWS Zocalo collaboration/file-sharing plans are further proof that Amazon knows it must be a broad platform player to compete against two mega platform rivals – Google and Microsoft, as well as two younger, well-funded but more limited contenders in Dropbox and Box. Zocalo thus targets Google Drive and Microsoft OneDrive, which are part of a much bigger portfolio of end-user products at those companies.

Advertising, Box, DropBox, File Sharing, Filesharing, Google, Google Adword, Intralink

How an Adwords Campaign Accidentally Exposed Dropbox and Box User’s Confidential Files

We previously reported on a Dropbox Security Snafu (and their correction for it). Now we’re learning more about how it came about, and how it was discovered.

There are several ways users can inadvertently leak confidential files, but the one that is the real head-scratcher is a combination of a user entering the URL of a Dropbox or Box file-sharing link in their browser’s “search box” rather than the “URL box”, combined with Google AdWords campaigns by competitors who want their ads to appear with people “search” for Dropbox or Box (pretty standard stuff).

The sites running such a campaign then — completely innocently — see what users are searching for, and what they are “searching for” turns out to be fully-clickable URLs to files that often contain sensitive personal or company data.

If you think that’s too rare a scenario to worry about, think again:

In one short and entirely innocently designed ad campaign alone, we found that about 5 per cent of hits represented full links to shared files, half of which required no password to download. This amounted to over 300 documents from a small campaign, including several tax returns, a mortgage application, bank information and personal photos. In one case, corporate information including a business plan was uncovered.

That’s from Richard Anstey of Intralink, the people who stumbled on the issue.

Look at this to see (redacted) images of one person’s tax return, and another’s mortgage application. Identity theft, anyone?

Read more about how Intralink discovered all this, along with some good advice on protecting yourself.

TL;DR: sensitive file? Use a sharing application that offers a password or PIN option.

DropBox, File Sharing, HTTP referer, Storage, Vulnerability

Dropbox Forced to Kill Shared Links Due to Security Snafu

Oops! Dropbox announced it is killing existing shared links where documents include ordinary hyperlinks to websites. The problem is the plain old referrer in the header tells that website the URL the inbound link came from. That’s a standard way sites know where their non-direct traffic is coming from. In this scenario, however, the referrer is the URL of the shared dropbox document.

The symptom Dropbox users will experience? Complaints from recipients that the link they were given doesn’t work (if in doubt check the link yourself).

From the Dropbox post on the issue:

While we’re unaware of any abuse of this vulnerability, for your safety we’ve taken the following steps to make sure this vulnerability can’t be exploited:

  • For previously shared links to such documents, we’ve disabled access entirely until further notice. We’re working to restore links that aren’t susceptible to this vulnerability over the next few days.
  • In the meantime, as a workaround, you can re-create any shared links that have been turned off.
  • For all shared links created going forward, we’ve patched the vulnerability

Here’s how to rebuild affected links.

Aereo, Cloud computing, DropBox, Electronic Frontier Foundation, File Sharing, Internet television, Legal, Supreme Court, Video

Aereo Decision: the Cloud at a Crossroad?

Broadcasters’ latest legal target is 2-year-old upstart Aereo—which retransmits over-the-air broadcast television using dime-sized antennas to paying consumers, who can watch TV online or record it for later viewing. The case, before the Supreme Court, may have impact on cloud computing generally, not just on Aereo’s business. A federal appeals court said that Aereo’s service is akin to a consumer putting a broadcast antenna atop their dwelling. Aereo, the appeals court ruled, “provides the functionality of three devices: a standard TV antenna, a DVR, and a Slingbox”

Companies like Google, Microsoft, Mozilla, Yahoo, and others are worried that a victory for the broadcasters could upend the cloud. The companies, in trade association briefs, told the justices in a recent filing that the “dramatic expansion of the cloud computing sector, bringing with it real benefits previously only imagined in science fiction, depends upon an interpretation of the Copyright Act that allows adequate breathing room for transmissions of content.”

Consider any file-hosting service that allows people to store their own material, such as Dropbox. What if it can be shown they are storing copyrighted work. Do they need a license?

Mitch Stoltz, an Electronic Frontier Foundation attorney, said in a telephone interview that, “If the Supreme Court rules in favor of the broadcasters, their opinion might create liability for various types of cloud computing, especially cloud storage.”

But, in urging the high court to kill Aereo, the broadcasters said that “The disruption threatened by Aereo will produce changes that will be difficult, if not impossible, to reverse.”

More detail and analysis.

DropBox, Fail, File Sharing, Outage Alert, Storage

Dropbox Outage Postmortem: Not Hacked, Just Another Maintenance Fiasco

 

From Dropbox:

…On Friday at 5:30 PM PT, we had a planned maintenance scheduled to upgrade the OS on some of our machines.

…In this case, a bug in the script caused the upgrade to run on a handful of machines serving production traffic.

…some master-slave pairs were impacted which resulted in the site going down.

…We were able to restore most functionality within 3 hours, but the large size of some of our databases slowed recovery, and it took until 4:40 PM PT today for core service to fully return.

Deeper details

Collaboration, Document Management, DropBox, File Sharing, Google, Google Drive, Java, Microsoft, My Docs Online Desktop App, QuickBooks, SkyDrive, Web Folders, WebDav

Three App Strategies for Document Collaboration, When To Use Each

When you have a document or file which needs editing or updating by more than one person, in more than one place, controlling the process to avoid the dreaded “intervening update” problem can be a challenge.

In the early days of personal computers the answer was often the “sneakernet”. Create document or file, write to a diskette, put on your Chuck Taylors and walk it to your collaborator, then get it back the same way. Later, LAN technology allowed the file to be placed on a local server and opened across the LAN for editing, with a lock on the file at the server while editing is being performed. When needing to get beyond the local LAN email attachments could be used, or FTP if you had a pre-Web internet connection. Management of “check-in/check-out” and  resolving update conflicts was done by humans, not software.

Sounds like the stone age now, but it beat printing a document and editing with a red pen.

The advent of the Web and its browsers, along with widespread, always-on internet connectivity brought new opportunities for using that connectivity and various software design strategies to support collaboration.

There are three essential design strategies for addressing the problem: pure web app (think Google Drive, née Google Docs),  file syncing (think Dropbox), and local editing with central locking (think MS Office+Web Folders/WebDAV). Each has its pros and cons, and which approach will work for a given task depends on factors like file type, file size, editing feature set, and client platforms supported.

The Pure Web App Approach

A real web app runs in a browser using javascript and (more and more often) HTML5. This approach in theory can support any device that has a modern browser, including tablets and smartphones, as well as Macs, Windows PCs and Chromebooks. Perhaps the premier example of this approach is the applications available in Google Drive. Simple documents, spreadsheets, presentations, and drawings can be created, edited and shared easily. Collaboration is as close to instantaneous as networking technology allows. Documents are always in synch. The first time you co-edit a word processing document with a colleague on the other side of the world, and you see  edits in real time, you should pause for a moment and marvel at how amazing this technology is.

That’s the good. The bad includes:

  • Google buy-in (or buying into some other platform).
  • Limited document/file type support. Although you can now upload and download any type of file to Google Drive, you have to convert to a Google format to edit online. You won’t be editing Quickbooks files, for example.

This is using Google as an example. There are other services using the web app approach. SkyDrive from Microsoft for example, or Quickbooks Online from Intuit. The bottom line is all these online apps have limitations, never mind cost (Quickbooks Online costs between $12.95 to over $70 per month).

The File Synchronization Approach

File synchronization apps like Dropbox work by running applications on all your devices, with a special folder that communicates with their servers to propagate new and updated files to other devices. This works well when the only person involved is you, and you have multiple devices (work desktop, laptop, home PC, and sometimes mobile devices). Another plus is the ability to synchronize a wide variety of file types. Each device that will be used to edit or update a file or document will need the appropriate application installed on the device, and all copies or versions of the aforementioned application must be able to handle the internal format of the particular file. For instance, Quickbooks file formats for Windows and Macs are incompatible.

The typical problem for apps using the file synch approach is lack of “file locking” to keep two people from updating a file at the same time. Some file sync apps attempt to resolve intervening updates but usually with little success.

The Local Editing With Central Locking Approach

Server-based file locking apps keep the file on a central server, and use specialized server plus client applications to do the following each time a file needs to be edited or updated:

  • “Lock” the file on the server to tell other copies of the special client application that the file is “checked out” for update by someone else.
  • Download the file to a client application on a PC, Mac, or other supported platform (usually as a “temp” file).
  • Open the correct application for editing.

After editing the process is reversed:

  • File is saved locally in the temporary location.
  • File is uploaded back to the central server, where it replaces the old copy.
  • The “Lock” is removed so other users can take their turn at editing.

It is also a good idea for this approach to offer a “View Only” or “Read Only” copy of a locked file for others to look at (but not edit).

An early example of this approach is WebDAV (DAV stands for “Distributed Authoring and Versioning”). Microsoft refers to its WebDAV support in Windows as “Web Folders”, and supports locks and editing in Office applications such as Word and Excel. The problem with WebDAV and Web Folders is that virtually no other applications other than Office have implemented support for WebDAV locks.

A more general application that can support almost any file type while also supporting central file locking is available from My Docs Online via their java-based Desktop App. The Desktop App uses a “Lock & Open” to lock the file on the central server, downloads the file to a temporary location on the PC or Mac, and then launches the right application based on the file extension. When the editing session is complete the file is saved and closed locally, and then the user does a “Save & Unlock” in the Desktop App to send the updated file back to the server and release the lock.

The ability to support virtually any file type is a strong benefit of this design.

Potential issues with the approach include “network latency”. The bigger the file the longer it takes to download and open the locked copy, or sent it back to the server. The use of Java brings support for multiple operating systems, including all versions of Windows or Mac OS X, but does require Java be installed and kept up to date on the machine.

Choosing an App Whose Design Strategy Meets Your Needs

Which approach will work best for you? It depends on particular needs, and you may need more than one solution depending on particular file types or business processes involved.

If you and all your collaborators already have Google accounts, and if the goal is collaboration on a reasonably basic document or spreadsheet, it’s hard to beat Google Drive. If you mostly use Office, then SkyDrive might be a good fit, and so on. Consider a two-step approach, where, as an example, you use Google Drive to do the early drafts of a document when collaboration needs are heaviest, and then export to a more powerful desktop application for final production.

If your collaboration needs don’t require editing by multiple people, but mostly involve pushing updated versions of files and documents for viewing and reviewing, then a file synchronization app like Dropbox could work well.

If you are using specific file types like Quickbooks, CAD, as well as Excel, Word, or OpenOffice formats, and you need to let multiple people in multiple locations edit without fear of wiping out the edits of a colleague, consider an application like the My Docs Online Desktop App.

Amazon S3, Drew Houston, DropBox, Mozy, Start Up, Storage, USB flash drive, Venture Funding, Y Combinator

Drew Houston’s Y Combinator Pitch for Dropbox

Here are some choice tidbits from Drew Houston’s application for Y Combinator backing:

What is your company going to make?  
Dropbox synchronizes files across your/your team’s computers. It’s much better than uploading or email, because it’s automatic, integrated into Windows, and fits into the way you already work. There’s also a web interface, and the files are securely backed up to Amazon S3. Dropbox is kind of like taking the best elements of subversion, trac and rsync and making them “just work” for the average individual or team. Hackers have access to these tools, but normal people don’t.

There are lots of interesting possible features. One is syncing Google Docs/Spreadsheets (or other office web apps) to local .doc and .xls files for offline access, which would be strategically important as few web apps deal with the offline problem.

What’s new about what you’re doing?  
Most small teams have a few basic needs: (1) team members need their important stuff in front of them wherever they are, (2) everyone needs to be working on the latest version of a given document (and ideally can track what’s changed), (3) and team data needs to be protected from disaster. There are sync tools (e.g. beinsync, Foldershare), there are backup tools (Carbonite, Mozy), and there are web uploading/publishing tools (box.net, etc.), but there’s no good integrated solution.

Dropbox solves all these needs, and doesn’t need configuration or babysitting. Put another way, it takes concepts that are proven winners from the dev community (version control, changelogs/trac, rsync, etc.) and puts them in a package that my little sister can figure out (she uses Dropbox to keep track of her high school term papers, and doesn’t need to burn CDs or carry USB sticks anymore.)

At a higher level, online storage and local disks are big and cheap. But the internet links in between have been and will continue to be slow in comparison. In “the future”, you won’t have to move your data around manually. The concept that I’m most excited about is that the core technology in Dropbox — continuous efficient sync with compression and binary diffs — is what will get us there.

What do you understand about your business that other companies in it just don’t get?  
Competing products work at the wrong layer of abstraction and/or force the user to constantly think and do things. The “online disk drive” abstraction sucks, because you can’t work offline and the OS support is extremely brittle. Anything that depends on manual emailing/uploading (i.e. anything web-based) is a non-starter, because it’s basically doing version control in your head. But virtually all competing services involve one or the other.

With Dropbox, you hit “Save”, as you normally would, and everything just works, even with large files (thanks to binary diffs).

What are people forced to do now because what you plan to make doesn’t exist yet?
Email themselves attachments. Upload stuff to online storage sites or use online drives like Xdrive, which don’t work on planes. Carry around USB drives, which can be lost, stolen, or break/get bad sectors. Waste time revising the wrong versions of given documents, resulting in Frankendocuments that contain some changes but lose others. My friend Reuben is switching his financial consulting company from a PHP-based CMS to a beta of Dropbox because all they used it for was file sharing. Techies often hack together brittle solutions involving web hosting, rsync, and cron jobs.

Want more detail? Read the full application.