Avatar of Comm_Guy
Comm_Guy
Flag for United States of America asked on

How secure is Dropbox?

If I need to protect PII information, has Dropbox progressed to the point where the community feels safe using them?  Where do I get specific data on the actual standards they use?
Security

Avatar of undefined
Last Comment
Comm_Guy

8/22/2022 - Mon
CompProbSolv

I found this at dropbox.com:
https://www.dropbox.com/business/trust

I would ask Dropbox about what security standards they follow.
David Johnson, CD

use your own encryption to encrypt before storing on dropbox. They are not HIPAA compliant. out of the box and require a BAA agreement to get started on the route. 
Dr. Klahn

Once any data leaves your own disk drive it must be considered insecure.  Ergo, as David says, encrypt (and I'd encrypt twice using two different methods) before using "cloud" storage for anything.

What Dropbox claims, and what actually happens when the FBI shows up with a secret FISA warrant that Dropbox is forbidden to reveal, are two different things.
Your help has saved me hundreds of hours of internet surfing.
fblack61
David Favor

Ditto on the above.

Never trust any service.

Always encrypt.
btan

It depends on your risk appetite.
If you have low risk tolerance, you shouldn't even opt for any cloud based storage. You can't control what you can't see.

If you have high risk tolerance, you can consider and opt for the option (see link) that is cost effective. Even if it is accredited with HIPPA, you as the data owner are still accountable. It is a shared responsibility using any form of cloud services.

If you are totally not sure, and in doubt, it is best you try out without the sensitive data as most of the time, misconfiguration and negligence are common causes to data breach like exposing of access to public, using poor password or leaving data in plain in the cloud store.

Familiarity with the cloud risk is important and they varied from SaaS to IaaS. You should try to understand that before jumping into using the services if security is your key consideration. Risk assessment is necessary.

https://www.dropbox.com/en_GB/plans?trigger=nr

SOLUTION
madunix

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
serialband

Dropbox has since secured itself, but they were easily hacked back in the beginning when they first started.  How secure do you need it.  Maybe Spideroak is what you  might want.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Comm_Guy

ASKER
Concerned with sharing PII information:  name, address, SSN, etc.  It appears their business accounts are secure given they state they're HIPPA compliant.  Am trying to figure out if any documents saved in a business account is encrypted to the point that they don't have access (keys).  Certainly sounds like they have access to any of the 'free' accounts.  Being a non-profit, am trying to determine options and preventing the compromise of data.  Staff like 'free' stuff and don't always understand the consequences.
serialband

HIPAA is just an agreement and a certification that they are protecting the data per guidelines.  It doesn't mean that the dropbox staff doesn't have access.  It means that if they do have access, they also follow the procedures to protect that data per HIPAA guidelines.  That's why they have to have a separate agreement.  That way, they can place your data into the HIPAA accounts storage that only HIPAA certified employees can access, versus any general dropbox employee.  It doesn't mean that the data is only accessible to you.  They just certify that they'll protect it also.  This needs a signed agreement with them.
ASKER CERTIFIED SOLUTION
btan

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Comm_Guy

ASKER
Thank you one and all.  I certainly have a better understanding.  I especially like the idea of using Boxcryptor in conjunction with other solutions.  I appreciate your willingness to take the time and share your insights.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23