Dropbox
Dropbox Best Practice Guidelines
July 2011
Disclaimer
The University is not advocating the use of this product as an alternative to other systems (e.g. SharePoint) which are provided for its staff. Neither does the University wish to discourage the use of this product if the user follows the guidelines contained in this document.
Introduction
Dropbox is a Web-based file hosting service that uses cloud computing to enable users to store and share files and folders with others across the Internet using file synchronization with both free and paid for services, each with varying options.
Please note that Dropbox offers a free account of 2 GB and a paid account - $8.99 a month upgrade to 50GB, for $19.99 a month for the Pro 100 provides 100GB of online storage.
Dropbox may be seen as a convenient and near seamless internet service for synchronising a consistent set of files in Dropbox folders on one or more computers and online storage. The files in a Dropbox folder can be used on any of the synchronised computers and they can be accessed via any modern web browser. Online files can also be accessed from mobile devices like the iPhone and iPad, and there is a facility for sharing subfolders within the main Dropbox folder. These features may make Dropbox an attractive platform for collaboration and sharing amongst colleagues. However, the use of Dropbox can pose risks related to IT and records security. Please note best practise recommendations as outlined below.
Dropbox may be used within the University, subject to the best practise guidelines.
1) It is not recommended to use Dropbox for confidential or sensitive information.
2) Any Dropbox file sharing is limited to small groups of highly trusted colleagues, using shared folders not public folders.
3) It is recommended that if any confidential or sensitive information is stored on Dropbox it should be in an encrypted form (for example, documents as encrypted PDFs). In this regard, the iOS (Apple’s mobile operating system) application 'Goodreader' is suggested as an alternative to the Dropbox iOs application.
4) Files should not be left online for longer than is necessary.
5) Owners of shared folders should frequently review and maintain Dropbox events and shared folder membership, and promptly update shared folder membership to reflect changes in colleagues' roles.
6) Participants should not put anything on Dropbox that they would not be comfortable sending as an email attachment.
7) Dropbox is not to be used as the sole storage for any University Record, or as a recordkeeping system.
8) All University users of Dropbox should exercise self-discipline to ensure that passwords are strong and are changed at reasonable intervals.
9) As with the use of any personal computers, staff are reminded that they should be vigilant against security threats including phishing, viruses, trojan horses and key-logging.
10) Dropbox should not be used on mobile devices connected via unencrypted wifi networks – e.g. Cybercafé hotspots, may have open unsecured access points, which may compromise your user account
PLEASE NOTE!
The setup of the DropBox service involves the creation of two main folders.
· Shared folder – access is granted to this folder on an individual basis by the user of the DropBox installation.
· Public folder – this public folder can be accessed by anyone who has the DropBox software installed i.e. by the general public. Access cannot be restricted by the user.
NB: Users can choose to link other folders to the shared or public folder. Folders that are linked to the public folder can also be accessed by the general public.
The following text is copied directly from the End User Licence Agreement (EULA) which must be accepted by the user upon installation and which indicates who may access folders and files. Keywords are bold for clarity.
Consent to Access Your Files
“BY UTILIZING THE SITE, CONTENT, FILES AND/OR SERVICES, YOU CONSENT TO ALLOW DROPBOX TO ACCESS YOUR COMPUTER TO ACCESS ANY FILES THAT ARE PLACED IN THE 'MY DROPBOX,' 'DROPBOX' FOLDERS, AND/OR ANY OTHER FOLDER WHICH YOU CHOOSE TO LINK TO DROPBOX. BY PLACING FILES IN YOUR SHARED FOLDER, YOU CONSENT TO SHARE ACCESS TO THE CONTENT OF THOSE FOLDERS WITH THOSE OTHER DROPBOX USERS THAT HAVE BEEN AUTHORIZED TO UTILIZE THOSE FOLDERS. BY PLACING FILES IN YOUR PUBLIC FOLDERS, YOU CONSENT TO SHARE ACCESS TO THE CONTENT OF THOSE FOLDERS WITH OTHER DROPBOX USERS AND/OR THE PUBLIC.”
Your Public Folder
“While you own the content contained in Your Files, files placed in your public folders are automatically available to other Dropbox users and to the general public. By placing Your Files in your public folder, you hereby grant all other Dropbox users and the public a non-exclusive, non-commercial, worldwide, royalty-free, sublicensable, perpetual and irrevocable right and license to use and exploit Your Files in your public folder. In other words, a file in your public folder can be used by anyone, for any purpose except commercial use.”
While there is clear differentiation between the accessibility of the ‘shared’ and ‘public’ folders, there is no way to monitor or control which folder an individual user will store files in. Essentially, if you grant one user access to a confidential file in your ‘shared folder’ there is nothing to stop the user copying the file and storing it in their ‘public folder’.
If you have any queries please contact IST Support on 01443 482882 or .