Cloud control imperative in 2017 as Dropbox hands administrators a bigger stick

If 2015 was the year when the cloud applications and infrastructure became pervasive and 2016 the year when businesses realised the security problems this had created, 2017 will be the year when those businesses finally get the chance to tighten the reins on cloud usage.

That’s the goal, at least, of recent changes introduced by Dropbox that allow enterprise systems administrators to not only block the use of personal, unmanaged versions of the ubiquitous cloud-storage platform – used by 10 million Australians, by the company’s reckoning – but to force users to migrate to the manageable Dropbox Business platform.

The latest changes – which also include the addition of granular administration features to the company’s Paper secure collaboration platform – reflect a growing commitment to helping businesses regain control of usage of Dropbox, ANZ country manager Charlie Wood told CSO Australia.

“We’ve found that you can have usage policies and create the easiest product in the world to use,” he explained, “but sometimes if a company gets a little big they just need a push.”

Features such as subdomain verification, enforceable limitations on the number of registered devices, and improved network control – which lets administrators monitor and control Dropbox traffic – fill out the enterprise-administration story that Dropbox kicked off earlier this year with the debut of its AdminX administration platform.

The company is also expanding the granularity of its audit logging capabilities to improve visibility of file access, downloads, and other activities: “We build a forensics UI on top of that where you can get access straight into the console,” Wood said.

Dropbox also recently inked a peering agreement with an unnamed Australian ISP and opened a Sydney point of presence – one of 11 new sites around the world designed to improve performance by providing local caching – and has bolstered support from a network of technology partners.

This approach, Wood said, has seen over 20,000 applications integrated with Dropbox, the company has also been extending its reach into data loss prevention (DLP) through a partnership with Symantec.

“Because of this extra level of logging, administrators can access information [about cloud usage] that they just didn’t have before. The volume of data under management is now so large that we’re working to give companies more granular controls and more visibility, and to do it at a scale where every employee can use Dropbox.”

With reports regularly suggesting that cloud file-sharing services are exposing sensitive and regulated data far more than is acceptable, Dropbox’s changes are far from optional; other technology providers are also getting proactive about strengthening control over cloud services whose adoption has been largely uncontrollable so far.

Symantec, for one, got so proactive that it recently spent $US4.65 billion ($A6.2b) to acquire security provider Blue Coat Systems in a deal that will bolster the larger company’s position in the exploding cloud access service broker (CASB) market.

CASB tools plug the security gaps between business IT infrastructure and cloud environments by managing the authentication and integration of cloud services. Their growth has been largely driven by an explosion in demand, Symantec’s Rehan Jalil – who originally served as CEO and founder of CASB leader Elastica, which Blue Coat bought for $US280m ($A373m) in 2015 – told CSO Australia.

“It was clear years ago that adoption of the cloud was going to be a whole new way of doing work,” he said, “but its adoption is happening with or without the permission of the IT organisation. If the IT organisation doesn’t have a cloud strategy, the employees have their own strategy for the cloud. It’s called a credit card.”

Elastica’s CloudSOC sought to unify controls over cloud-based platforms but also offered a migration path for existing policies around document controls – helping, Jalil said, to save administrators from the burden of migrating those policies between incompatible platforms.

“In the past you could define policies for cloud and incident response in the cloud, but it created islands of different policies,” he explained. “That doesn’t work very well for large organisations.”

“But now policies can be classified in the same way for cloud platforms that they are on on-premises servers, which offers huge savings for the enterprise. Companies are seeing that their employees are using cloud applications a lot, and that needs to be managed.”

That management infrastructure will become increasingly important through 2017 as businesses accelerate their shift to the cloud: CSC, for one, recently predicted that businesses will have put 80 percent of their workloads in public clouds by 2020.

Cloud market leaders will outpace competitors by competing on function and capability designed to help better meet regulatory and security requirements – compliance with the complex PCI DSS standard has been flagged as a key value-add by many – that will “free customers to build new platform business services in search of new organic sources of revenue that were not possible in the pre-cloud era,” CSC chief technology officer Dan Hushon recently predicted.