Ask HN: My company is now disallowing Dropbox...

[benhedrington]

Is this an unsolvable problem? What questions can cloud services answer and finally get through to corp IT? Who's startup is grappling with this problem and winning?

To be clear, I know how I could get around it... and I am not planning to do that... I am asking how can we progress the IT point of view and allow enterprises to adopt these revolutionary tools rather than fear them. Is it a lost cause?

[smoody]

There's a good reason: I would argue that Dropbox has questionable security practices (by that I mean look around their site and try to find an in-depth description of how then insure individual account security... it leaves me with many questions :-). Dropbox stores and manages the encryption keys on their servers and they don't let users specify their own encryption keys. If someone manages to break into their server farm and gets access to those keys (or the method by which they are algorithmically generated), then lookout!

At the same time, a lot of people email sensitive documents into and out of enterprises without any sort of encryption. I'm not sure which is worse.

(no, I'm not a enterprise IT guy :-)

[petervandijck]

Security is not goal in itself, although many IT types seem to think it is. As you note in your second paragraph, it's a sliding scale, to be weighted against productivity etc.

[spitfire]

How is dropbox a revolutionary tool? Fileservers have existed for quite some time. File server accessible over the internet have existed for quite some time. (It was easy even in windows 95).

Focus on your needs and ask IT to develop a way for you to access your corporate resources on the go.

[petervandijck]

Ease of use.

[dreamux]

The reason that enterprises have IT departments is so that they can control everything in house. The saas model (dropbox and similar remotely hosted services) doesn't really fit here because it separates IT from the services that it is supposed to manage (think of the legal and security mess of spreading your company's data to a bunch of 3rd party services).

Your best bet is to find some white-label/internal solution similar to dropbox and get your IT guys to install it... but it'll be tough to convince them that the benefits outweigh the costs (everything IT does costs 10x more than you think it should).

[petervandijck]

Really, your best bet is to route around them. I may be a techie but I have little respect for corporate IT, sorry. Instead of focusing on increasing productivity, they always seem to focus on increasing their control (in order to not loose their jobs), and to increase "security". They don't remind me of hackers, they remind me of airport scanners and laywers.

[benhedrington]

I hear the control part but what control is there really... Don't you think the physical files on the laptop of the average corporate worker are more likely to be compromised than dropbox itself?

Not sure companies will survive and be competent if it all goes this way...

Do we need FDIC (from the banking world) for data?

[petervandijck]

It's corporate IT's death struggles you're observing. Unfortunately they don't tend to die quickly.

What I've seen again and again is people just routing around them. And around any other corp strategies that stop them from getting their jobs done.

[benhedrington]

If anyone from Dropbox is listening/interested I may be able to setup a conversation with the IT guys if you are working on a solution... email me.

[gabbott]

can you open a support ticket with dropbox? Seems like the best way to start the conversation. Just say you are looking to get in contact with Graham, i'll see if we can take care of the rest.

[cookiecaper]

I think that if a startup made encryption and data security a priority and had the amount of funding it takes to break the enterprise market, they'd start to slowly (as usual in the enterprise space) make more headway and gain acceptance in this area. IT actually likes to offload things when they have a reasonable assurance of control.

Tarsnap is a good starting point, but it's CLI, doesn't work on Windows, and isn't really geared to big businesses.

[petervandijck]

A different approach is to just get consumer acceptance and get into the enterprise via the backdoor. That's what Dropbox (and 37sigs etc) are doing.