{"id":42141,"date":"2013-04-16T20:55:54","date_gmt":"2013-04-17T00:55:54","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-15T18:57:12","modified_gmt":"2021-08-15T22:57:12","slug":"dropbox-adds-ad-for-sso","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/dropbox-adds-ad-for-sso\/","title":{"rendered":"Dropbox Adds AD for SSO"},"content":{"rendered":"

\"Dropbox<\/a><\/p>\n

When people talk about the consumerization of IT<\/a><\/strong>, Dropbox<\/a> is invariably part of the discussion. Dropbox,<\/strong> like Box<\/a>, Google Drive<\/a>,\u00a0Microsoft <\/a>SkyDrive<\/a>, and others is a cloud-based storage<\/strong> system that enables users to sync and share files. This can and often is done without IT intervention, potentially putting sensitive data at risk or organizations out of compliance according<\/a> to Debra Donston-Miller<\/a> at InformationWeek<\/a><\/em>.<\/p>\n

\"Dropbox<\/a>Hoping to land some street cred with corporate IT<\/strong>, the consumer cloud file storage leader Dropbox, rolled out\u00a0Dropbox for Teams<\/strong>, with security tweaks\u00a0designed to give companies more control over what their users do with Dropbox, (which I covered here)<\/a><\/em>.<\/p>\n

Now Dropbox has announced a rebranding, from “Dropbox for Teams<\/a>\u201d service to \u201cDropbox for Business<\/a><\/strong>\u201d with an eye toward business and its IPO<\/strong>. So it is taking notice of existing enterprise authentication infrastructure to grow its customer base into authorized corporate use.<\/p>\n

\"existing<\/a>The InfofWeek<\/em> article says Dropbox will now add single sign-on<\/strong> (SSO<\/a>) capabilities to its Active Directory<\/strong> integration and is working with several partners to ease that integration. “Active Directory is really core to IT architectures, security and compliance strategies,<\/em>” Kevin Egan<\/a>, Dropbox VP of sales, told InformationWeek<\/em>. “It lies at the heart of security,<\/strong> so we’re going to make it a lot easier for customers to plug into their existing Active Directory infrastructures, and leverage things like secure sign-on.<\/em>”<\/p>\n

Thomas “Tido”\u00a0Carreiro, growth engineering lead for Dropbox, explained in an interview that the integration with Microsoft’s<\/a><\/strong> Active Directory will let companies use the work they have already done in setting security and authentication<\/strong> policy. This helps end-users and admins alike, he said. “It’s good for the end-user not to have another password to remember — they can just use what they’re familiar with”<\/p>\n

\"set<\/a>Mr. Carriero also claims the new Dropbox for Business will be good for IT Pros. “Admins can set up security policies<\/strong> depending on the nature of the data being stored, and they can do things like set password requirements<\/strong>, reset passwords as often as they’d like, set up two-factor authentication<\/strong>, set up other kinds of authentication — whatever they have decided on for their business.”<\/p>\n

According to Dropbox’s Egan and Carriero, the firm will provide SSO out of the box. Dropbox SSO uses the industry-standard Security Assertion Markup Language<\/a> <\/strong>(SAML), so it will also integrate with any large identity provider companies are using or with companies’ own SAML-based federated authentication systems. DropBox SSO partners include Ping Identity<\/a>, Okta<\/a>, OneLogin<\/a>, Centrify<\/a>, and Symplified<\/a>.<\/p>\n

The author notes that Dropbox has some pretty stiff competition in the cloud-based storage space, including no less than\u00a0Google<\/a> (GOOG<\/a>) Drive<\/a>, SugarSync<\/a>,\u00a0Apple’s<\/a> (AAPL<\/a>) iCloud<\/a>, Box,net<\/a>, and Microsoft’s<\/a> (MSFT<\/a>) SkyDrive<\/a>. But the SSO integration with Active Directory is an important step forward in making Dropbox a corporate tool, and not just a tool for consumers.<\/p>\n

rb-<\/em><\/strong><\/p>\n

The producers of these consumer-targeted technologies need to recognize that for deals in tens of thousands of seats, firms like Dropbox, Box, and Evernote need to offer those of us charged with protecting the firm’s assets assurances about security, privacy, and integration with Microsoft Active Directory.<\/em><\/p>\n

Despite that, Box Enterprise GM Whitney Bouck also told CITEworld<\/a>, “The premise of Box is to make it super-easy to share, communicate, and collaborate … At its most open, there should be as few controls as possible.”<\/em><\/p>\n

\"attackers<\/a>And then there are the security breaches. In 2011, Dropbox accidentally pushed a code update that introduced a bug into the company’s authentication mechanism, allowing third parties to log in to user accounts and access files. Last year, hacks at other Web sites allowed attackers to penetrate accounts used by Dropbox employees, including a document from which they may have been able to harvest email addresses. In August, those email addresses were apparently used to send Dropbox users spam.<\/em><\/p>\n

Related articles<\/h6>\n