Jeb Molony

Dropbox was conceived and created by Drew Houston while he was a student at MIT as a better way to store and access documents. For students the need to keep up with and share documents is imperative in today's academic environment. Students are able to collaborate and avoid the traditional issues with papers and research such as versioning. However, as students are graduating and moving into the work force they are taking the skills they learned in school with them. One of these skills is how to implement Dropbox and while the implementation and use is simple the more difficult question is whether a particular industry should be using Dropbox.

Professional practices including accountants, lawyers and doctors have third party regulatory issues they must comply with when implementing a practice management system to safeguard client information. For doctors the standards are set by HIPAA, for accountants the AICPA and for lawyers the state Bar Association in which they are licensed. All have guidelines and rules they have released for the use of electronic storage. According to Dropbox they meet none of these standards at this time:

Dropbox does not currently have HIPAA, FERPA, SAS 70, ISO 9001, ISO 27001, or PCI certifications. We'll update this page with any new certifications as we receive them – Dropbox Help Page

Dropbox does not hide the fact that they have not obtained any of the necessary security compliance audits in order to be used by any professional practice, and yet lawyers, accountants and doctors use Dropbox to share and store sensitive data. In addition to the lack of certifications, Dropbox was hacked in August 2013 and while the data inside Dropbox is encrypted the encryption keys are held by Dropbox. This means that Dropbox has the ability to read anything stored inside of Dropbox. and if these keys are ever compromised so does the person who obtains them.

The benefit of Dropbox is the ease of use which is why most students utilize it. However, for a business with a large number of files the functionality begins to erode. In fact Dropbox has a limit of 300,000 documents for advanced users.

Dropbox's performance may start to decline when you store above 300,000 files. At that point you may observe some slowness. We're currently working hard optimizing Dropbox to better handle accounts with unusually large numbers of files.

At first glance 300,000 documents may seem like a lot, but a law firm of just 5 lawyers working on civil litigation can easily accumulate that number in just a few years. For enterprise level companies the 300,000 document limit is too small.

Dropbox is an easy to use cloud based application for sharing documents, but for professionals it is not a viable option when it comes to security compliance. Lawyers, accountants and doctors who are managing their practice and implementing software solutions should not allow the use of Dropbox for sharing anything that may be considered confidential patient or client data.