Dropbox and IBM i: Love It Or Leave It?

October 14, 2014 Alex Woodie

There’s no doubt that Dropbox has become a pervasive tool of American consumers. But is it up to snuff when it comes to business data? Many IBM i software vendors say Dropbox represents a major security and compliance risk. But one vendor, Arpeggio Software, says Dropbox is no more dangerous than other cloud offerings and can safely be used.

“I am amazed and frankly shocked at the number of IBM i software vendors who come out with anti-Dropbox positions instead of accepting the reality . . . Dropbox is here and it is pervasive,” Rich Brown, the CEO and co-founder of Arpeggio, wrote in a blog post on his company’s website.

According to Brown, those who denigrate Dropbox as dangerous just have their heads in the sand. “Practically every client we work with uses Dropbox and all of them use it in their personal lives,” he continues. “My parents use it for storing pictures and backing up their PC data and my 10-year-old niece is even required to use it for school. I would call that pervasive!”

He is likely referring to vendors like Linoma Software and Rocket Software, both of which develop and promote their managed file transfer (MFT) products as more scalable and secure alternatives to other file transfer techniques, including unencrypted FTP and Dropbox.

Linoma’s lead software engineer for its GoAnywhere product, Steve Luebbe, isn’t the biggest fan of Dropbox in a corporate environment: “We know services like Dropbox and Google Drive are really tempting because they’re so easily accessible,” he said earlier this year. “We also know that third-party file sharing is a nightmare for the IT team, especially those charged with maintaining compliance with HIPAA, PCI DSS, SOX, and other regulations.”

Another Dropbox detractor is Steve Bireley, managing director of R&D for Rocket. “It seems like every month there’s some new security breach with Dropbox or any of the other cloud-based services,” Bireley told IT Jungle in July. “They’re big targets for hackers, and they spend a lot of time beating on them.”

Brown says IBM i vendors are fomenting fear for the sake of promoting their own “stone age” products. “Many try to claim that Dropbox is dangerous,” he says. “Well, if you put confidential data on any cloud application and you don’t encrypt it first, then you really are the one to blame for being negligent. Dropbox is only as dangerous as the people using it are careless.”

Of course, this isn’t a theoretical exercise for Brown, whose company launched a Dropbox client for IBM i, called ARP-DROP, about a year ago. While ARP-DROP is free to download and use, like most of Arpeggio’s products, customers can purchase a support agreement from the company for a nominal fee.

Brown shared a few stories about early ARP-DROP adopters in his blog post. Among the users is a company that sells licensed sports merchandise to retailers and distributors. The company has switched from using email to distribute reports to sales reps and instead uses ARP-DROP, which “has worked great as it allows their users to access reports via smartphones and tablets.”

Another Arpeggio customer is using ARP-DROP in concert with Arpeggio’s IBM i backup product, ARP-SAVE, to manage journal receivers as part of its security compliance initiative. “Mandates such as PCI require quick access to system logs to show that you have forensics capabilities in case of suspected breaches,” Brown says.

ARP-DROP is serving as an MFT replacement at a media publishing company. “Since Dropbox is always up, it has started to replace FTP servers as a way of addressing ad hoc file exchanges,” Brown says.

Dropbox clearly has a large number of users around the world. The service is highly available and easy to use, which makes it an attractive place to store everything from family pictures to corporate databases. The fact that Dropbox is available on smartphones and tablets is a nice added bonus.

The question every IBM i user needs to ask himself is whether Dropbox lives up to his company’s security requirements. How confident are you that Dropbox can maintain the integrity of your data? What level of sensitive data would you feel comfortable storing on Dropbox, and how would a security breach effect you and your customers? You may not want to store your most sensitive data here, but the benefits you get from using Dropbox for less sensitive data may outweigh some of the risks.