Dropbox Pros and Cons

Does your small business have a Mac, in your office, working as a file server? Do you wonder if you should continue to do this or switch to a cloud-based file sharing system, such as Dropbox? Let’s look at some of the advantages and disadvantages of using Dropbox. In the past few years I’ve had a number of small business clients decide that they no longer want the expense of buying, supporting and backing up their own in-house file server. For them, Dropbox is a cost-effective solution. Dropbox may not be a viable option for every small business, but let’s consider the pros and cons.

This article compares Dropbox and file servers in the following areas:

  1. Price
  2. Remote Access
  3. Outside Sharing
  4. File Sharing Controls
  5. Various Security Considerations

Let me start by looking at the areas where Dropbox compares well against a file server. 

1. Price

To improve the readability of this article, I’ve put all of the details of my price comparison as an endnote to this article. For my comparison I look at a hypothetical company with 3 employees and their costs over a 5 year period. I compare the costs of owning and maintaining a Mac setup as a file server with using Dropbox for their file sharing needs. Again, see details below.

This total cost of ownership for a Mac file server could be $5000 over a 5 year period.

The total cost of a Dropbox subscription is  $3858 over a 5 year period.

Dropbox offers a noticeable price savings.

If we change our hypothetical company to 6 employees then the costs of the file server are likely about the same. However, our Dropbox costs would double to about $5600 over 5 years. Dropbox’s price savings appear to dwindle as the number of employees increases.

Price Conclusion – Depending upon the size of the company Dropbox may or may not offer a price savings. I think Dropbox’s price sweet spot is companies with 3-8 employees. As the number of employees increase, Dropbox makes less sense based on cost-alone.

However, Dropbox offers another price savings since no additional costs are required to access Dropbox when a staff person is out of the office. Typically a file server requires a business to setup a VPN. Let’s look at these costs.

2. Remote Access (Getting to your files when you are outside the office)

Let’s compare what is required to remotely access both Dropbox and a file server. More specifically, when employees are working from home or whenever they are out of the office, what is required to permit them to access shared folders? Dropbox has no additional costs or requirements. If your employees use laptops while at the office to access Dropbox then these laptops can be used, as is, anytime the employee has an Internet connection. 

In our file server scenario, an employee’s laptop would need to be configured to use a VPN (Virtual Private Network) connection to be able to access the file server. Apple no longer offers a built-in VPN solution in their Mac server software. Thus, you will need to spend time and money setting up an alternative, such as iVPN, and then configure each of your employees Mac laptops and then train them on how to use the VPN.

Remote Access Conclusion – Dropbox wins since it does not require any additional costs, labor or training to allow employees to access files when outside of the office. Perhaps this cost savings furhter tips the balance in favor of Dropbox for overall costs.

3. Outside Sharing 

Let’s imagine that you need to collaborate with others, outside your company, on a project. Perhaps you want your collaborators to be able to access a project folder which you store in Dropbox, or on your file server. Dropbox makes this pretty easy. You can give people outside your company access to a folder inside your Dropbox account. As long as the outsider is willing to setup his or her own free Dropbox account then they will have easy access. 

Granting an outside person access to a folder on a central file server is possible, but you’d spend time creating a user account on the server and giving them VPN access to your company’s network. Many companies would not grant access to the network so that’s a show stopper. At this point, you’d likely start sending files back and forth as email attachments. 

Outside Sharing Conclusion – Dropbox wins since Dropbox permits this while the file server model typically does not. However, it is important to note that setting up your folder structure appropriately is a key consideration if you are using Dropbox. Dropbox is only able to share folders at one level. This means you can’t have a parent folder that is shared with, say, one outside person outside your company and also have a subfolder shared with a different person outside your company.

Now let’s look at the areas where Dropbox does not look as good as a file server.

4. File Sharing Control

File servers support more complex file and folder permission configurations. For example, file servers let you setup a folder named Shared Projects, which is accessible by all of your employees and then create a folder within Shared Projects named Financial Reports that has more restrictive permissions. Maybe only the business owner and accountant might be able to access the Financial Reports folder. Dropbox can let you have both a widely shared Shared Projects folder and a more restricted Financial Reports folder, but Financial Reports can’t live inside of Shared Projects.

File Servers also typically create a number of logs that let one see who has accessed, edited or deleted a file. Dropbox Standard does not offer the same level of tracking.  Some higher tiers of Dropbox Business do. Thus, there is much less accountability available for a small office using Dropbox. This type of accountability is often needed as the number of employees in a company grows, but it can be helpful even when there are only a handful of users.

File Sharing Control Conclusion – File servers offer great flexibility. There have been times when Dropbox’s restrictions have been a nuisance, but work-arounds are always possible. File access logs are a standard feature of file servers, but are only available on higher priced Dropbox accounts.

5. Various Security Considerations

With Dropbox, you hand over some control of your data since you’re entrusting your data to a middleman and since your data is accessible via the Internet. This increases the risk that somebody outside of your organization could access your data. FirstDropbox, the company, has a backdoor into your account. While I am pretty sure that Dropbox employees can not casually look at your files, I am also pretty sure that in order to provide technical support and test their own systems, select employees might access your account and could need to inspect certain files. I would also guess that if a subpoena was issued by the government that they could gain access to your data. You could encrypt select files in your account to try to reduce this risk.

This is a good time for me to mention that Dropbox encrypts your files during transit and storage, but the files stored on your Mac, in your Dropbox folder, are not encrypted unless you use a service like Boxcryptor or the Mac operating system’s FileVault.

Second, there is also a risk that the bad guys could get into your Dropbox account and access your files. One of your employees could be lured into divulging his or her Dropbox account password via a Phishing attack. Alternatively, Dropbox could make a goof as they did in 2011 when a programming flaw in Dropbox’s web site permitted anybody to get into anybody else’s Dropbox account. This flaw only existed for 4 hours, but it highlights the possibility.

Next, let’s think about corrupt files or accidentally deleted files. If your company runs its own file server then you control your own in-house and off-site backups. Thus, you can restore corrupt or damaged files. If your company uses Dropbox then you typically need to rely on Dropbox’s file recovery feature. Depending upon the type of Dropbox account you have, Dropbox provides you with 30-180 days of file recovery. In other words, if a file gets damaged or deleted, but this is not discovered for 30 or more days then there is a chance that you won’t be able to recover that file. This vulnerability could be minimized if you make your own backups of your Dropbox account. To be effective, one Mac in your office would need to have a copy of all of the files in your Dropbox account  and then you would need to backup this Mac to one or more destinations. In other words, this one Mac cannot use Dropbox’s Selective Sync or Smart Sync features.

Do you realize that you could lose all of the files in your Dropbox account if your account expires? This might sound far-fetched, but it could happen. Let’s imagine that the credit card you use to pay for your Dropbox account has expired. Dropbox sends emails to remind you about a billing problem, but it is possible that these emails could be overlooked if one is traveling, sick or otherwise distracted. If your account were to expire, I am sure Dropbox does not delete your files immediately, but I do not know the length of the grace period. Thus, it is possible that your files could be deleted.

Do you have good policies and procedures in place when an employee leaves your company? If your company uses Dropbox, an employee could access your Dropbox account from his or her own personally owned computer, phone or tablet. When employee’s leave you should revoke access by any personally owned devices and initiate a remote delete of files from that device. If your company uses a file server, typically remote access requires VPN access. VPN access could be revoked easily for a given employee on his or her last day of employment.

Similarly, do you have good policies and procedures in place in the event a laptop, tablet or phone, with Dropbox access, is lost or stolen? My own laptop was stolen at the end of 2017. Because I had a number of security features enabled on my laptop, I was confident that the thieves could not gain access to any of the data on my laptop, including files I keep in Dropbox. You should make sure you have setup appropriate security policies on all devices that access Dropbox.

If your company uses a file server then typically all of the files do not reside on the laptop. Thus, if the laptop is secured and/or VPN use requires employees to manually enter a password in order to connect, your file server would be secure.

Various Security Considerations Conclusion – File servers tend to offer greater security since they are in your office and not on the public Internet, like Dropbox. Dropbox offers greater convenience, but this convenience comes at the cost of higher security risks. If you use Dropbox it is important to minimize these risks by having your own backup of your data and have good security procedures in place on your computers.

Overall ConclusionDropbox can be an appealing and cost-effective option for easily sharing files with your team and outside collaborators, but it does not make sense in all situations. Additionally, there are some additional security concerns that one needs to think through and protect against. 

 

 

Endnote: Price Comparison Details (mentioned at the start of this article)

If this company wants to buy, backup and maintain their own Mac as a file server they might be looking at the following 5 year costs:

  • Mac mini with monitor – $1200
  • Backup hard drives – $200
  • Off-site backup subscription – $120/year or $500 over 5 years.
  • Labor for initial setup – $600
  • Estimated annual labor for server maintenance and updates, setting up user accounts, etc. – $500/year or $2500 over 5 years

This totals $5000 over a 5 year period

Dropbox offers a few tiers of service but our fictitious company is going to select Dropbox Standard for Business, which currently costs $12.50 per user per month if paid annually. Let’s assume that Dropbox has a price increase during the middle of the 5 year period. I should note that Dropbox Business accounts have a minimum cost of 3 user licenses or $37.50

  • Dropbox costs for 3 users for years 1-3 – $150 per user per year x 3 users = $450 x 3 years = $1350
  • Dropbox costs for 3 users for years 4-5 – $168 per user per year x 3 users = $504 x 2 years = $1008

Let’s add a line item for supporting Dropbox. We have to assume that staff will need some Dropbox training and/or something will go awry and some time will need to be spent troubleshooting Dropbox. Let’s estimate this support cost at $300/year or $1500 over 5 years.

The total cost of a Dropbox subscription and technical support is  $3858 over a 5 year period

In this hypothetical example, of 3 users for 5 years, Dropbox is less expensive than a file server.

Let’s image that our company now has 6 employees. The cost of the file server are likely about the same. However, our Dropbox subscription costs would increase to about $4600 over 5 years. With support this could bring the cost to about $5600. Thus, with 6 employees the cost of Dropbox is about the same as a file server.

If you had a company with a dozen employees you might find that Dropbox is more expensive than maintaining a file server. Our imaginary file server might require a beefier computer or be equipped with more storage space to handle 12 users so the file server costs would increase, but probably not at the same rate as Dropbox’s costs increase. Thus, the cost savings provided by Dropbox appear to dwindle as the size of the company increases.