Dropbox Enterprise brings that same simplicity of Dropbox to the workplace, with enterprise-grade features that help teams share instantly across their organizations and give admins the visibility and control they need. But more than just an easy-to-use tool, Dropbox Enterprise is designed to let employees collaborate while keeping work secure.
- Everything that comes with Dropbox Business Advanced plus:
- Integrate Dropbox Enterprise with third party EMM providers
- Gain visibility and analytics into Dropbox usage on your domains
- Force all accounts using organisation's email to join the team
- Restrict unauthorised Dropbox usage on your network
- Dedicated Customer Success Manager for programme advisory and resource acceleration
- Integration and deployment support
- Advanced training for end users and admins
- 24/7 phone support
- Obtain corporate ownership of user accounts and data
- Collaborate with an existing network of 500M+ Dropbox users
- Best-in-class, global brand means little user training required during implementation
- Seamlessly upgrade existing free Dropbox accounts to Dropbox Enterprise
- Mitigate corporate data loss through granular sharing permissions and provisioning
- Maximize employee productivity via reliable, real-time sync and share
- Minimize wasted time when searching for and recovering files
- Reduce IT costs by decreasing reliance for on-premise infrastructure
- Streamline cross-product workflows by integrating preexisting enterprise software
- 24/7, localised customer support
£154 per licence per year
- Education pricing available
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||
... and over 100,000 additional applications and partners
|Cloud deployment model||Public cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Users should expect a response within 12 hours|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Dropbox has contracted its web chat functionality to Snapengage, a reputable third-party vendor. We intended to execute a future audit on their web chat product to monitor accessibility status.|
|Web chat accessibility testing||Dropbox has contracted its web chat functionality to Snapengage, a reputable third-party vendor. We intended to execute a future audit on their web chat product to monitor accessibility status.|
|Onsite support||Yes, at extra cost|
Dropbox provides comprehensive telephone, webchat and email support, this is available 24x7 for Dropbox Enterprise customers and business hours for Dropbox Business. This support is provided free of charge.
Dropbox Enterprise customers have access to a dedicated Customer Success Manager who acts as an internal champion, escalation point and service manager.
|Support available to third parties||Yes|
Onboarding and offboarding
- Dropbox provides documentation to assist in the installation, configuration, and use of the Dropbox Enterprise service and specific features. The simplest place for readers to begin is at https://www.dropbox.com/guidehttps://www.dropbox.com/guide. This guide won the 2015 Webby Award for Best User Interface
- Short 'how-to' videos can be found on our YouTube channel: https://www.youtube.com/user/dropbox
- For more in-depth answers to FAQ, admins and end-users can search the Dropbox Help Center: https://www.dropbox.com/help
- We also have an expansive community of power users who discuss various topics in the Dropbox Forums: https://www.dropboxforum.com/
- Finally, bespoke guidance materials and trainings can be created by the Dropbox Customer Success team
|End-of-contract data extraction||Data can be migrated from Dropbox either directly from the Dropbox desktop client or using our APIs. Via third parties, customers are able to migrate data from our cloud to either local storage or another cloud storage provider.|
|End-of-contract process||Towards the end of the contract a renewal notice is sent to the administrator. Users will have full functionality until the contract ends, at that point Dropbox will no longer synchronise changes, new files or allow file sharing and collaboration.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
While there is overlap between the desktop and mobile experience, the intention for each application is different. The desktop app is designed for both collaboration and performance, while the mobile application is optimised for previewing and lightweight content creation.
The desktop app gives users access to Dropbox directly through a folder on their hard drive. Using the desktop app means users won't have to manually upload/download files as the app watches the Dropbox folder and syncs all edits (including offline changes). The mobile app allows users to preview, edit, and share files and only downloads files when users need access.
|Accessibility standards||None or don’t know|
|Description of accessibility||Dropbox uses both automated and manual tools for user interface testing. We recently completed a study with low-vision users which uncovered a number of improvements, and we draw on our relationships with external accessibility advocacy agencies for feedback. Our onsite Assistive Technology Lab enables Dropboxers to experience the products they are building through a variety of input and output technologies.|
|Accessibility testing||Dropbox uses both automated and manual tools for user interface testing. We recently completed a study with low-vision users which uncovered a number of improvements, and we draw on our relationships with external accessibility advocacy agencies for feedback. Our onsite Assistive Technology Lab enables Dropboxers to experience the products they are building through a variety of input and output technologies.|
|What users can and can't do using the API||
Dropbox currently provides two separate API capabilities for our customers:
(1) The Dropbox Business API allows apps to manage entire Dropbox Business accounts and perform Core API actions on all members of a team. It gives apps programmatic access to Dropbox Business admin functionality, specifically the Dropbox Business audit log and team usage statistics, as well as group and shared folder management. In addition to Core API calls, the Dropbox Business API features additional endpoints designed specifically for businesses. These include endpoints for user and group information and management, auditing, and webhook notifications. Using the Dropbox Business API, customers can connect to existing enterprise tools including SIEM, DLP, eDiscovery and legal hold, DRM, Data migration and on-premises backup, Identity management and single sign-on (SSO), and other custom workflows.
(2) The Dropbox API allows developers to offer users in-app access to Dropbox files and works as a flexible way to read and write to
Dropbox. Auth, file, and metadata interaction; shared file, folder, and link interaction; and file operations are all handled through
the Dropbox API.
For additional information please see: https://www.dropbox.com/developers
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
Dropbox Business and Enterprise allow for the customisation of security, collaboration and user experience settings. Further customisation is achieved by using the Dropbox APIs to build and integrate services and systems on top of the Dropbox platform.
Furthermore, Dropbox branding can be customised in a few locations:
1) Administrators can customise externally shared links with their company logo. Specifically, your logo will replace the Dropbox logo on any shared link that a member of your team sends to anyone outside of your team.
2) On the desktop application, the Dropbox folder will be renamed "Dropbox (Organisation name)" as set by administrators
3) On the Dropbox.com homepage, the organisation name will appear at the top of the screen and sidebar
4) On the mobile application, users will need to tap on their corporate account (signified by the organisation name and a briefcase) once they open the application to access their documents
|Independence of resources||
Dropbox has 500M+ users. We also have 100,000 businesses using Dropbox Business and Dropbox Enterprise. The solution is built to scale and provide service to a rapidly growing number of users, customers, and data.
Dropbox has been built to handle large in/out volumes of data. Some examples include:
• 1.2B files synced daily
• 2.1B shared folders and links
• 300,000 apps built on the Dropbox API
• 1,000 apps built on the Dropbox Business API
• 5 million calls to Dropbox Business API every day
• 1.1MM files / 40 TB of data shared daily
|Service usage metrics||Yes|
The Dropbox Business admin dashboard provides key insights into team activities as well as shortcuts to common admin actions including the number of current members, pending invites, remaining licenses, and members who have joined over the past 30 days.
Admins also have access to activity logs to audit the actions taken by their team. The activity logs help admins to see how often Dropbox Business is being used regarding files, sharing, passwords, groups, membership, sign-ins, admin actions, apps, devices and Paper usage and allows admins to investigate and fix issues (like accidental file deletions).
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Users can export their data from Dropbox at any point in the format is was uploaded in, either by using the Dropbox desktop client, Dropbox APIs, or a third-party data migration solution.|
|Data export formats||Other|
|Other data export formats||Any file format|
|Data import formats||Other|
|Other data import formats||Any file format|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
|Guaranteed availability||By default, we do not provide service level agreements for Dropbox Standard and Dropbox Advanced customers. In certain cases, SLAs may be provided if requested.|
|Approach to resilience||
A storage system is only as good as it is reliable, and to that end, we’ve developed Dropbox with multiple layers of redundancy to guard against data loss and ensure availability.
Redundant copies of metadata are distributed across independent devices within a data center in an N+2 availability model. Incremental backups are performed hourly, and full backups are performed daily. Metadata is stored on servers hosted and managed by Dropbox.
Redundant copies of file blocks are stored independently in at least two separate geographic regions and replicated reliably within each region. (Note: For customers who choose to have their files stored in our European infrastructure, file blocks are replicated within Europe only). All Dropbox data centers are designed to provide durability of at least 99.999999999%.
Dropbox’s architecture, applications, and sync mechanisms work together to protect user data and make it highly available. In the rare event of an outage, Dropbox users still have access to the latest synced copies of their files in the local Dropbox folder. Changes to files and folders will be synced to Dropbox once service or connectivity is restored.
We have incident response policies and procedures to address service availability, integrity, security, privacy, and confidentiality
• Promptly respond to alerts of potential incidents
• Determine the severity of the incident
• If necessary, execute mitigation and containment measures
• Communicate with relevant internal and external stakeholders, including notification to affected customers to meet breach
or incident notification contractual obligations and to comply with relevant laws and regulations.
• Gather and preserve evidence for investigative efforts
• Document a postmortem and develop a permanent triage plan
The incident response policies and processes are audited as part of our SOC 2, ISO 27001, and other compliance audits.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Administrative access privileges to production Dropbox Business systems (including hypervisors) and administrative consoles provided by our managed services provider are reviewed regularly to restrict access to authorized personnel. The Dropbox production environment can only be accessed by authorized IP addresses and appropriate authentication. Authorized IP addresses are reviewed for appropriateness regularly. Production network access is SSH key-based and restricted to engineering teams requiring access as part of their duties. Connections to the administrative consoles provided by our managed services provider are encrypted.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||EY CertifyPoint|
|ISO/IEC 27001 accreditation date||14/11/2016|
|What the ISO/IEC 27001 doesn’t cover||Dropbox Paper, EU data storage|
|ISO 28000:2007 certification||No|
|CSA STAR certification||Yes|
|CSA STAR accreditation date||30/11/2016|
|CSA STAR certification level||Level 2: CSA STAR Attestation|
|What the CSA STAR doesn’t cover||Dropbox Paper, EU data storage|
|Who accredited the PCI DSS certification||NCC Group|
|PCI DSS accreditation date||15/03/2017|
|What the PCI DSS doesn’t cover||Certification is for merchant status. Certification does not cover Dropbox acting as a PCI service provider.|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||
|Information security policies and processes||
Dropbox information security policies are based on industry best practices and incorporate elements of various industry standards including the AICPA SOC Trust Services Principles and Criteria, ISO 27001, and PCI DSS. Our ISMS conforms to ISO 27001:2013.
Dropbox contractually requires our managed services and data center co-location subservice providers to meet our security and confidentiality requirements, where applicable.
At least annually, Dropbox reviews the security controls of its managed services and data center co-location subservice providers. This includes reviewing their information security assurance reports (e.g. SOC 1/2/3, ISO 27001, etc.). Any considerations raised during the review are addressed in a timely manner.
Dropbox provides a Service Organization Controls 2 (SOC 2) Type II third party attestation report to potential and existing Dropbox Business customers under NDA. This report includes a mapping our controls and processes to the AICPA Trust Services Principle of security.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
A formal Change Management Policy has been defined by the Dropbox Engineering team to ensure that all application changes have been authorized prior to implementation into the production environments. Source code changes are initiated by developers that would like to make an enhancement to the Dropbox application or service. All changes are required to go through automated Quality Assurance testing procedures.
Dropbox has established a change management policy which requires management authorization for development of new applications, systems, databases, infrastructure, services, and operations. New facilities are reviewed by relevant teams according to our physical security and compliance standards.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Dropbox conducts periodic vulnerability scans, internal and external security testing at the network, application, and operating system levels.
Dropbox has the capability to rapidly patch any vulnerabilities identified in its devices, applications, and systems. Vulnerabilities are patched, as deemed appropriate by the Dropbox Security team, in a timely manner.
Dropbox also encourages the security community and users to report security vulnerabilities to us by following our responsible disclosure policy. We participate in security bug bounty programs and platforms to engage the hacker community to find work with us to bash security bugs before they are exploited.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||
Dropbox uses a security information and event management (SIEM) system, which merges data sources such as firewall logs, IDS logs, physical access logs, and other data for analysis and alerting.
The logging and monitoring in place allows for determining the impact of a potential incident on a specific Dropbox Business Account or customer and part of the response process is to contain or isolate the incident. The incident response plan includes procedures for maintaining the integrity of evidence through the collection and retention process.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||Dropbox has established a documented incident response plan that aligns with the terms of the Dropbox Business Agreement. Due to the shared infrastructure nature of service, we do not integrate customized tenant requirements into our security incident response plan. The incident response plan includes specific procedures to notify affected customers of confirmed data breaches. Customers may notify Dropbox of potential vulnerabilities or breaches by following the procedures described here: https://www.dropbox.com/help/4399/en|
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||No|
|Price||£154 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|