4 questions (and answers) about integrating Dropbox for Business with your IT workflows

Dropbox for Business API

Recently we hosted a webinar on how companies can bring their IT workflows and policies to the cloud — from security information and event management (SIEM) to data loss prevention (DLP) and eDiscovery — using the Dropbox for Business API. The webinar featured a lively discussion with Dropbox for Business product manager George O’Brien and guest speakers from Splunk, Guidance, and CloudLock.

Didn’t get a chance to attend? No problem. We’ve gathered a few Q&As from the webinar and recapped them below to provide more info on how you can use the Dropbox for Business API.

Q: How can I set up an effective eDiscovery program for my company?

A: A good place to start is the Electronic Discovery Reference Model (EDRM). It’s a defined process that allows all parties to operate under the same guidelines and it’s great for prescribing what to do. But, the devil is in the details of how to do it. I’ll touch on two keys to an effective program — the first is partnerships, and the other is repeatability and defensibility.

First, partnerships. As technology expands in breadth and becomes more sophisticated, it’s fundamental that your Legal and IT teams have a good relationship. Legal is going to need to rely on IT’s expertise to understand the devices and location of data, as well as the capabilities and limitations of the technology in use. This is key to tackling the Identification and Collection stages of the EDRM and effectively managing against your timeline.

The second thing I want to touch on is repeatability and defensibility. These are really the two best tools for achieving reduced cost and risk, which are your most important goals in eDiscovery. You need to get to know the ins and outs of your organization and implement a process that works for the business. Whatever those processes are, you want to make sure that they’re universally applicable across all your cases, that they stand up against time, and that they cover all stages of the EDRM.

– Ian Ezra, Sr. Product Manager, Guidance Software

Q: What are the most important things to consider when choosing a DLP strategy for cloud services?

A: Organizations should choose a solution that can enforce policies across multiple cloud applications, so they have centralized management and visibility into all of them. They’ll also want to ensure that their strategy is nonintrusive for end users. If end users feel like something is getting in the way of their productivity, they’ll find a way around it.

On that point, a cloud-native, API-based approach that works with the platform — like CloudLock does — protects data in the cloud and not from it. It also ensures that users don’t have to contend with proxies, gateways, or heavy-handed encryption solutions that might break other functionalities that cloud services like Dropbox provide.

Finally, companies should make sure that they have visibility into third-party apps that users authorize to access these sanctioned cloud platforms, because it’s not always just about the users and how they’re sharing data. Users can also authorize other third-party applications that act on their behalf, and you need visibility into that cloud-to-cloud activity.

– Jennifer McClain, Director of Product Management, CloudLock

Q: What types of data can Splunk index and what is the transport mechanism?

A: Splunk can index really any type of machine data or log file, whether it’s structured or unstructured. The data just has to be human readable and accessible to Splunk. And there are many ways to get that data into Splunk. For cloud-based services, it’s often via the service’s API, which is the case with Dropbox. For on-prem sources, we usually get the data in using a small agent we call Splunk forwarder. It installs somewhere on the machine, gets the data locally, and forwards that over to Splunk via the network, TCP, or UDP. If the agent isn’t available, we can also reach out via Syslog, XML, JSON, or use scripts.

– Jason Conger, Practice Manager, Splunk

Q: Several companies (in addition to Splunk, Guidance, and CloudLock) have built Dropbox for Business API applications. Where can I see a complete list?

A: We have a great listing of all our partners and solutions on the Dropbox for Business apps page. You can also reach out to our sales team if you have more in-depth questions about a particular solution area. We’d be happy to help connect you with our partners.

– George O’Brien, Product Manager, Dropbox for Business

Interested in learning more about the Dropbox for Business API and how it can help your business? Watch the full recording of the webinar.