Dropbox For Business Lands With Single Sign-On

Dropbox, in the face of massive competition in the enterprise space, has launched a version of its cloud file-sharing software specifically aimed at businesses.

Whilst Dropbox is widely used in businesses, it has been criticised for its security credentials. It’s no surprise then that the biggest sell of Dropbox for Business, formerly Dropbox for Teams” is a security feature – single sign-on (SSO).

Dropbox security boost?

“SSO works behind the scenes to let users sign in just once to a central identity provider, like Active Directory, and securely access all their business apps, like Dropbox. With SSO, companies can put their existing trusted identity provider in charge of the authentication process,” Dropbox said in a blog post.

“For users, SSO means ease — one fewer password to remember and one fewer step to get to your work. Once logged in to your system, there’s no need to sign in to Dropbox separately.

“For IT admins, SSO means additional security and administrative management. Single sign-on gives you complete ownership of the authentication process and works with your company’s existing password policies.”

The SSO feature will land next month, provided by a host of companies, including Ping Identity, Okta, OneLogin, Centrify and Symplified.

SSO, whilst great for IT and users, can be exploited by hackers. A year ago, researchers discovered flaws in the way certain SSO systems were being run. Problems lay in the communication between the service itself and the identity provider – if there are weaknesses in that link, attackers can pick up certifying tokens or make changes to queries, and ultimately pretend to be valid users.

Dropbox has been facing up to much tougher competition in the business file-sharing space in recent times, with a slew of start-ups and seasoned players getting involved. Many have led with the claim they are producing “Dropbox for business”, something the file-sharing leader will no doubt be hoping to counter with its new brand.

Companies such as Box, which is in the process of an aggressive expansion in Europe, have sought to capitalise on security failures at Dropbox. In July last year, Dropbox said passwords stolen from other sites had been used to compromise accounts and send spam.

SSO could also be seen as an answer to other previous authentication problems at Dropbox. In summer 2011, a bug affecting the Dropbox auth mechanism could have allowed anyone to sign into accounts without the need for proper login credentials.

The company recently added two-factor authentication to shore up account security.

What do you know about Internet security? Find out with our quiz!