Does Your Workplace Block Dropbox?

Does Your Workplace Block Dropbox?

Dropbox is unquestionably one of our favourite technologies here at Lifehacker, and the thought that evil corporate overlords might block all that file-syncing goodness fills us with dismay. But there’s no doubt that it’s happening. Is it happening to you?

I was reminded of the fact that Dropbox is seen as a secrets-leaking business risk magnifier at a press lunch for F5 Networks in Sydney today, where global marketing VP Kirby Wadsworth (pictured) noted that his own recent attempts to access his Dropbox account had been blocked by the existing systems at F5. While that wasn’t unexpected — a core part of F5’s product offering is the ability to tightly control IP traffic to ensure that security policies are maintained — Wadsworth isn’t under any delusions about the long-term viability of that approach. Given the widespread popularity of Dropbox, he predicted that the block will “last about five minutes” once someone clues in to a workaround.

An advanced IT department might well offer an alternative; the Silverback system for allowing controlled iOS access also includes a file synching system. As Chris Hagios, managing director of Airloom, which developed the Silverback system, pointed out at the same lunch, that kind of alternative is essential: “So many customers are using Dropbox.”

That’s commendable, but I suspect it’s a minority viewpoint. Does your workplace restrict Dropbox access, and have you worked out a way around it Tell us in the comments.


  • Yes, my work place does block drop box, it started about a month ago. Pretty frustrating, I’ve had to dig up my old USB drives for the first time in ages. Mind you, after having to USB some documents to work over the weekend I’m going to request that they let it through again

  • Our new work proxy blocks dropbox, but at least for the moment, you can switch back to the old proxy (while it’s still running), and it will work.

    Access via the web is hardly ideal anyway, and while our corporate SOE is locked down so tightly that you can’t install the actual client, usage in the office is almost a waste of time.

    We have a mix of backed up storage (via Windows shares), and a web based document management system – but Dropbox would make working from home a hell of a lot easier, as it would mean I wouldn’t need to be tied to a VPN connection all day to access my files.

  • Not only does my workplace not block Dropbox, it is the centre of the administrative system. All documents are saved to one of a number of Dropbox folders with access to folders open to those that need it.
    It is an industry that is highly collabrative (beer brewing)and our sucess is not in the documents but the skill and attitude of staff. So security and IP are not a major concerns.
    Great place to work, great beer! Go Goat

  • They are just protecting there valuable data to corporate espionage. They don’t need disgruntled employee’s stealing information to give to their competitors. Your convince is not their concern. You will find your self jobless if found to be breaching your company’s Terms of Service/Use policy. I really hope you think twice before using work around’s on your work computer.

  • If you can access the site, but not sync, it means the corporate proxy is blocking any HTTP traffic without the User-Agent field HTTP header (Dropbox client doesn’t use this header, for some reason). To get around it, install something like Fiddler2 (assuming Windows) and enable one of the User-Agent rules, then configure the Dropbox client to use your new “local” proxy. Works for me.

    • Wow. Never knew this, I always route traffic via an SSH tunnel inside and HTTPS session (which gets around EVERY proxy except those with whitelists). Looks like I could have been doing something a hell of a lot easier in some cases.

    • Hi Adam,

      Can you please help? I am trying to do what you did? I installed fiddler2 but I do not know what to do next? Can you guilde me?

  • I’m a Sysadmin for a NSW Gov department and it is blocked – by me! Along with a tight policy on USB drives that forces encryption.

    I love dropbox however I’m sick of having to report post incident reviews for data breach and to try and manage portable devices out in the wild.

    Harsh but fair.

    • Matt,

      I work for a Vic Govt Department.
      It should not be your job to deal with the consequences of poor data management issues.

      Ultimately it should be a managerial issue. Management creates the culture that encourages poor data practices. Conversely, good management encourages the use of creative, secure (yes it is secure when used properly) and productive systems that benefit the workplace.

      Blanket bans on such useful systems just drive it underground (Napster anyone?)

      You should educate management about how it can be used properly, then put it on their shoulders. It should become their problem, not yours.

      It is not an I.T problem. It is a workplace discipline and culture issue.

    • I agree with Darryl. If you have secure data make its way out of the hands of your company/organisation, you do not have an InfoSec issue, you have a management/HR issue.

      Intentionally gimping your employees productivity just because your afraid that they might suddenly go mental and start emailing everyone their TPS reports is way over the top, and it makes employees feel like their own company does not trust them (and why give your all to a company that thinks that your only one more meeting away from robbing them of their intellectual property).

      A far better way of addressing this issue is to ensure that employees only have access to the data that applies to their job and to inform them that stealing company information is the same as stealing the company photocopier (in that they will be fired and prosecuted if they do) everything else is paranoia

  • Surprisingly the site is not blocked. Don’t know about the app, but given all the other stuff I’m free to install I don’t think it would be.

  • Dropbox app and site as are usb drives. Stupid thing is if you really want something you can always email yourself the file. In this day and age it’s hard to really completely lock down IP 100%

  • Our work Laptops and PCs have locked down images so you can’t install anything unless you are have System Admin passwords. Not sure if the network blocks dropbox if you connect your personal laptop (which you can), but I know it blocks VoIP and p2p services, so suspect it would also block this.

  • We got upgraded last year … to Windows XP and Office 2003. Dropbox was fine for 12 months then they blocked it a couple of months back. They won’t let me install TrueCrypt to encrypt my USB stick – but its OK to carry it unencrypted. You just can’t have any fun anymore with sensitive corporate data.

  • DET blocks all online storage and syncing services like dropbox, google docs, office web apps. Pretty frustrating to have to shuffle documents between computers with a USB. 🙁

  • I work for a bank and they block EVERYTHING!

    Our SOE is Windows XP SP3 (SP3 came in the last few months) w/ IE6 (a lot of our internal web apps won’t run on anything, defeating the point of them being web apps!) and Office 2003. It’s locked down as tight (well as tight as XP gets, which isn’t really that tight if you know what you’re doing). Luckily as a developer I have local Administrator access on my machine, which makes life much easier.

    – No USB access
    – No ability to burn discs
    – Non-company computers get picked up on the network (MAC address filtering), and can result in wifi repeaters or datapoints being automatically shut down
    – No social networking sites without the approval of a manager only a few rungs down from the CEO
    – No video game sites
    – No ‘naughty’ sites (of course)
    – No Dropbox or similar sites
    – No Google cache
    – No Google Docs or Gmail
    – Proxy filtering based on the number of times a keyword appears. Basically, if you want to read an article that mentions Facebook more than three times, you’re shit out of luck

    In my particular role I have very valid reasons for accessing social networking sites, I did manage to get on the ‘social networking white list’, and then Google+ came along and ended up blocked anyway. At the moment the proxy only seems to be blocking it intermittently however.

    • I also forgot to mention that our hard drives are encrypted, which means that even on brand new hardware, XP runs like a dog (5 minutes before you have a usable desktop).

  • Dropbox is blocked here, everything is locked down.

    Luckily we can access Google Docs for work, so can sync to Dropbox using utility.

  • My name is [censored] and I’m a sysadmin who made the decision to block DropBox.

    ****Rant warning***

    First off, to anyone who thinks data management and protection is an HR/cultural issue, I’m sorry, but you are mistaken. As an IT Manger the very first line of my job description reads “Protect the availability, integrity and security of [employers] data.” A lot of people see the purpose of IT as fixing PC’s and printers and installing software. Important to business operations, but really all of that can be junked and replaced pretty easy. Data is everything! It’s the one asset you can’t call up a supplier and say ship me more. Data must be protected, pretty much to the exclusion of every other consideration.

    Steps off soap box.

    ***end rant***

    Now, the admissions start.
    It’s also worth calling out that the above position, may not appropriate for every business situation. Real life intrudes and compromises have to be made in the name profitability and getting the job done. However it is the “default” position that an IT department has to take.

    Admission the second.
    IT Departments are slow as dog shit in adapting to the new wave consumer orientated products and services that are flooding the market. We simply can’t keep up with rate of Dropbox, Prezi, Workflowy, SurveyGizmo products that are users are finding and quietly sharing corporate data with. I’ve found users posting meeting minutes to Google Docs *smacks forehead*.

    But I want to be clear on this point. It’s not that we don’t trust our users, because we do. It’s that we don’t trust the people that data is being handed over to.

    What security do DropBox and SurveyGizmo really have around their data? It might be excellent, but I can’t tell. Yet a user can do more due
    diligence than creating an account and hey, that networked folder is now “sync’ed to the cloud”.

    And here is the bit that’s important. I hate being in this position. I’m sure most other IT people do as well. We don’t want to be the fun police. We don’t want to be the guys, that hold the business back or stop people from using *gasp* new technology??

    It blows, and basically puts us on the losing side of this argument. Yup, thats right We are going to lose this. But maybe, just maybe if we slow it down just a bit, we will have enough time, to put policy in place, educate our users and maybe even implement enterprise grade systems, to give you the functionality you want , but protect data at the same time.

    We’re trying, we really are.

    • Isn’t a bit ironic that the IT department response to “Protect the availability, integrity and security of [employers] data” is to DENY availability of data?

  • Yep, dropbox blocked at my workplace. Apparently working efficiently and productively isn’t much of a priority. The thing that gets me about the whole data security argument is that it’s not a technology issue, it’s a people issue. If you’re serious about getting data out of a company, there is very little anyone can do about it. In the meantime, the 98% of staff trying to do their jobs better are being stymied.

  • Not blocked for me! But since our IT guy (and I use that term VERY loosely) asks me questions like “how do I turn on my blackberry?” and “how do I crop images?”, I can’t say I’m surprised.

  • nope… I created dropbox accounts for everyone across my network, and taught everyone how to use it!

    I’m never blocking it!… everybody loves it now!

    the key is to teach people not to put sensitive data in DB!

  • My old job used to block 🙂

    Along with blocking everything else that’s on the net, including Dropbox.

    I bought a Linode instance purely for tunneling through the proxy in order to get my job done (software development). Thank god they didn’t/couldn’t block that.

    Looking back, I’m not sure why they didn’t just turn it all off and give us typewriters. Good riddance.

  • Not blocked. I love it, and I know a few staff use it. It of course isn’t officially supported, but it hasn’t become a major drain on our ‘net resources.

    I use it to store all my scripting, for backup, and so I always have access to it. It’s also a very handy way of getting a new album onto my work computer from home. Of which I can VNC to my home computer as well.

  • No one here has addressed 2 primary concerns with corporate data in the cloud: (1) legal ramifications and (2) export control issues. Google it and you’ll see there’s a lot more at stake than you think when it comes to company data ending up in the cloud.

  • If I wanted to unblock Dropbox on our corporate network and allow it’s traffic through our Cisco web security appliance, how would I even go about doing that? Simply adding to the custom exclusions list doesn’t do it.

  • My workplace blocks DropBox but some to have forgotten to block Google Drive. I needed some files from DropBox so I downloaded the app to my Smartphone, acce3ssed the files on my phone and sent them to myself by gmail (using the “Export” option.

Show more comments

Log in to comment on this story!