I would love to use this for a number of things I'm involved with, but I am surprised by the package that is offered.
I'm not saying that what they offer (1 year of 350 GB for $800) is not worth the price, but I am disappointed that there isn't a smaller package.
My needs for this kind of thing are more like 10-20GB. The team features are very attractive, but there's no way I am going to sign up for a package that large.
I'm sure Dropbox has put a lot of thought into the decision though. I'm very curious about where they are going with this and if they will ever offer a smaller team account.
Personally I'd love to see a team account somewhere around $10 a month for 10 GB and 5 users. Basically same price as their Pro 50 individual account, but with 5 users and 1/5th of the capacity.
I don't think the price is too bad. It comes out to $13 per seat per month for a team of 5. Drops to $10 per each additional.
I think this is more an issue of pricing psychology. The price should be marketed as $65 a month for a team of up to 5, $10 for each additional team member.
I agree. A better price point would be $50 a month. Even with that I'm not sure if I would sign up for our team. If there was a step up from free, like $20 a month for less storage I might do that.
Ditto. I'd pay about $20-30 a month, depending on the value offered, for 20GB/10 users, and surcharges for overage.
As is this is of no use to me. There is no free trial so I can't see if it works (for me) first. No way I'm springing $800 up front without seeing the merchandise. This is a shame because Dropbox is a great service, and I don't pay for a personal account (don't need more than 2GB), but could totally see myself paying for a work account.
If Dropbox could be configured as a backing store for a NAS (eg QNAP) it would take over the world.
Yeah, but Dropbox's prices are too low for these places. I've found that asking for $20 to get an Excel plugin that gives you Vim keybindings is an impossible task. But getting a million dollars for a proprietary knockoff of memcached? Easy. You don't even have to fill out an expense report.
Compared to the current "enterprise" DAM solutions, this is practically free. SharePoint, Documentum, etc. can be tens of thousands a month plus huge setup fees to get rolling.
Disclosure: I work for a startup that offers digital asset management and distribution to large corporations.
You're right, the price might seem high. And when you're a team of only a few people it's a high price per user.
Personally, I would pay this price if I had a team of more than about 5 people. Simply based on the fact how reliable Dropbox has been for me and I think it will be hard for anybody to give me a better product.
I've been half wishing for a "master dropbox account" for some time and I'm glad to know it is available, even if it's a bit expensive.
I tend to agree - a small volunteer organisation I'm involved with just shares a single Pro 50 account among a few people. We'd upgrade to a small teams account if it was only a bit more expensive.
Our team of 3 each [currently] has an individual Pro 50 account (more than enough for our needs). One of the members has the unlimited roll back, priced at $38. That's a total cost of $397.64.
I had the same thought immediately -- nothing smaller than 350GB? -- but then it occurred to me that fees lower than $800 may not be worth Dropbox's while.
Although the website mentions that "files are encrypted to military-grade standards" that doesn't help if secure client-side encryption is missing.
The best encryption doesn't help (me as a user) if I'm not the one in control of it. And even if I would fully trust Dropbox this does not help, as Dropbox must still surrender the data if, e.g., requested by law enforcement (which would not be an issue if the data were encrypted on the client, so that the user is the only one able to decrypt it).
Using software like encfs inside a Dropbox container does not help either. Once I start hacking around on such solutions it's easier to just use a service with client-side encryption. So if anyone from Dropbox is reading this: Consider this as a "feature request". I absolutely love the way how Dropbox works, but right now I don't really use it due to this security issue.
I agree fully. The only thing this is doing is ensuring that the data cannot be seen by someone in transit; as long as you're not using your own key, anyone dropbox still has access to your data.
I remember this issue being raised earlier, as I recall, tarsnap and spideroak were the suggested alternatives.
Honest question - what are you worried might happen? From your comment, it seems like you do trust Dropbox but are afraid they might have to surrender your data, but I can't imagine what kind of data you have that might be that sensitive.
It's not a matter of data being sensitive, it's a matter of paranoia and data control. I do it too, I don't like my data leaving my control, which is why I use SpiderOak even though it's much more of a hassle sometimes.
You are talking about a team of people here, so your data are already out of your control. I think you have more to fear from someone on the team going rogue or being compromised than from Dropbox disclosing your data to a 3rd party.
I've read through dropbox's security PDF and I still have a lingering question: What prevents employees/intruders from looking at your dropbox files stored on the server?
As I understand it (and perhaps I'm wrong), your dropbox password is not your encryption key. The fact that I can change my password and then still have instant access to all of my data (ie - it is not batch re-encrypted with new key) all but confirms this, correct? If that's the case, then it implies that, somewhere on their servers, they store an encryption key for each user (or gasp a single encryption key for all users).
If that's the case and someone is able to access those keys (employee, breakin, etc.), then they can decrypt the data for any user.
If this is all true, then this makes the service too risky (for me) for anything that could be considered medium to high security. I'd prefer it if the good folks at dropbox offer me the option to provide my own encryption key that is only known to me and is provided by me each time I want to gain access to the dropbox files.
Personally, I don't trust the folks at Dropbox much more than I trust a random hacker. (No offense, of course. I just don't know them.) It's not even a matter of a security breach. Can you really be sure that one of their interns can't gain access?
So I would never put anything more than mildly sensitive on Dropbox unless I could encrypt it locally at each computer I use before I sent it too them. Yes, I guess it would be somewhat better than the current situation if they encrypted it on their system using a key I sent every times I wanted a file, but I'd still be trusting them to properly destroy the key, etc.
Personally, I don't trust the folks at Dropbox much more than I trust a random hacker. (No offense, of course. I just don't know them.) It's not even a matter of a security breach. Can you really be sure that one of their interns can't gain access?
By that logic, you should also not trust the guy who makes your next carry out. You don't know him after all. For all you know he could be some evil guy who likes to spit in the customers' orders.
If you've ever worked in a kitchen, you'd know that you definitely shouldn't trust that your food isn't spit in. It doesn't happen often, but it happens. Luckily, occasionally eating some spit isn't that big of a deal, and it's something I accept as part of the the convenience of having food prepared for me.
On the other hand, if you had very sensitive financial or business info on Dropbox, then the consequences are much much more akin to having your food poisoned. So then you're question becomes: why aren't I afraid of being poisoned by my take out? And the answer is that (1) nobody stands to gain from me being poisoned while they do stand to gain from stealing my financial info, and (2) the perceived seriousness of poisoning means that many more resources are put into finding and punishing people who poison (per incident) than people who steal financial data, so people are strongly discouraged from the former.
> The fact that I can change my password and then still have instant access to all of my data (ie - it is not batch re-encrypted with new key) all but confirms this, correct?
I don't know what Dropbox does, but it is possible to encrypt all data with a random session key, and then encrypt that session key with a password. Then a change of password simply needs the stored encrypt session key to be replaced. This is what LUKS does, for example.
I think you are right; the encryption key must be stored in their servers so if they are compromised the files would be compromised.
As a general rule you shouldn't trust a third party with the security or encryption of your very sensitive files but encrypt those files yourself before they go into dropbox (or other services).
What encryption mechanism would you recommend for this?
I have some pretty low risk files in my Dropbox but I still encrypted them with a long complex password with 256-bit AES encryption through WinZIP. I've heard GnuPG is better as it allows asymmetric encryption, but this should be good enough.
The dropbox business model doesn't really work for encryption.
They hash files and avoid storing multiple copies of the same file, this is great for our business - we can 'instantly' upload large files if another user on our system already has an identical copy of that file - but it means that files can't be securely encrypted.
Basically trust Dropbox about as much as you trust email, if it matters encrypt it locally
"...but it means that files can't be securely encrypted"
I'm sorry, but I don't follow.
For all bit-identical copies of a file, the secure hash will be the same. For all copies of that file encrypted with the same symmetric encryption key, the same property holds. Encrypt it with AES-256 using a shared key, and all users can still take advantage of the LAN copies and de-duping that Dropbox supports for unencrypted files.
Now, if you want full asymmetric (RSA, PGP, whatever) encryption of files with per-user keys and fast LAN copies/de-dupling of the plaintext version, you're of course out of luck. That's not a failing of Dropbox, though; the same would be true of any NAS solution, locally-hosted or not.
You can use different keys for each file that you derive from the file itself. So if two user's store the same file they encrypt to the same data, but no one is able to decrypt such data without knowing the file.
On the user's account you would then store a list with keys for each file. Before this list is stored or updated on the server, it is encrypted on the client-side with the user's password, so that the server cannot retrieve this information.
Of course, the security with such a scheme is somewhat lower than with "traditional" encryption, as you can find out who shares a given file. But the advantage of this is that you are still able to block particular files, if, e.g., required to do so by law.
I was really just talking about trusted parties reusing a private key (say, for an encrypted disk image shared amongst team members) not arbitrary strangers on the 'net.
That doesn't require that a server know the key; it only requires that those parties exchange a shared key in advance. It's no different than, i.e., a PSK WPA network password, or a shared encryption key on a workgroup document.
You could still use a service like Dropbox as a reliable offsite backup, while doing all your crypto locally. Think of it as the "availability" service to complement your local policies that insure integrity and confidentiality.
If you have the technical savvy to set it up, encfs works REALLY well as overlay encryption for Dropbox. Unlike other options such as Truecrypt, it encrypts and obfuscates at the file level, so Dropbox's per-file synchronization and conflict resolution still work.
The information on the encryption is not that in-depth. While I also don't have more information than available on Web-site, from the information available it seems that they server-side encrypt all files with the same key which is (therefore) available to Dropbox. Maybe they just use an encrypted partition or something like this.
If you want a similar system with better encryption look at Wuala or SpiderOak.
I work at a large corporate. We're not allowed to use Dropbox, but I do and so do many of my co-workers.
Value + convenience > Consequences of being caught
This concept is great - and no doubt you've thought about what I'm about to suggest. But how about an on-site managed solution? These IT departments simply aren't allowed to put stuff in the cloud!
Remember, there's pretty much ubiquitous hate all-round for Sharepoint.
I'm experimenting with AeroFS for just this reason. While you do have to talk to their servers to manage the shares and such, the data is peer-to-peer and unless you request it, your data doesn't get stored out in "the cloud" somewhere.
Honest question: What's wrong with using the normal Basic, Pro 50 or Pro 100 Accounts with a whole team? Obviously you have to share an account but if the dat should be available to everyone, what's wrong with that?
If they charged $65/month, rather than $795, I bet they would have 10x more customers for this. How many people would buy cable if it was $1000/year, ditto for cell phones, Basecamp, Salesforce, etc. A little pricing psychology can make a massive difference.
This seems to be more of a play into the enterprise and public sector markets. Startups have budgets that can vary wildly from month to month, but enterprise and educational departments usually have fixed budgets for the year for each department, and there's little "discretionary" budgeting.
$800/year represents a known quantity that they know won't change in price, and thus it's a lot easier to get approval to get it in the budget.
Right? I came here to post the exact same thing. My animal brain kicked in immediately at the $800 a year and thought "woah, why is it so much?" Then I realized that's just $65 or so year.
That's a pretty steep price point for small startups that need to watch the pennies. So if you have 7 active team members who need to save files as well as read them (quite a lot for a bootstrapping startup), it's still cheaper to get 7 Pro 50 accounts than to get this.
In fact, given that Dropbox Pro 50 is $100/user/year and this scales up at $125/user/year, Dropbox Pro 50 remains cheaper forever. So the only reason to upgrade to this is if you need more than 50GB of team storage.
It all depends on how much data you really use. Since sharing folders takes up space in all accounts that use the share, 7x50GB != 350GB shared storage.
My initial thought was the opposite, "Wow, this is incredibly cheap for that much dropbox storage!". Dropbox standard = $0.165 per GB per month, Dropbox for teams = $0.19 per GB per month, most other services >$0.5 per GB per month.
We use dropobox pretty much as a "file server" at the office and my biggest issue has always been the lack of ability to assign permissions/roles. i'm glad they incorporated this much needed feature but at that price point there is a 0% chance we'll be upgrading. The attraction of dropbox, at least for myself and other small business/startups, seems to be the low cost of entry for
1) reliable and relatively secure backups
2) access over multiple computers, networks, devices
3) versioning
i only wish they had remembered the "low cost" part when adding the new functionality because at that price point it's better for me to just set up X number of s3 buckets and assign users/roles to each bucket and let them mount the drive via transmit 4 or sign up for jungledisk. yes, not as eloquent but it'll work for our needs.
The idea sounds great, but I really think that they need a few more pricing points/models. As an example, I work at a school. It would be great to be able to use this for students and teachers, but my use case is far more than five users but far less than 350GB of storage needed. Some flexibility in the plans would be great.
Since you work in education, would you be more likely to be able to call them up and work out a custom license than a business would? I don't really know how that works, but when I was in school it seemed like tech focused educators and other district staff were able to pull off crazy deals and licensing situations at least with some companies.
Probably, but our district tech support staff is way too understaffed: just downloading and installing Python 2.6 (which I use to teach parts of the class) takes a couple of months lead-time. Even single-user Dropbox isn't supported on campus; I can only run it because the installer will work (somewhat) without admin privileges.
Ah, bummer. I guess the last time I was paying attention to this stuff, I was a student, and it was at a time when there were an increasing number of computers in schools, but no one beyond computer lab admins and tech savvy teachers to tend for them. Didn't stop to think that it was surely fully institutionalized at this point. Duh!
Not to stick my nose in where it doesn't belong, but...
Might your students be better served by learning to use a more traditional version control system than Dropbox as a repository for their class projects? Mercurial and Git both have "large file" extensions/forks available that make asset management less painful, and the lessons learned w.r.t. workflow would carry forward into many other, non-game-related programming projects the students undertake in the future.
I've definitely thought about it. However, several units in the year involve filetypes that are particularly poorly suited to git: GameMaker, NeverWinter Nights modules, and Unity 3D all work with large, opaque binary assets.
Needs to have more admin permissions, like seeing all the shares, restricting sharing outside of the team, enforcing deletion of shares when people are booted, etc. It's a good start though to replacing the old file share box.
Well I am staying with Wuala.. Just as easy for teams to collaborate as with the new dropbox team feature. In fact it is easy to be part of multiple teams or groups, have your private space and public sharings, no space limits (if you share space), better security.. I think Wuala deserves much more love.
(I am not affiliated with Wuala in any way, I am just a happy user wandering why such a great product is not more popular)
IMHO, the reason Wuala is not popular (certainly the reason I dropped it), is:
- Its bloated and slow Java swing client app.
- It's buggy as hell, using the dokan integration MD5s of uploaded files do not match often. Using the java client directly works OK, but it doesn't exactly inspire confidence.
- Really poor integration with the OS (it wanted to install a kernel mode driver to create a filesystem mapping.)
- The inability due to its cryptree encryption protocols to do any kind of delta-upload.
- It had a bizarre notion of permissions, for example, there is no way to hide from the public which groups one is in.
- No android client
- Poor website, impossible to use on a mobile web-browser
Much prefer the alternatives, like Dropbox, SugarSync mostly these days. Wuala seems like it is ideal for uploading backups and other rarely changing files, and combined with the ability to get 100GB free (almost) storage this is what I think it should be used for. Certainly nothing involving rapid change or collaboration.
Wuala dev here. I just wanted to let you know that we have fixed some of the issues you have mentioned. We'll switch to CBFS as file system driver shortly (that's the same driver SugerSync is using AFAIK). However, this is still a kernel driver. Unfortunately, Windows provides no other way to mount a custom file system. DropBox just syncs an existing folder, but that does not scale to large amounts of data. For example, if you have 100 GB of data online, you cannot sync it to your notebook with a 60GB disk. On the other hand, the dropbox approach is simpler. Delta-uploads (achieved with block-level-deduplication) are planned for spring. You can also disable seeing the public groups in the options now. Also, the UI (which is SWT and not Swing btw) got more light-weight and simpler with the August update. We are not as fast with many things as we'd like to be, but there certainly is progress.
Aaaaaaaaaaand this is the best news I have heard all week. We have eight 100GB accounts at my company. Shared quotas and central admin are what we have been dreaming about. I started using Dropbox in its beta, and it is beautiful to watch this baby grow up.
A lot of businesses can replace their file server(s) with this setup. No backup worries. Can get to it from anywhere. Files are automatically sync'd. The local server is archaic. Server in the cloud!
Dropbox's network performance is still pretty mediocre even at the best of times. I don't know if it works better in the US, but here in Sweden it is a good 10 times slower than using our ftp site hosted a few towns over.
Copying a few gigs from my computer to my coworkers computers via dropbox takes close to forever, esp when compared to doing the same task via a local fileserver over a 100 MBit or GigaBit network.
Don't get me wrong though I love my dropbox account and even think that this new product would be great for where I work (if possibly a bit too pricey), but we are far away from dropbox replacing local file servers.
Well, you should probably be backing up your whole drive anyway. Even if you managed to put all your data in Dropbox (unlikely), nobody wants the pain of having to reinstall the OS and all their apps.
Except that you don't. If Dropbox screws up, and the service deems your files gone, the clients delete their copies too. At that point, you have to hope that somewhere, at Dropbox, the file still exists, or that some client was disconnected from the network, and still has your files.
It protects you against the unavailability of Dropbox. Not against screwups on their side.
Dropbox does keep a cache of recent file versions. So a server-side screwup won't entirely ruin your local files. Still, you're right that more backups are needed to avoid a single failure point.
Well, for a small office (e.g. 30 people) this would cost $3920 per year. Local server may well be archaic but with this kind of pricing it's still much cheaper.
Even with a local server, you still want offsite backups. Guess what? If you stay under 1TB, this is probably the cheapest offsite backup solution for servers.
I had a simple e-mail exchange with a DropBox Sales person about Team a few days ago where I told them I was interested because I need more than 100gb of space, but $795 was huge.
Can you elaborate a bit? Are you looking for something a bit more 'in between', like a 200GB package? (Price per GB hasn't changed much from the 100GB package to the 350GB package, so I guess that ain't the problem.)
Great and a much needed product... But isn't it a bit of an expensive entry point compared to the alternatives? Check out the current prices of box.net and sugar sync.
Box.net is in the same price range. It's a little bit cheaper if you're using more than the 350GB dropbox offer, but under 500GB, with four users or less. Extra users cost $180,- per year, compared to $125,- at dropbox.
I hadn't heard of sugarsync and just had a look, they offer a lot less storage (100GB for 3 users), and pricing for extra storage is a whopping $300,- per 100GB per year (contrast that to the dropbox offer of only $125,- per 100GB per year). Extra users are cheaper though, only $100,-.
It's hard to see this work for smaller startups. Dropbox has always been for smaller consumers, at least the free version. Dropbox for Teams seems like a good step for bigger companies that share a lot of large files. Internet startups probably can just upgrade their individual plans and manage their files wisely.
I'd like a small team version, that would be pretty sweet. 50GB would suffice.
This is awesome. I couldn't find any info on how locking would work though - Word's temporary files that it uses to detect simultaneous opened filed aren't sync'ed to Dropbox (for good reason). Anyone any idea how this works?
I don't believe there is any locking at all. This the the USP of my startup - file synchronisation with locking fixed, so there are never any synchronisation conflicts.
There is a catch though, which is that for high availability and locking functionality all nodes must be always-on (from the CAP theorem) - not that great for laptops.
I am working on something to fix this too, though.
Jungledisk workgroup is a smaller package, but for a lot less money. Also, storage fees are per gb, which is nice. We use it for our 4 person team and pay about $20 a month. Same encryption and shared storage features.
Yeah, I'm completely lost at Dropbox's new price point when compared to Jungle Disk, which is just as, if not more flexible than Dropbox. Jungle Disk is a lot more user friendly than you're letting on to, I've used it both personally and in the workgroup edition.
5 users over the course of the year on Jungle Disk: $240
320Gb of storage on Jungledisk for a year: $576.
Total
I'm tempted to say these are non-competing products since you can just mount the cloud disk with Jungle Disk, but you need to sync with Dropbox, but you can do the same with Jungle Disk.
While the ending annual cost may come out the same, its harder for most business to pay that in one shot instead of month to month with no contract. So that's the main difference.
Also $50 was my higher end suggestion, big difference between $25-$30 and $65.
I would love to use this for a number of things I'm involved with, but I am surprised by the package that is offered.
I'm not saying that what they offer (1 year of 350 GB for $800) is not worth the price, but I am disappointed that there isn't a smaller package.
My needs for this kind of thing are more like 10-20GB. The team features are very attractive, but there's no way I am going to sign up for a package that large.
I'm sure Dropbox has put a lot of thought into the decision though. I'm very curious about where they are going with this and if they will ever offer a smaller team account.
Personally I'd love to see a team account somewhere around $10 a month for 10 GB and 5 users. Basically same price as their Pro 50 individual account, but with 5 users and 1/5th of the capacity.