The Dropbox integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Dropbox account that could leave you and your organization vulnerable.
- A Dropbox Business plan (Standard, Advanced, Enterprise, or Education)
- Access to a Dropbox Business account with Team admin permissions
For the Dropbox integration to function, Cloudflare CASB requires the following Dropbox permissions via an OAuth 2.0 app:
File and folder sharing
Identify files and folders that have been shared in a potentially insecure fashion.
|Dropbox file publicly accessible with edit access||Critical|
|Dropbox file shared team-wide with edit access||High|
|Dropbox file publicly accessible with view access||High|
|Dropbox folder publicly accessible||High|
|Dropbox shared link create policy set to default ‘Public’||High|
|Dropbox file shared team-wide with view access||Medium|
|Dropbox shared folder policy set to default ‘Anyone’||Medium|
|Dropbox group creation policy set to ‘Admins and Members’||Medium|
|Dropbox folder join policy set to ‘Can join folders shared by Anyone’||Medium|
|Dropbox folder member policy set to ‘Can share folders with Anyone’||Medium|
|Dropbox folder shared company-wide||Medium|
|Dropbox shared link create policy set to default ‘Team-wide’||Low|
Detect when suspicious Dropbox applications are linked by members.
|Suspicious Dropbox application linked by member||High|
User access and account misconfigurations
Flag user access issues, including users misusing accounts or not following best practices.
|Dropbox user with admin permissions and unverified secondary email||Medium|
|Dropbox user with admin permissions and restricted directory access||Medium|
|Dropbox user with unverified email||Medium|
|Invited Dropbox user||Low|
|Suspended Dropbox user||Low|
|Dropbox user with secondary email configured||Low|