Skip to content

Dropbox

The Dropbox integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Dropbox account that could leave you and your organization vulnerable.

Integration prerequisites

  • A Dropbox Business plan (Standard, Advanced, Enterprise, or Education)
  • Access to a Dropbox Business account with Team admin permissions

Integration permissions

For the Dropbox integration to function, Cloudflare CASB requires the following Dropbox permissions via an OAuth 2.0 app:

  • account_info.read
  • files.metadata.read
  • files.content.read
  • sharing.read
  • team_info.read
  • team_data.member
  • team_data.governance.write
  • team_data.governance.read
  • files.team_metadata.read
  • members.read
  • groups.read
  • sessions.list

These permissions follow the principle of least privilege to ensure that only the minimum required access is granted. To learn more about each permission, refer to the Dropbox API Permissions documentation.

Security findings

The Dropbox integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.

To stay up-to-date with new CASB findings as they are added, bookmark this page or subscribe to its RSS feed.

File and folder sharing

Identify files and folders that have been shared in a potentially insecure fashion.

Finding typeFindingTypeIDSeverity
Dropbox: File publicly accessible with edit access7fefad57-371b-4f27-b1f0-7d500c863bd0Critical
Dropbox: File shared company-wide with edit access265ed167-435c-4626-99ba-2fafd766c096High
Dropbox: File publicly accessible with view accesse8c057e4-d6ce-431b-9d03-d9aadff610d4High
Dropbox: Shared link create policy set to default 'Public'0afabc9a-3a98-4a67-941a-d1f0ce0cfbfeHigh
Dropbox: File shared company-wide with view access02a14d67-27fa-4621-a280-1a25925d506fMedium
Dropbox: Folder shared company-wide with edit accessac4da5b9-ddb0-4285-ba52-2ba4de43b530Medium
Dropbox: Shared folder policy set to default 'Anyone'5d479ad5-d0f1-4c8f-b439-a39b399fe6c5Medium
Dropbox: Group creation policy set to 'Admins and Members'6f54b5eb-6867-490e-b823-08e91878eb40Medium
Dropbox: Folder join policy set to 'Can join folders shared by Anyone'e5ffaecc-f61a-4019-a54f-2e5ac882d3f3Medium
Dropbox: Folder member policy set to 'Can share folders with Anyone'99d4a2af-12ec-43a1-9630-27ac4adf625cMedium
Dropbox: Shared link create policy set to default 'Team-wide'a3d02f04-4372-4ae3-99f9-e2caccee6e76Low

Data Loss Prevention (optional)

These findings will only appear if you added DLP profiles to your CASB integration.

Finding typeSeverityDescription
File Publicly Accessible Read and Write with DLP Profile matchCriticalA Dropbox file contains sensitive data that anyone on the Internet can read or write.
File Publicly Accessible Read Only with DLP Profile matchCriticalA Dropbox file contains sensitive data that anyone on the Internet can read.
File Shared Company Wide Read and Write with DLP Profile matchMediumA Dropbox file is shared with the entire company with read and write permissions.
File Shared Company Wide Read Only with DLP Profile matchMediumA Dropbox file is shared with the entire company with read permissions.

Suspicious applications

Detect when suspicious Dropbox applications are linked by members.

Finding typeFindingTypeIDSeverity
Dropbox: Suspicious application linked by member8384c58c-1fc2-4caa-9836-c8ede7ca440dHigh

User access and account misconfigurations

Flag user access issues, including users misusing accounts or not following best practices.

Finding typeFindingTypeIDSeverity
Dropbox: Admin user with unverified secondary emailcebb4104-1235-4049-a664-9fcd003ece71Medium
Dropbox: Admin user with restricted directory access19378bb3-a3b7-4ee5-8ea7-39eec0a2ca7cMedium
Dropbox: User with unverified email2b5804f7-4888-4872-a85a-a64805d10654Medium
Dropbox: Invited user44d34aab-82fb-4a60-8e35-d7a75cfc789cLow
Dropbox: Suspended usere356cfe6-97e6-4e30-9cb9-4a42a387844eLow
Dropbox: User with secondary email configured4bbb795a-cd34-41ba-865d-9bf9de61a592Low