Like all cloud service providers, Dropbox encryption protects your files… to a point.
The company takes care of encrypting data at rest in storage, and data in transit between their servers and user-facing applications. So the backend is all set, but what about when you are sharing Dropbox links with external users, or downloading files to your device?
Dropbox doesn’t have tools for client-side encryption and doesn’t support the creation of your own private keys. You’ll need to employ third party apps in order to encrypt files, folders, containers.
The good news is that Dropbox encryption solutions are inexpensive (or free) and incredibly easy to use. More good news? Dropbox gives users tools like password protection to add extra layers of security for their most sensitive cloud assets.
How to Password Protect a Dropbox Folder
One way to ensure that only the right people are accessing sensitive folders in Dropbox is enabling password protection. This feature is available with Dropbox Business and Professional subscriptions, and works in your browser or Dropbox mobile app.
If you are familiar with how to use Dropbox, excellent. If not, you’ll probably be able to accomplish this anyway.
When you go to share a link, a window opens that lets you control which individuals or groups are going to have access:
Now, before you share the link, click Settings. It will bring up a new window that gives you the option to password protect the folder:
Click Yes to enable password protection. You’ll have the option to choose a password (something strong with special characters, of course!).
Now that your link has been configured with a password, it is safe to share. In order to access the folder, a user must have the password you just set.
It’s that simple. If you are sharing a single file, password protection works the same way.
Tip: Did you notice the other document security features that you can enable under the link settings? Passwords are great, but you should also take advantage of the extra control Dropbox gives you over document expiration date and disable downloads. These features help you keep sensitive information protected, even after it’s been shared.
Can Dropbox encrypt individual files?
The answers to this question are yes and no. To explain let’s take a step back and talk about how Dropbox encryption works in the first place.
On this diagram, the company has visualized the multiple layers of security:
All data on Dropbox files at rest are encrypted using 256-bit Advanced Encryption Standard (AES), and SSL/TLS to protect data in transit across the company’s infrastructure.
Whenever you access your Dropbox files on the app, it’s via a secure tunnel protected by 128-bit AES or better.
So your files are always encrypted on Dropbox, but what about on your devices?
This is where Dropbox files are not encrypted. If you share links to your files or folders on Dropbox, they’re available to anyone with the link.
You can password protect the link, but there’s no built-in solution for encrypting local files or folders in Dropbox.
The 3 Best Ways to Encrypt Your Dropbox
When it comes to client-side Dropbox encryption, there are 3 tools that stand out from the competition. These have great reputations, tens of thousands of happy users, and integrate seamlessly into your Dropbox experience.
Cryptomator: Best free Dropbox encryption solution
Cryptomator is an open-source encryption tool that works for Dropbox, OneDrive, Google Drive, and WebDAV-based cloud storage systems.
It’s free for Windows, Mac, and Linux, and there is a small one-time charge for Android and iOS (typically less than $10, depending on the app store).
People like using Cryptomator for Dropbox encryption because it is basically as easy to use as Dropbox itself. The program lets you create a special folder within Dropbox known as your vault. After you set a password and recovery key, anything you add to the vault is encrypted automatically, before it is uploaded to Dropbox.
Cryptomator encrypts individual files (as opposed to drives), including the filename, with 256-bit AES. Even if an unauthorized user can see into the folder, they won’t be able to glean anything substantive.
Because it is open-source, Cryptomator has no hidden vulnerabilities, marketing gimmicks, or backdoors. What you see is what you get. The source code is on GitHub. Test reports from multiple independent security audits of Cryptomator’s software components are available to the public.
This tool can be a huge asset because it provides reliable client-side Dropbox encryption, which may be necessary to meet compliance requirements for GDPR, or simply to add an extra layer of security at no cost for your desktop users.
For mobile users who need Cryptomator, the $10 lifetime license is comparable to the monthly cost of other services that enable Dropbox encryption.
This is an easy tool to deploy, it’s extremely cost-effective, and very good for what it does. Other tools do more, but they cost more. If Dropbox encryption is what you need, try Cryptomator before purchasing licenses for yet another service.
Boxcryptor: Best overall Dropbox encryption solution
Boxcryptor is our favorite overall Dropbox encryption tool, though it works well for OneDrive, Google Drive, Box, iCloud and dozens of other popular cloud storage services. It’s also one of Dropbox’s favorite products, listed as a Premier Technology Partner.
Boxcryptor provides client-side, zero knowledge encryption of your Dropbox assets. The company never sees your data, which remains completely under your control.
When you download Boxcryptor (Windows or MacOS), it creates a virtual drive on your device. Boxcryptor automatically detects Dropbox and adds it to the new drive. This service works across desktops, tablets, and mobile devices.
Boxcryptor uses a combined encryption process based on asymmetric RSA and symmetric AES encryption. With Boxcryptor deployed, you can encrypt all sensitive Dropbox files and folders.
The integration is seamless, and allows for true end-to-end encryption in Dropbox.
It’s extremely intuitive to use Boxcryptor, which clearly lets you know which files are encrypted and which are not:
For non-commercial use, Boxcryptor offers a fairly capable free version of their service. The free version works for a single cloud provider, two devices, and allows secure file sharing with other Boxcryptor users.
There are two paid plans for individuals, Personal ($48/year) and Business ($96/year), which let you deploy Boxcryptor for unlimited cloud services and devices.
For teams, there are two plans: Company ($12 user/month) and Enterprise (contact sales).
Company subscriptions are aimed at teams of less than 50 users, and come with tools to enable secure collaboration, such as active directory support, customizable policies, and activity auditing.
Enterprise subscriptions of Boxcryptor come with SSO, user provisioning, customer managed keys, and other tools designed to implement encryption across a complex infrastructure.
We like Boxcryptor for Dropbox encryption because it is easy to deploy and manage for large numbers of users, and completely eliminates it’s target problem.
Sookasa: Best Dropbox encryption solution for cloud security
Sookasa is a lot more than a tool that encrypts Dropbox files. It has cloud access security broker (CASB) functionality that allows it to scan your entire Dropbox ecosystem for sensitive files and take quick action to remediate any problems you discover.
Like other Dropbox encryption tools, Sookasa creates a special folder within your Dropbox. Any files stored in there are automatically encrypted before they are sent to Dropbox.
Should an account or a link become compromised, someone will still need the appropriate encryption key in order to access any Dropbox files stored in the Sookasa folder.
Whether you have to share files with customers, clients, patients, or auditors, Sookasa’s one-way file delivery platform lets you send and receive encrypted files and folders on Dropbox.
This is the case whether or not the external user has Sookasa. Because Sookasa is a CASB, it sits between users and the internet, authenticating and auditing each access point. You can share encrypted files, or links that allow external users to send encrypted files back.
End-users will notice little difference in their experience of Dropbox after Sookasa is deployed. They will now have the ability to encrypt files simply by storing them in the Sookasa folder.
Administrators get better visibility into your Dropbox accounts, additional tools for compliance, auditing, and DLP:
The pricing for Sookasa is broken into two tiers: Pro ($10 user/month) and Enterprise (contact sales). It is more expensive than other Dropbox encryption services, but that’s because it comes with so much more.
Sookasa a Dropbox Premier Partner, and it also integrates seamlessly with Google Drive. The experience is virtually the same, and companies using both services will enjoy frictionless sharing.
In the end, Sookasa is really a cloud storage security service with Dropbox encryption as one of many great features.
How does Dropbox encryption compare to Google Drive’s encryption?
It’s very similar.
Google Drive does an excellent job handling the backend encryption of data at-rest on their servers and in-transit to apps. However, as is the case with Dropbox, client-side encryption is only available for Google Drive via 3rd party integrations, like Boxcryptor, Sookasa, and so on.
In other words, if you are thinking about Google Drive vs Dropbox, encryption isn’t likely to be a major differentiator.
What’s ultimately going to be important is making sure everyone is taking an active role in keeping their devices safe, accounts private, and consistently using file security features like encryption as often as possible.
If you employ a third-party service for Google Drive or Dropbox encryption, make sure people know how to use it and why it’s important.