- Even if your email service provider encrypts network traffic with SSL/TLS, you have no control over whether the message’s recipient does the same
- File attachments are stored in an unencrypted format. Sensitive files must be encrypted with third-party software before sending them
- The mail server must be secured and maintained by your IT department or email service provider
- Many email service providers support two-step verification
- Many mobile devices support remote wipe, but the implementation varies from device to device
- On-premises mail servers can be protected by your company’s firewall
- Dropbox encrypts network traffic with SSL/TLS
- Documents are stored using 256-bit AES encryption
- You don’t need to worry about server security settings or maintenance
- Two-step verification capability included
- Integration with most SAML-based SSO providers
- Files can be deleted from a lost device with remote wipe
- Dropbox works with most corporate firewalls, but it cannot be placed behind your company’s firewall
When attaching a file to an email message, its data is usually encoded (not encrypted) as blocks of text. This is done only to allow it to be sent via the SMTP standard — it provides no security benefits whatsoever. For all intents and purposes, attachments are stored on the recipient’s mail server as an ordinary file.
Because of this, you have no control over how the message’s recipient processes the file. If they retrieve it over an unencrypted connection, anybody listening to the network traffic would be able to see the contents of the file. Or, if a malicious user gains access to the mail server, they would be able to download all of your documents. Since the files aren’t encrypted, this would give them access to all of your sensitive data.
Dropbox is more secure in two ways. First, all users must access files through the Dropbox website, desktop application, or mobile application. This lets Dropbox control how files are retrieved, ensuring secure file transfers. Second, it stores files as encrypted blocks of data, which means that even when your data isn’t being accessed it remains protected.
For more information on Dropbox security, please see the Dropbox Business Trust Guide.