Cloudflare Docs
Cloudflare Zero Trust
Edit this page
Give us feedback
View GitHub RSS feed
Set theme to dark (⇧+D)

Dropbox

The Dropbox integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Dropbox account that could leave you and your organization vulnerable.

​​ Integration prerequisites

  • A Dropbox Business plan (Standard, Advanced, Enterprise, or Education)
  • Access to a Dropbox Business account with Team admin permissions

​​ Integration permissions

For the Dropbox integration to function, Cloudflare CASB requires the following Dropbox permissions via an OAuth 2.0 app:

  • account_info.read
  • files.metadata.read
  • files.content.read
  • sharing.read
  • team_info.read
  • team_data.member
  • team_data.governance.write
  • team_data.governance.read
  • files.team_metadata.read
  • members.read
  • groups.read
  • sessions.list

These permissions follow the principle of least privilege to ensure that only the minimum required access is granted. To learn more about each permission, refer to the Dropbox API Permissions documentation.

​​ Security findings

The Dropbox integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.

To stay up-to-date with new CASB findings as they are added, bookmark this page or subscribe to its RSS feed.

​​ File and folder sharing

Identify files and folders that have been shared in a potentially insecure fashion.

FindingSeverity
Dropbox file publicly accessible with edit accessCritical
Dropbox file shared team-wide with edit accessHigh
Dropbox file publicly accessible with view accessHigh
Dropbox folder publicly accessibleHigh
Dropbox shared link create policy set to default ‘Public’High
Dropbox file shared team-wide with view accessMedium
Dropbox shared folder policy set to default ‘Anyone’Medium
Dropbox group creation policy set to ‘Admins and Members’Medium
Dropbox folder join policy set to ‘Can join folders shared by Anyone’Medium
Dropbox folder member policy set to ‘Can share folders with Anyone’Medium
Dropbox folder shared company-wideMedium
Dropbox shared link create policy set to default ‘Team-wide’Low

​​ Data Loss Prevention (optional)

These findings will only appear if you added DLP profiles to your CASB integration.

FindingSeverityDescription
File Publicly Accessible Read and Write with DLP Profile matchCriticalA Dropbox file contains sensitive data that anyone on the Internet can read or write.
File Publicly Accessible Read Only with DLP Profile matchCriticalA Dropbox file contains sensitive data that anyone on the Internet can read.
File Shared Company Wide Read and Write with DLP Profile matchMediumA Dropbox file is shared with the entire company with read and write permissions.
File Shared Company Wide Read Only with DLP Profile matchMediumA Dropbox file is shared with the entire company with read permissions.

​​ Suspicious applications

Detect when suspicious Dropbox applications are linked by members.

FindingSeverity
Suspicious Dropbox application linked by memberHigh

​​ User access and account misconfigurations

Flag user access issues, including users misusing accounts or not following best practices.

FindingSeverity
Dropbox user with admin permissions and unverified secondary emailMedium
Dropbox user with admin permissions and restricted directory accessMedium
Dropbox user with unverified emailMedium
Invited Dropbox userLow
Suspended Dropbox userLow
Dropbox user with secondary email configuredLow