Re: Dropbox Sales/Legal messages

["Tanner, Andrea" <atanner3 () CCBCMD EDU>]

Hello,

I have gotten these messages before as well on and off the past year or so. They will not give me a list of who is 
using it because the Dropbox accounts made by users on their own are considered by them to be personal accounts, not 
enterprise accounts.

Andrea
Pronouns: She/Her/Hers

Andrea Tanner, M.S. | Senior Director, Technology Support | Community College of Baltimore County
Phone: 443-840-4155  | Catonsville Campus CLLB 104B       | atanner3 () ccbcmd edu<mailto:atanner3 () ccbcmd edu>
CCBC. The incredible value of education.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Ronald Loneker
Sent: Wednesday, August 12, 2020 4:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Dropbox Sales/Legal messages

CAUTION: This email originated from outside of CCBC. Do not click links or open attachments unless you recognize the 
sender and know the content is safe.

Good Afternoon -

I received one of these myself and emailed them about it asking how many free accounts they had from my institution.

Never did get a reply to that one.

We have other ways to share larger files, which I explained to them, again receiving no answer.

Definitely a bad way to market or to make friends in the IT Department.

Ron Loneker, Jr.
Director, IT Special Projects
Saint Elizabeth University
Mahoney Library
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229<tel:973-290-4229>

e-mail:  rloneker () steu edu<mailto:rloneker () steu edu>




On Wed, Aug 12, 2020 at 12:40 PM Theodore J. August <Theodore.August () salve edu<mailto:Theodore.August () salve edu>> 
wrote:
Hi everyone:

Have you, or someone else in your organization getting messages like these from Dropbox?

Hi X,

I'm hoping you can provide some clarity around X's unmanaged Dropbox deployment. Recent levels of activity across the 
X.edu domain are congruent with those of our education customers, but there is no existing contract between X and 
Dropbox at this time.

Given that so many X  users have workflows embedded in Dropbox (over 1000 as a matter of fact!), I wanted to put some 
time down to talk about your options for user/data consolidation.

Do you have 15 minutes to discuss how our education platform can provide value and security in your current environment?

Thanks so much and I look forward to hearing from you!

And…

Following up one last time since I hadn't heard from you. I know this is often an ideal time to purchase potential 
tools for your environment with the year coming to an end. Please let me know which most applies to you:

1. I am not the correct person to discuss this with. Please contact ____.
2. I am authorized to provide consent on behalf of X for the non-IT managed use of Dropbox. I am aware that people in 
my organization are using Dropbox without the presence of a formal Dropbox Business agreement and I have confirmed 
internally that this adoption aligns with our IT policies and data governance posture.
3. I would like more information before making a formal evaluation. Please set up a 15 minute call.

We know people use Dropbox with their institutional e-mail addresses, despite the University’s lack of support for that 
product.  Our response to the first one is that we have no interest in any services, and that Dropbox can contact 
end-users directly if they are violating any terms of service. We have no interest in purchasing services from Dropbox 
regardless of the number of accounts being used in our domain.  I feel like #2. is some sort of informal legal 
indemnification for Dropbox for users on our domain, and I’m not willing to provide them one on behalf of our 
University.

If Dropbox has some sort of issue with our users using free accounts, they can reach out to them directly and tell them 
so.

We see these as a “legal” leaning sales pitch… they did come from someone who is working in enterprise sales…

Thoughts?

--
Ted August
Assistant Director of Cybersecurity and Compliance
Office of Information Technology
Salve Regina University

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Catanner3%40CCBCMD.EDU%7C0d2a951d27a84f3524be08d83f0198bb%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637328623375925179&sdata=WJNDnJvfCxosDaUdJuIbgJFjx9gXZtHJ8LyPhAcsnTE%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Catanner3%40CCBCMD.EDU%7C0d2a951d27a84f3524be08d83f0198bb%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637328623375925179&sdata=WJNDnJvfCxosDaUdJuIbgJFjx9gXZtHJ8LyPhAcsnTE%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community