Skip to content (Press Enter)

Maintain security without compromising flexibility and innovation

6 June 2021
Oceanit meets strict security requirements while providing collaborative tools that empower their teams to keep driving innovation.
Photo of Oceanit scientist who uses Dropbox

by David Takeyama, IT Director at Oceanit

Security is a pressing concern for IT professionals, and staying on top of cyber threats is a full-time job. Securing your organisation’s infrastructure and protecting data often requires compromises. You may have to limit or eliminate access to tools and online platforms that pose a security risk. But doing so can deprive people of the vital resources they need to collaborate and create.

Too often, companies take an all-or-nothing approach to security and lock down everything and everyone. But you have to be flexible in order to compete. Some users work on sensitive projects and need more protection, while others can be secure with fewer constraints. Rarely does it make sense to restrict your entire workforce to the same tools and permissions.

Technology used by Oceanit
Oceanit logo

Our island values transcend any distance

We are a multidisciplinary science, technology and engineering firm with more than 160 scientists and engineers in Hawaii (our headquarters), California, Texas and Washington, D.C. As a Hawaiian business, we live the island values of Ohana (family), curiosity and community. It’s great to live here, but there can be some doubt about our business acumen because of our tropical location away from the mainland. It turns out that our distance, diversity and laid back attitude are our strengths. The growing prevalence of remote work has proven that you can still contribute to the greater good while working far from others and from anywhere in the world. This has been our modus operandi for decades.

In the 25 years that I’ve been at Oceanit, we’ve grown from a run-of-the-mill engineering consultancy to an international entity with clients in sectors as diverse as energy, biomedical, aerospace and petrochemicals. We now bring solutions to market through partnerships, licensing and direct manufacturing. Our ‘mind-to-market’ approach transforms our clients’ scientific research into products, often in record time.

Woman using laptop next to the sea

A way to balance innovation with security

If there’s one thing we don’t want to do at Oceanit, it’s stifle innovation. Innovation is required to find disruptive solutions to problems so difficult that they can seem impossible. We’re tackling such challenges as climate change, sustainable energy and rising healthcare costs.

One of our most recent products is Assure-19, a rapid-response COVID-19 saliva test that is currently undergoing FDA approval. We couldn’t have worked on it without adhering to strict security protocols or without allowing our employees to do what they do best: research, create and collaborate.

At Oceanit, security is a given, but it does not dictate how we do business. We have an internal workflow process for evaluating alternative tools. While this process is more complex, it is our job to be flexible, creative and smart with the alternatives we allow. When you ask your teams to push the envelope every day, you need to let your employees choose the tools that best suit their needs.

We give our employees the tools they need to innovate as well as provide the framework for using those tools safely.

We deploy Office 365 suite as our standard enterprise tool set. However, because our end users, customers and clients may choose other platforms, Dropbox enables us to store, share and collaborate with them as well as our internal teams. Oceanit employees have been using Dropbox to collaborate for years, and IT has never managed or monitored its use.
Oceanit’s tech stack
Oceanit's Dropbox files for Assure-19 project
This isn’t out of the ordinary for us. We have always tried to balance enforcing security against stifling innovation. So we don’t always keep track of the ways employees, subcontractors and customers use cloud-based platforms. Thus far, it’s worked well, but as the company has grown, we have taken on more sensitive work, including Department of Defense (DoD) contracts. 

Compliance doesn’t need to slow down progress

To continue working with the DoD, we must now submit a Cybersecurity Maturity Model Certification (CMMC) self-assessment to the government. The easiest way to comply is to shut down all collaborative tools except those that adhere to CMMC and NIST specifications. Dropbox falls between as it is NIST but not CMMC compliant.

Shortly after the CMMC announcement, our CEO pulled me aside and told me not to stifle innovation. He stressed that regulation and compliance shouldn’t drive the way we do business. Instead, our priorities should be to bolster security while also ensuring our people continue to have access to the tools they need to innovate.

Not everyone works on government contracts or deals with sensitive government information. Rather than eliminate tools across the board, he wanted me to ensure that employees who don’t need to comply with additional IT security requirements won’t have to jump through hoops to do their work. 

Separate lanes for different team needs

Dropbox has a loyal following at Oceanit. This is especially true among employees who share large files, such as aerial photographs, high-definition video, CAD drawings and 3D renderings. We knew our employees liked Dropbox, although initially, we didn’t realise just how much they liked it. 

Oceanit Projects organised in Dropbox
Man holding Oceanit logo in office

At one point, I pushed pretty hard to get users to migrate to Microsoft Teams. They resisted and asked me to try working with it myself. They were right. Teams and SharePoint were extremely slow to bring up large documents for sharing. The sharing issues intensified when our security requirements increased and we moved to the government version of Office 365, GCC High, which does not allow external users to upload documents to a shared folder. We also encountered compatibility issues.

Not everyone in the company needs these strict data standards. Instead of forcing people to deal with these pain points, we acknowledged that we already had a great tool in use. It was better for all involved to keep using Dropbox. 

IT professionals should consider a flexible approach that gives their teams the tools they want while ensuring customers get the security they need.

We set about creating a two-tiered approach to security: First, we eliminated personal accounts and enrolled 10 users in a Dropbox Enterprise pilot. This team plan allows us to track the types of files they share and compile usage statistics. This way, Dropbox is available to all employees who wish to use it and aren’t subject to CMMC compliance. We’ll be inviting more employees to use Dropbox Enterprise as we tier our security.

We also installed tools and adopted mechanisms that allow us to monitor our CMMC-compliant processes and our less secure systems. In this way, we can make sure there is no spillage between the two and protected data isn’t shared with unauthorised persons or entities. We limited access to our most sensitive data to a subset of users while enabling everyone else to quickly and easily share files using Dropbox. It’s the best of both worlds.

Dropbox Insights graph

Sacrificing speed and innovation for security would have been the easy fix. For some businesses, that may be fine, but this approach can bring growth to a halt.

It takes a little more effort to carve out the right solution, but the results are worth it. Because we took these measures, our teams can continue to use Dropbox to share, collaborate and create some of the most ground-breaking products around.

Discover a better way to work together

Get started with Dropbox