The Hidden Migration: Why Moving from Box and Dropbox is Harder Than It Looks

There is a common misconception that cloud migration is just a commodity—a simple task of "Select All > Copy > Paste."

When you are moving from a traditional on-premise file server, that mindset is partially forgivable. But whenever we scope a project moving from Box, Dropbox, or Google Drive, the conversation has to change.

These platforms aren't just hard drives in the sky; they are complex ecosystems with their own proprietary rules. In our experience architecting these "Cloud-to-Cloud" moves, we’ve found that treating them like a standard file copy is the quickest way to break a project.

Here are the specific architectural challenges we are solving for our clients right now, and why we don't just "hit the button."

1. The "Wild West" of Permissions (The Box Challenge)

We encounter a specific recurring issue with Box: Deep Sharing. Box allows users to share sub-sub-folders with various external vendors without breaking a sweat.

The Architectural Trap: If you try to map this "Waterfall" structure directly to SharePoint, you hit a hard wall: the 50,000 Unique Permission Scope limit. SharePoint is designed for Site-based security, not the "Item-level" freedom that Box permits.

How We Engineer Around It: We don't just lift and shift. We audit the structure first. When we see these "heavy" permission knots, our strategy is to "Flatten the Architecture." We advise breaking deep folder structures into separate SharePoint Sites (e.g., a dedicated "Project Alpha" site instead of just a folder). This ensures the data moves, but the library doesn't lock up on Day 1.

2. The "Link" Illusion (The Dropbox Challenge)

We are currently architecting a migration for a client moving from Dropbox, and the biggest hurdle isn't the data—it's the User Behavior.

The Active Challenge: Dropbox users live by "Sharing Links." They send unique URLs to vendors and assume those links are permanent. The hard reality is that migration breaks links. The moment a file moves to SharePoint, it gets a new URL, and every vendor connection dies.

Our Mitigation Strategy: We treat this as a Change Management project. We are extracting reports of all active external shares before the move. Our goal is to convert these "Anonymous Link" users into actual Guest Accounts in Microsoft 365. It’s more work upfront, but it transforms a "broken link" complaint into a security upgrade for the client.

3. The "Ghost Owner" Risk (The Google Workspace Trap)

While we focus on Box and Dropbox, we also keep a watchful eye on the specific risks of Google Drive—specifically, Data Provenance.

The Risk We Audit For: In Google Workspace, files are owned by individuals. If "John" creates a file in a shared folder but leaves the company, and his account is deleted, that file can become an "Orphan."

The Ollo Approach: Our migration audits always check for these "Ghost Owners." We define a strategy to map these orphaned files to a dedicated "Digital Archive" service account in Azure AD. This ensures that even if the original creator is gone, the intellectual property lands safely in SharePoint rather than disappearing into the ether.

Our Philosophy: Measure Twice, Cut Once

Because these platforms are so volatile, we don’t trust "standard" settings. Whether it’s a Box, Dropbox, or Google project, our process starts with a Proof of Concept (PoC). We migrate a complex slice of data just to stress-test the rules.

Does the permission flattening work? Do the proprietary notes convert? We find that spending two weeks on a rigorous PoC saves two months of cleanup later. Migration isn't just about moving files; it's about translating logic from one language to another.

‍