5 beliefs to secure digital transformation

Box Security

Faced with a business climate that's more connected, global, and competitive than ever, companies are moving full speed ahead with digital transformation initiatives meant to reimagine their business processes. This shift requires new ways of working that ultimately leads to our most critical business information being regularly accessed and shared digitally with a growing network of people - inside and outside of the organization, and across a wide variety of applications and devices. The best companies know that it’s essential to have security and governance baked into new digital processes and technology platforms from the very start.

The key to powering secure digital transformation comes down to five core beliefs. At Box, these are the principles we use to guide every decision we make about our cloud content management platform. Today, we want to dig into what these beliefs mean and share a few exciting updates.

1.  Digital Transformation Demands Frictionless Security

Some organizations believe that security and business agility are naturally at odds. As a result, they end up over-restricting or under-restricting how content can be accessed and shared at their company. However, we fundamentally believe that you can reduce risks without slowing down the business. In fact, given the 24/7 nature and sheer speed of business today, if you introduce any friction into how people share and collaborate, you’re more likely to heighten the risk that your people work around your systems instead of within them. This puts an absolute premium on designing workflows and policies that prize transparency and keep friction to a minimum for end users.

Box enables frictionless security in many ways, but we start by designing the controls with the end user in mind, bringing them close to the content, and enabling organizations to centralize control over the content in the cloud, where so many interactions take place.

2. Your Enterprise is the Extended Enterprise

One of the growing challenges organizations face today is securing collaboration with their extended enterprise, which includes their partners, suppliers, and customers. From our early days, we gave organizations powerful and flexible means to securely collaborate across the extended enterprise, and have continued to innovate with simple yet powerful controls like dynamic watermarking to deter data leaks without requiring users to install additional software.

Recently, we enhanced the secure sharing experience for end users as well as provided administrators with new controls to manage Custom shared links. And our effort to secure the extended enterprise continues.

Today, we are excited to announce that Box is extending two-factor authentication to external users, significantly improving the ability of organizations to protect their sensitive content from account compromise, while continuing to engage and collaborate with an external workforce. Like everything with Box, this feature is designed with the end user and admin needs in mind by offering a phase-in period to ease the transition and ability to include or exclude specific domains for precise application of this control.

2FA in Box

3. Encryption Must Be Easy To Deploy

Encryption, like authentication, is a foundational control that is critical to get right for digital transformation efforts involving sensitive data. Four years ago, Box pioneered a built-in approach to customer-managed encryption by giving customers independent control over their encryption keys without compromising the user experience and productivity benefits of cloud.

With control over their encryption keys, large and small customers in a variety of industries improved how they serve clients, collaborate with their design partners, and run their operations by taking advantage of cloud content management while retaining full control over their content.

Today, we are excited to announce the availability of Box KeySafe with Amazon Web Services (AWS) KMS Custom Key Store to provide the control and protection of a dedicated hardware device (HSM) without requiring customers to manage any hardware to secure their encryption keys. With this new option, customers with the most advanced requirements for key management can control their data in a simpler and more cost effective way, while preserving the agility of cloud content management.

AWS Keysafe

4. Stronger Together - Rise of Security Ecosystems

Today’s security challenges are so complex that no one company can solve them alone. That’s why strong partnerships focused on the success of our mutual clients are critical. A few years ago, Box led the effort on this with the development of our Trust partner ecosystem and we are continuing to build and strengthen partnerships and integrations to help our customers.

Today’s announcements arrive on the heels of our recent partnership with Symantec on its platform shift and support of multiple integrations, extending customers’ controls into the cloud. Recently, Symantec announced an extension of their Integrated Cyber Defense Platform to unify products, services, and partners in order to protect customers against advanced threats. Box is proud to partner with Symantec on this initiative and support multiple integrations to extend customer’s controls into the cloud, including integration with Symantec’s CloudSOC Cloud Access Security Broker (CASB) and Data Loss Prevention (DLP) products to provide advanced data loss prevention and threat mitigation capabilities to our mutual customers.

Box and Microsoft have been working hand-in-hand for many years to deliver product innovation across productivity, security, and infrastructure to our mutual customers. Our earliest product integrations with the Office 365 suite are still some of our most popular integrations today and last week we announced an all-new Add-in for Microsoft Outlook that brings Box capabilities deep within the email experience. Today, we're excited to announce that Box is joining the Microsoft Intelligent Security Association (MISA), a collaborative initiative to help organizations defend against increasingly sophisticated, fast-moving threats. Today, thousands of customers already leverage our integrations with Azure Active Directory, Microsoft Intune, and Microsoft Cloud App Security to manage and protect users, devices, and activity in Box. We're excited to continue working together to deliver the joint solutions our customers demand.

We are also excited to deepen our alliance with AT&T with the new integration of AlienApp for Box. This new offering from AT&T Cybersecurity will help our mutual customers monitor across on prem and cloud environments like Box as well as detect threats.

5. The Life-changing Magic of Information Governance

Admittedly, it’s possible that we’re guilty of being a little too enamored by information governance. We can’t help it. Since Box introduced Governance four years ago it has become a critical part of enabling defensible discovery and managing the lifecycle of content for thousands of organizations across all segments and industries.

Like everything we do at Box, our approach to Governance is to make it simple for the people managing the policies and the end users and as a result we have seen both large and small customers embrace Box Governance for their cloud content.

In just the last two years the number of customers using Box Governance has grown 265% as organizations continue moving away from legacy ECM systems to transform their critical retention management and eDiscovery processes. Companies like Nationwide, AstraZeneca, and Broadcom leverage Box Governance to reduce risk and manage the lifecycle of content spread across their extended enterprise.  

Speaking of information governance, let’s not forget eDiscovery. The unprecedented growth of unstructured content, new data privacy laws and industry regulations, and reliance on the extended enterprise has made it harder than ever to ensure the right content is preserved for eDiscovery. The new challenges require new solutions. Our flexible, in-place legal holds help organizations reduce the time spent on eDiscovery and the costs of legal review - without impacting your user's ability to get work done in Box.

Today, we are excited to announce enhancements to our eDiscovery capabilities with folder-level legal holds and an advanced integration with Exterro - making it even easier for organizations to find, preserve, and review content for eDiscovery.


Digital transformation can’t happen without a strong and frictionless foundation of security and governance. For many years, Box has focused on this mission. We were the first to deliver simple key management in the cloud and FINRA-compliant retention for cloud content. And we will continue to invest into new product capabilities and partnerships to protect your data and secure the digital transformation of your business.

This will be a big year for security at Box as we are working on exciting new capabilities. Join us at BoxWorks 2019 to learn more about what’s to come.