Introducing Security Classification: A Smart New Addition to Box Governance

Companies across the globe are moving to the cloud, but for industries that deal with large amounts of sensitive information, it's crucial that data is protected to the highest level of security and control. Last year we announced Box Governance to help address our customers' legal, regulatory, and business mandates on cloud content. Since then, we've seen amazing adoption from businesses in regulated industries like professional services, health care and life sciences. In fact, Box Governance is our most widely used add-on offering to date! That's why today, we're making it even more powerful by adding security classification. Now, for the first time, Box customers will be able to automatically identify sensitive content in Box and enforce security policies based on a predetermined confidentiality level.

As of today, all Box Governance users with security classification enabled can:

  • Easily classify all content in Box: Differentiate sensitive files in Box with a classification taxonomy that maps to their security requirements, whether you have confidential patient records or public marketing assets. Then, admins can easily search by that classification label and pull up all relevant results with a single click.
  • Get clear visual indicators for confidential information: Admins can choose to display a visual indicator that makes it clear when a piece of content is confidential, with a label that appears across the top of the previewed content and a customizable advisory message that appears when users mouse over the label.
  • Add and trigger security policies: Admins can now selectively apply policies that prevent users from sharing certain confidentially-marked data outside the organization or even outside specific folders. For example, if a user unwittingly attempts to circulate a classified document like a movie script with an outside creative agency, the file's security policy will protect them against wrongdoing by removing the external sharing capability.
  • Leverage partners to automate classification: Even better, admins can automate classification for new and existing content in Box by leveraging pre-defined Data Loss Prevention policies in Netskope or Skyhigh, and integrate with classification metadata from TITUS. Meaning, if an employee uploads a document with sensitive health data (PHI) into Box, existing policies defined within the chosen partner platform can be used to inspect this document and accordingly mark it ‘Confidential’ or ‘Internal’. This automation not only reduces overheads for admins but also helps improve the scale and consistency of governance in the cloud.

Security Classification, With All the Power of Box

Our customers use Box to bring all of their work together in one place, so it's important that we provide powerful ways to secure and manage all of that information. Box is the only content management platform that can bring reminders, messages and visual cues together to ensure confidentiality around individual pieces of content, encouraging smarter, more cautious behavior and a culture that is engaged in data security. And it also offers the same simple, easy-to-use experience that our customers have come to expect, because if the tool is clunky or complicated, people just wont use it.

To learn more about security classification and Box Governance, register for our upcoming webinar. Security classification is available as part of Box Governance starting today so please contact your account team to enable this feature!