The Five Pillars of Secure Collaboration

Security and trust have always been a core focus for our product and infrastructure teams at Box. One of the big investments we’ve been making lately is around content protection – how we identify, control and protect content from both malicious and unintentional actions. These kinds of controls will play a key role in the rising security transformation that I discussed in my last post.

Some history: Over the past 40 years we’ve been dealing with unstructured content in a distributed technology landscape. Unfortunately, while this has created immense agility and opportunity for business and IT, we’ve also lost the ability to effectively identify, control and protect that content from malicious and unintended actions. In parallel, addressing these challenges with traditional security methods has dramatically increased the costs to try and apply old controls in a distributed environment. Security threats have been exploiting this lack of security capability for many years, resulting in a consistent pattern of breaches and data thefts.

This is one of the most significant risks we have in industry. However, by moving the unstructured content to a centralized service, such as Box, we have an incredible opportunity to implement long-standing security models that have weathered the test of time.

At Box our Trust Vision is to change the very nature of computing by solving one of the most important security problems in our lifetime: the secure exchange and collaboration of unstructured content between known and unknown parties from any device anywhere at anytime.

Box’s Trust Strategy is supported by five strategic themes that go to the heart of security. Investments in these areas will fulfill our vision and drive our solutions.


Content Protection: To ensure our customer’s content has confidentiality, integrity and availability (CIA) applied

  • Automatic and dynamic identification and application of owners data classification policy
  • Ability to extend that policy to known and unknown users on managed and unmanaged devices
  • Highly secure encryption for the entire ecosystem. From the device to cloud, from at rest to in transit
  • Ability to share content with 3rd parties and predetermine revocation of access (time based sharing)
  • Ability to share the content as “view only” and not allowed to download

Transparency: To enable our customer’s complete visibility and assurance in all aspects of Trust

  • Deep security certifications for all industries and levels
  • Near real-time Trust dashboard for customers to view compliance and availability
  • Ability for customers to pull all activity with their account and content to include into their own SEIM or log analysis infrastructure

Account Protection: To drive a protective ecosystem of our customers account and activity to ensure their safety

  • Facilitate identity from personal to enterprise and the secure exchange of information based on it.
  • Provide a wide degree of authentication to ensure strong authentication capabilities
  • Enable advanced analytics to identify compromised accounts with a global awareness to ensure our customers content confidentiality

Application Protection: To provide an industry leading Trust assurance in all aspects of Box’s ecosystem of applications and platforms

  • The assurance that all platforms and 3rd party applications are free from vulnerabilities and contain all appropriate security features and comply with industry application security standards
  • Driving the security model to the application layer, from the device, with security API’s that extend account, device and content security

Device Protection: To provide a complete “control to assurance” model of Trust to any device, at any time

  • Advanced global telemetry to identify compromised or malicious devices prior to authentication or content access
  • Ability to ensure content access based on managed vs. unmanaged devices.
  • Ability to extend policy to unknown devices to ensure appropriate controls are in place
  • Ability to maintain a “high security” model with integrations into 3rd party mobile device management solutions to ensure device assurance and content protection

Clearly, Box will play a key role in content protection, and we're already working with customers and partners whose sole focus is protecting applications, devices and data.

Want to receive Justin's blog posts about security and trust as a monthly newsletter? Sign up here.