Box expands native inline security controls for data leak protection

Box expands native inline security controls for data leak protection

If I was playing the word association game and had to sum up the “new normal”, there are a few words that come to mind—resilience, flexibility, and trust. The past year has brought about rapid change and technological innovation as many companies pivoted to fully remote and hybrid models. This has required a new approach to securing content from anywhere on any device without slowing down work. And that’s where the Content Cloud comes in.

Today, we’re excited to announce enhanced native security controls in Box Shield to help organizations easily discover more sensitive content, prevent data leaks, and manage access to their content with more granular authentication capabilities. Built-in security controls have been core to Box’s offering long before President Biden’s Executive Order, which indicates that the federal government will use its buying power to impel the market to build security into all software from the ground up. In fact, 69% of the Fortune 500 know that our platform is secure enough for work today, and powerful enough to continue to adapt to the ever changing business needs of tomorrow.

Easily discover more sensitive content

Box Shield helps you classify content and provides visibility into actions whether they are manual or automatic. Auto-classification intelligently applies labels to files based on content inside the file like credit card numbers, social security numbers, as well as  custom terms as content is uploaded into Box. With this release we’re:

  1. Extending support to intellectual property by expanding coverage beyond traditional regulated content with auto-classification by file type (released)
  2. Rounding out the auto-classification of existing content on preview, download, marked as current, and undeleted from trash (released)
  3. Allowing auto-classification to be the authority of classification (coming soon)
  4. Expanding coverage of built-in info types available to include Canadian PII (released)
  5. Adding support for Microsoft Information Protection encrypted labels (released)
  6. Providing more visibility by adding classification names into the event API (released) and user activities report (coming soon)

Prevent and track data leaks

Native classification capabilities can be used to drive Box Shield’s Smart Access policies where admins can set rules (restrict content from being shared outside of the organization, limit downloads, and other actions) to prevent data loss and meet global privacy and compliance requirements. “When it comes to data loss prevention (DLP), organizations are demanding tools that are easy to administrate and simple for employees to use,” said Frank Dickson, Vice President of Cybersecurity Products Research at IDC. “Bolted-on solutions that impede productivity create a shadow IT risk as employees find workarounds to get their job done. By integrating Box Shield natively into their collaboration platform, Box is addressing the problem of complexity associated with implementing and administering DLP and turned it into an intuitive product, built for the end user.”

With Box, you’ve always been able to watermark files without needing to leave the platform. We’re excited to release updates to watermarking that help reduce the risk of data leakage because the last known source of potential leakage (user info) is captured in the file. Prior to this release, we supported a rasterized process which is great for being very secure as it prohibits text search and clickable links, as well as limits the resolution. Our new dynamic, multi-layered watermarking approach uses mathematical curves to draw the watermark on the original document. With this vector-based method, text is searchable and links are clickable—all with a smaller file size. We recommend that admins turn this option on as you’ll have more control in a frictionless way. We’ve also updated our iOS mobile experience with better watermarking support. 


Leverage granular authentication controls

Authentication is the first line of defense for allowing access to valuable data only to those who are approved by an organization. Every time an authentication requirement is increased with additional required factors—that is, moving from single-factor to multi-factor authentication (MFA)—the security of authentication is dramatically improved. In this release we’ve been specifically focused on TOTP (Time-based, One-Time Password) which is a form of MFA that uses a randomly generated code as an additional authentication token. We’re providing admins with more MFA options including the ability to require:

And that’s not all

Box recently commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying its suite of cloud-based content management solutions. We were thrilled to learn that with Box, organizations can save more than $1.1 million on security and compliance.


As promised, we will continue to keep you updated about all the innovation that is taking place at Box. This rounds up our latest release, so be sure to check back soon for more updates, and don’t forget to join us at BoxWorks on October 6th for several dedicated sessions to security and compliance!