BoxWorks Digital: Frictionless security and compliance that powers work from anywhere


We are living in a world that no one could have imagined 9 months ago. COVID-19 accelerated the digital transformation, and with three-fourths of employees working remote, users are accessing content from a variety of devices and applications outside the four walls of the office. Without the appropriate safeguards in place, this can present a massive risk to an organization. IT Leaders need to secure the way work happens today while remaining compliant with various regulatory and privacy requirements.

Here are 3 ways Box is enabling companies to do their best work with security front and center:

Protecting the flow of information within Box and across 3rd party apps

Each organization has sensitive content containing Personally Identifiable Information (PII) or Intellectual Property (IP), such as Clinical Trial data, Movie Scripts, Customer Data, Financial Records, and more. At Box, we are witnessing more and more sensitive data moving to the cloud, across industries. However, user errors and risky behaviors continue to be one of the top reasons for breaches and data leakage incidents. With 35% of employees leaving their jobs take sensitive data with them and 30% of data breaches being caused by insiders, businesses need to ensure that they are protecting the flow of information both inside and outside of the organization.


Box Shield, Box’s breakthrough security solution for protecting content in the cloud, is designed to limit data leakage by helping users avoid mistakes and risky behaviors with company data, as well as to alert IT on security threats. Powered by advanced machine learning, Box Shield restricts approximately 400,000 accidental shares every day. Over the last 90 days alone, Shield has analyzed more than two billion files for known threats and classified over 50 million files.


Earlier this year, Box added both native malware detection and automated classification to Box Shield. In addition, we also made existing capabilities more robust. We delivered Box Shield Add-on for Splunk to help security operations team triage Shield alerts with other alert sources. We integrated Shield with Box Relay so that you can classify your content as part of a business workflow such as client onboarding process. We added support for showing Classification labels natively in our iOS and Android apps. And lastly, we have integrated Shield with MSFT Office for the web so that the security controls, such as download and print restrictions, follow the file as users view and edit content in Microsoft Office Online. We have also done a similar integration with Apple iWork.


Today, we are also announcing more capabilities to help our customers get more value from Box Shield deployments:

  • Built-in exceptional handling that makes it easier to allow end user exceptions to Shield policies with business justifications
  • Integration with Microsoft Information Protection (MIP) to protect the flow of information between Microsoft 365 and Box ecosystem
  • More security controls to make Shield Access Policy including auto-expiry of shared links, dynamic Device Trust and more
  • Integration with IBM QRadar to automated alert collection and triage for security operation teams
IBM QRadar

You need Zero Trust architecture more than ever before

A typical flow of information involves users logging in from a device and using Box native or 3rd party application to access content. Zero Trust architecture is key to security in the current environment, where you can no longer trust the content, applications, devices, and users, within and outside your organization. 

To enable IT Teams achieve zero trust architecture, Box provides a list of native security features such as requiring 2FA for external users, Device Trust, Device Pinning, and Application Controls. In the last 2 quarters, we have shipped key enhancements to our existing features. This includes enhanced secure sharing features to provide a visual guardrail for end users as they invite external collaborators. We have also redesigned our Application Controls so that admins can easily filter 1500+ app & integrations to manage them.  And lastly, we delivered Device Trust 2.0. In this release, we added support for Audit Only mode where IT can monitor device policy violations without blocking users. We also made identification of managed devices more precise by supporting certificates per-device.

Today, we are announcing additional capabilities that are coming soon:

  • Improvements to Self-service SSO administration that simplifies SSO certificate management and provides admin notifications
  • Out-of-the-box support for Google Cloud Identity SSO
  • Enhancements to the External 2FA feature allowing admins to pick between SMS and TOTP methods for authentication so external users can use common authenticator apps including Google Authenticator, Microsoft Authenticator, Okta Verify, and Duo Security
  • Support for Mobile Application Management without requiring device enrollment across iOS and Android apps, enabling IT to have full control on data without infringing on user privacy

One platform to meet compliance requirements for your content

As a pioneer in compliance in the cloud content management, Box provides businesses with a central place to meet their industry-specific compliance requirements. Box already supports rigorous compliance standards like FINRA and GDPR. Today, we shared our roadmap that includes support for FedRamp High certification and expanding our GxP validation offering for federal and life sciences customers respectively. 

In addition to helping you track data and meet compliance standards, we're also adding event-based retention to our content lifecycle management toolset. This enables retention and disposition of files for a configurable amount of time based on a business event. You will be able to set a schedule for disposition of files after a client account is closed, for example, or when a contract expires, or an employee departs.

As you can see, we have been hard at work to ship features that will help you meet your security and compliance requirements. I’m excited to see how organizations continue to leverage Box to protect the flow of information and achieve zero trust architecture.

Be sure to tune into BoxWorks , and follow #BoxWorks on Twitter!