Businesses today operate in an increasingly distributed environment, with more work getting done outside the office boundaries with both managed and personal devices. For some companies, this sudden shift to remote work has surfaced a security challenge: how do you empower secure collaboration on your valuable content from anywhere, without requiring complex deployments?
To address this challenge, today we’re excited to announce a new and improved Box Device Trust - a built-in device security posture assessment to enable zero trust policy enforcement for your content as they are being accessed across devices. Box Device Trust is available for all Box Enterprise customers at no additional cost.
Device Trust allows organizations, without deploying a dedicated agent, to specify granular ownership or security requirements for managed and personal devices before granting their users access to Box. These requirements may include domain membership, device certificate or checks for disk encryption, anti-virus software, minimum OS versions, and device passcode.
Four new enhancements provide you with flexible, enterprise-grade device security:
- Robust device ownership validation - require the presence of an existing or dedicated client certificate signed by your enterprise Certificate Authority.
- Flexibility in ownership checks - allow devices to meet one or all security requirements simplifying deployment in hybrid IT environments with Windows and macOS devices.
- Audit-only mode - track endpoints used to access Box or test your posture requirements before enforcement through a non-blocking, audit-only mode
- Logging and reporting - review device check results available via Box APIs or Admin Reports (early June)
“Box has helped our teams securely collaborate and access content as we shift to more remote work. These improved device security controls make it easy for us to reduce risk as our employees work from more locations and devices.”
What are the key benefits?
Enable secure work on personal devices
As more companies are supporting BYOD, it’s important to reduce risk without getting in the way of work. If an employee loses their phone and it doesn’t have disk encryption or a passcode, your sensitive business content can easily fall into the wrong hands. With Device Trust, you don’t presume that personal devices are secure - you can verify the security posture before granting access to Box.
Simplify your security stack
Rolling out an endpoint security solution on every device can be complex and time-consuming, and may not make sense for every company. Device Trust provides simple, lightweight validation to secure access to your valuable content in Box.
Easy testing and deployment
The new “audit-only mode” allows admins to test Device Trust and evaluate the current state before rolling it out across their Box instance. In this mode, employees will still be able to access Box if their device fails the checks, but admins will be able to evaluate the test results.
In early June, detailed reports will be available in the admin console, and results will be logged in the Box Events Stream and available via API.
The zero trust model is more important than ever - as people are working from more devices, locations, networks, and applications than ever before. Our improved Device Trust offering is just one example of how Box powers secure work from anywhere, on any device without slowing down your business.
Learn more about setting up Device Trust here, our other mobile security settings here, or reach out to your account team to ensure you’re getting the most out of your Box capabilities available today.