Protect your content with the latest Content Cloud security updates
Your business runs on content. It's how you communicate with your customers, it's your intellectual property, it's what makes your company unique, it's your company's history and its plans for the future. It can also be your biggest liability. Trade secrets that are lost or leaked to competitors as a result of a data breach can have a substantial negative impact to your brand, your business, and ultimately your bottom line. In fact,IBM's Cost of Data Breach Report 2020estimated that the average cost of a breach is $3.86m and 80% of them contained customer personally identifiable information (PII). With this in mind, over the last several months Box has released a number of security enhancements to keep your content and your business safe.
Prevent accidental data leakage
A data leak can be detrimental to your business. Gartner's top security concerns for 2020-2021 included data classification and protection, with Gartner noting that "All data is not the same. A one-size-fits-all security approach will create areas of too much security and others of too little, increasing the risk for the organization."
Proper classification of content is key. To further reduce the risk of accidental leakage, Box has extended its auto-classification capabilities to existing content. Last summer, Box releasedauto-classification of content as part ofBox Shield. Leveraging machine learning, Box Shield scans content when it is uploaded into Box , identifies PII and custom terms within files, and automatically classifies them based on your policies. Classification-based security controls can then restrict content from being shared outside of the organization, limit downloads, and other actions. Restricting content with PII helps enterprises prevent data leaks and meet global privacy and compliance requirements. With the extended auto-classification capabilities, auto-classification now covers active content as users upload, edit, move, copy, share or add new collaborators.
Box recently announcedseveral new integrations with Microsoft. In addition to its native classification capabilities, Box Shield nowintegrateswith Microsoft's Information Protection. With this integration, Box Shield can automatically read the Microsoft Information Protection (MIP) label of an Office/PDF file when it is uploaded to Box and apply the corresponding Box classification label to the file in Box. This will then drive native and inline data loss prevention controls using Box Shield Smart Access policies.
To help keep your content secure while also minimizing friction by getting the right content to the right stakeholders, Box now allows formore granular external collaboration restriction exceptions. This allows Admins to configure a list of external users (in addition to domains) to be exempt from external collaboration restrictions of an access policy. This will allow approved external users to access content bearing a classification that restricts external collaboration, enabling specific users to collaborate even if their domain is denied.
"This feature was highly requested by our Box Shield customers who may need to block public domains but have individuals like board members, who use personal email addresses, but still need to access sensitive information." - Varun Parmar, Chief Product Officer at Box
Increase security without slowing down work
The change in the technological landscape required to facilitate remote work in 2020 caused a tremendous burden on IT teams. They not only had to figure out how to move their entire workforce remote in a matter of days, but also had to adjust all of the projects and plans they had for the year to focus on enabling a remote workforce. As the year went on, it became apparent that this was not just a short term, temporary situation. According to aGartner survey, 82% of company leaders plan to allow employees to work remotely some of the time even when it is safe to return to the office. With the ongoing need to support this hybrid model, IT teams need to focus on increased security as well as enabling business productivity.
Box Shield allows admins to define Smart Access policies to restrict access to documents that may contain sensitive or proprietary information. Policies can be created to limit access only to internal users, prevent downloads and shared links, etc. There are, of course, exceptions to every rule. Box Shield recently added a new feature to keep work moving. This feature provides users with a list of pre-authorized exceptions. WithBox Shield Smart Accesspolicy exception support, users are warned that the sharing action they are taking is restricted, but are presented with a list of pre-approved business justifications to choose from. All exceptions made are logged for auditing purposes. Box Shield also added more granular control for Admins to determine who canmodify classifications, restricting modifications to content owners or opening them up to a broader set of users.
"The past year fundamentally shifted the way we work, while simultaneously creating new security challenges for customers around the world," said Chris Niggel, Regional CSO Americas, at Okta. "At the core of our transition to aDynamic Work model is the need to ensure that security remains top of mind while having the flexibility to support a dispersed workforce. With the power of Box, we can ensure that our content remains in the right hands while being able to securely collaborate from anywhere and on any device."
Reduced friction for Admins with better SSO options
We are always striving to make life easier for Box Admins. AlthoughSingle sign-on makes life easier for both end users and Admins, sometimes managing SSO options and mappings can become burdensome. To make things easier, we have updated ourSSO configuration tool in the Admin Console to support self-serve certificate management. This will allow all organizations leveraging a SAML SSO integration to easily review, rotate and delete the security certificates necessary to validate assertions from Identity Providers (Okta, Azure AD, OneLogin, Ping, etc.) In order to reduce the time it takes to set up SSO, we now allow forgroup mapping so that a customer's groups in their IDP are auto populated within Box. This includes customers usingGoogle Cloud as their identity provider.
SSO works great until the certificate expires. With all Admins have going on, keeping track of expiration dates can fall through the cracks. To ensure that your users don't lose access to their critical content, Box now provides Admins withautomatic reminders when their certificates are about to expire. This helps ensure your Box users enjoy uninterrupted access to the content they need, when they need it.
And that's not all
In order to provide improved security and flexibility to our customers, Box hasadded support for Time based One Time Passwords (TOTP) in addition to SMS as the second factor used for authentication. Any authenticator app that supports TOTP can be used for MFA. This includes Microsoft Authenticator, Google Authenticator, Authy, Duo, and more.
There’s a reason 67% of the Fortune 500 trust Box. In the coming months we will continue to secure work without slowing down the business with further enhancements to our Smart Access policies, Threat Detection and new vector-based watermarking.
Check back soon for more updates!