The cloud is becoming a standard for companies around the globe, but for industries that deal with a lot of sensitive information, they have to ensure their data is protected. As a result, Box, the online file-sharing and content management company, rolled out Box Governance last year to help address its customers’ legal, regulatory and business mandates on the cloud, and now, given the high adoption rate, it is enhancing the security aspects of its product.
In a blog post Thursday (Oct. 20), Box said it added security classification, which, for the first time, lets Box customers automatically identify sensitive content in Box and enforce security policies based on a predetermined confidentiality level.
As of Thursday, Box Governance users with security classification can easily classify all content in Box and differentiate sensitive files with a classification taxonomy that maps to their security requirements, whether the customers have confidential patient records or public marketing assets. Then, admins can easily search by that classification label and pull up all relevant results with a single click. Customers also get clear visual indicators for confidential information, with admins having the ability to choose to display a visual indicator that makes it clear when a piece of content is confidential with a label that appears across the top of the previewed content and a customizable advisory message that appears when users mouse over the label.
In addition, customers will be able to add and trigger security policies, which means admins can selectively apply policies that prevent users from sharing certain confidentially marked data outside the organization or even outside specific folders. For example, if a user unwittingly attempts to circulate a classified document, like a movie script, with an outside creative agency, the file’s security policy will protect them against wrongdoing by removing the external sharing capability, Box said. Admins can also automate classification for new and existing content in Box by leveraging predefined Data Loss Prevention policies in Netskope or Skyhigh and integrate with classification metadata from TITUS. Meaning, if an employee uploads a document with sensitive health data (PHI) into Box, existing policies defined within the chosen partner platform can be used to inspect this document and accordingly mark it “Confidential” or “Internal.” This automation not only reduces overheads for admins but also helps improve the scale and consistency of governance in the cloud, the company said.