Box answers Dropbox with substantial security update

Raises cloud content management stakes a notch

Box turned the cloud content management security battle up a notch this week when it announced new security features designed to help enterprise IT manage users, devices and apps. In addition, they announced several key new partnerships designed to provide more insight and links for enterprise security pros.

These new security enhancements come just weeks after Dropbox introduced a set of basic enterprise security enhancements for its enterprise customers. As enterprise collaboration and file sharing solutions proliferate, it becomes increasingly important for cloud vendors to differentiate themselves and provide more sophisticated security features.

In a blog post, Whitney Bouck, GM of Enterprise at Box, wrote that Box has seen a shift in how customers think about securing content. "As a result, we're building a new security model built for collaboration, focused on monitoring, integrated identity management and granular controls at every stage of the content lifecycle," she wrote.

Bouck identified five aspects of the Box security model: user and identity management, device and app security, and the visibility and Intelligence to oversee it all.

Bouck told me by email that Box is continually trying to refine the balance between IT security needs and end user simplicity. "Serving organizations with hundreds of thousands of employees in highly regulated industries requires a new level of security and control, and we've continually strengthened Box's product capabilities and ecosystem to meet this demand," Bouck told me.

To that end, Box's new security enhancements include new administrative controls that allow IT to restrict users from creating externally shared folders, enabling IT to decide which users should have this privilege and which should not," 

In addition, IT can now control from which devices users can access their Enterprise Box accounts, providing a way to limit access to IT-approved devices only. Box also announced integration with Samsung KNOX, which enables enterprises using Samsung Android mobile devices to manage those devices and provide secure access to enterprise content at the hardware and software level of the Android platform, creating an entirely separate container of trusted applications.

Box has also added a new feature that will automatically detect unexpected user logins and send a report to IT.

The announcement includes a number of additional partnerships, including one with CipherCloud and Code Green Networks, to deliver data loss protection, which checks documents for certain user-defined factors and prevents them from being shared if they meet certain criteria. The idea is to protect sensitive internal documents from being distributed to unauthorized viewers. Box previously had announced a similar partnership with ProofPoint at BoxWorks in October.

Finally, Box is working with GoodData to provide a set of defined analytics to measure such activity as security risks or most popular content.

Box CEO Aaron Levie said in a statement that cloud was changing the way CIOs think about data security. "Rather than 'protecting' data by locking down on-premise systems and, in turn, crippling productivity, we're shifting towards a security model that's more about monitoring and granular controls at every stage of the content lifecycle, across all devices. With the cloud, IT organizations are embracing a world where information is secured but devices and apps are disposable, something that could never work with a traditional hardware infrastructure," Levie said.

By adding the power to monitor user, content and approved devices, Box is helping enhance its security chops and make it more palatable to organizations that might have been hesitant to use cloud file sharing and collaboration products.

For more information:
- see the Box press release

Related Articles:
Box grows the channel
New Dropbox features focus on content