Box Security

Protect the flow of information

A safer place for all your content

At Box, we're dedicated to bringing secure, centralized and cloud-native content services to organizations all over the world. We embed security and resilience not only into our products, but into the very fabric of our enterprise.

Total visibility and control

With Box, you can easily manage file access and sharing policies, as well as effectively govern your corporate data. At the same time, you can reduce the risk of data loss with full visibility and a centralized way to manage your content, security, policy and provisioning.

 

Explore IT & Admin Controls and Box Governance to see how we help you take control of your content security. Plus, you'll learn how Box helps you place legal holds, apply security classifications and manage the entire lifecycle of your documents with retention policies — all without impacting productivity.

Security backed by hardened infrastructure

We offer the Box service from multiple data centers with strong security practices that are independently validated by third-party auditors. Every file you store with Box is maintained and encrypted using AES 256-bit encryption in geographically diverse areas, leveraging both the Box data centers as well as the redundant facilities managed by Box partners.

 

With Box Zones, you can choose exactly where you store your encrypted files around the globe. By leveraging data centers operated by Box partners such as AWS, Google, Microsoft and IBM, Box Zones enables you to easily and securely store your data in one location or in multiple regions. Using Box Zones is completely invisible to end users and solves for your organization's data residency needs.

Privacy that fits your needs

Box effectuates EU personal data transfers pursuant to our Processor Global Binding Corporate Rules and Controller Global Binding Corporate Rules (BCRs), approved by the European Data Protection Authorities in August 2016. Check out our BCRs FAQs to learn more. We're also certified under the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System, United Kingdom's G-Cloud Framework and Germany's TUV Rheinland Certified Cloud Services standards. Plus, we help our customers meet new global privacy obligations, such as the Global Data Protection Regulation (GDPR). Review our privacy policy for more information.

 

Box KeySafe makes it easy to secure your sensitive content in the cloud, providing you with unchangeable audit logs and a cost-effective way to manage your own encryption keys.

S&P

"Security is key in everyone's business. We have the ability to downgrade sovereign nations, so it’s an imperative for us. We have to be really thoughtful about putting the right controls in place and ensuring that information is not accessible where it shouldn’t be.”

Seth Fox, Global Head of Workplace Services, S&P Global

Availability for all

We deliver a secure, resilient and highly available service at scale to organizations in all industries, with more than one billion files processed every single day. Box uses multiple data centers with reliable power sources and backup systems to offer 99.9% SLAs and redundancy.

Seamless security integrations

Our seamless integrations with trusted security partners extend your security controls in the cloud. The Box Trust Ecosystem brings you identity and authentication, network controls, Secure Information and Event Management (SIEM) and analytics, as well as specific solutions for eDiscovery, mobile security and Data Loss Prevention (DLP).

Compliance across the board

Box is dedicated to providing best-in-class security, compliance and data protection for our customers.  Whether you need to meet specific industry regulations or international security and data privacy standards, Box has all of your compliance bases covered.

SOC 1, SOC 2 and SOC 3

Box maintains a SOC 1 report based on the SSAE 18 standard, SOC 2 report based on the ISAE 3000 standard, and SOC 3 report based on TSP Section 100a from an independent third party.

ISO 27001/27018

Box is ISO 27001 and ISO 27018 certified for its Information Security Management System and privacy protection as a PII processor.

DoD Cloud SRG

Box is accredited at Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) Impact Level 4 Authorization.

FedRAMP/FISMA

Box has been granted an Authority to Operate and is listed on FedRAMP.gov as a FedRAMP compliant system at the moderate impact level.

FINRA/SEC 17a-4

Box Governance enables organizations in highly-regulated industries, such as financial services, to comply with write once read many (WORM) retention requirements like SEC 17a-4.

HIPAA/HITECH

Box is compliant with HIPAA and HITECH, and customers can configure their Box accounts to comply with HIPAA requirements.

GxP

Our GxP offering lets life sciences companies show the FDA they're in full control of their processes and can safely work with regulated content in Box.

GDPR

We're committed to being GDPR-ready so you can use Box for your GDPR readiness strategy. Box meets the highest bar for data privacy while fulfilling your global data privacy obligations.

Key features

Granular user permissions, with 7 user-friendly sharing roles

Organization-wide controls on sharing and collaboration permissions

Robust device and access controls, both natively in Box and with EMM partners such as Airwatch and Intune

User-friendly information rights management for secure external sharing, including custom watermarking

Native content security policies and available integration with leading CASB and DLP vendors

In-depth audit logs, easy end user and admin reporting, and integration with popular SIEM tools

Native information governance and eDiscovery capabilities

FIPS 140-2 certified, AES 256-bit encryption at rest and in transit, with the option of customer-managed encryption keys

SSO support with all major portals, as well as native password controls and two-factor authentication

Achieve digital transformation with good governance

Learn and see in a demo how Box Governance provides the guardrails your organization needs to effectively govern content in the cloud

Governance webinar

Learn how Coalfire Systems uses Box Governance and Box KeySafe to meet their data protection needs.

Securing business information in the cloud

Learn how to secure your business information in the cloud.

Rethink how you secure your business content