Last year, Box took the wraps off of Box Shield, a machine learning-based security platform that provides admins an overview of their company’s content while flagging potential instances of data compromise. It’s been in preview for the better part of a year, and at an event in New York City today Box announced the launch of Shield in private beta for select customers.
“The pace of business today demands that every enterprise move its content to the cloud to power collaboration and drive business processes both inside and outside the organization,” said Box chief product officer Jeetu Patel. “Box Shield is a huge improvement that will make it easier than ever to secure valuable content and prevent data leaks without slowing down the business or making it hard for people to get their work done.”
For the uninitiated, Shield encompasses manual or automated security classifications for files and folders, along with classification-based access policies. Account admins can define custom labels and per-label policies that combine multiple protocols, including (but not limited to) shared link, external collaborator, download, application, and file transfer protocol (FTP) restrictions. With the policies in place, a manager could prevent unauthorized external or internal users (or domains) from accessing files on unapproved devices and apps (like mobile or desktop), or ensure that only whitelisted files and folders can be transferred and uploaded via FTP.
“Today’s competitive environment demands greater alignment between security and business,” said Box global chief information security officer Lakshmi Hanspal. “Box Shield brings adaptive security controls and threat detection directly to workflows in Box with easy-to-use, built-in controls that help reduce risk and empower the business to work more collaboratively all over the world.”
AI underpins Shield’s other spotlight component: threat and data breach detection. When Box’s machine learning algorithms identify abnormal and possibly malicious behavior, they trigger contextual notifications that keep admins abreast of the latest remediations. Box says Shield can protect against notable changes in download behavior that might indicate data theft, or compromised accounts indicated by rapid changes in employees’ locations and browser, device, and app usage. Additionally, Shield can actively block access from untrusted locations or high-risk countries defined by a security team’s whitelists or blacklists.
The alerts integrate with a range of security information and event management and cloud access security broker solutions, including those from IBM, Sumo Logic, Splunk, AT&T Cybersecurity, Symantec, McAfee, Palo Alto Networks, and Netskope.
“With Box Shield, enterprises will … unlock insights into their content security with new capabilities built natively in Box, enabling them to deploy simple, effective controls and act on potential issues in minutes,” said Patel.
Today’s announcement follows Box Skills, a suite of third-party apps that add features and functionality to uploaded files, and the Box Skills Kit, a set of APIs, developer tools, and documentation for designing custom Box Skills on platforms like Amazon Web Services, Google Cloud, IBM’s Watson, and Microsoft Azure. In December, Redwood City, California-based Box announced the general availability of the Box Skills Kit and unveiled a new program — Box Skills Verified Partners — for enterprise Box Skills providers like IBM and Codelitt.