Your Privacy is Paramount

Box takes every precaution to make sure your confidential information stays that way.

  • HIPAA Compliance Box provides the administrative, technical and physical safeguards to support your organization's compliance with HIPAA.
  • Certified for EU and Swiss Safe Harbor frameworks for the collection and use of personal data from European member countries.
  • Review our Privacy Policy
Skyhigh Enterprise-Ready™TRUSTe European Safe Harbor certification
Online Box Business Capabilities Enterprise Security Feature

Comprehensive Reporting, Logging, and Audit Trails

Track account activity, file access, settings changes and nearly everything else that occurs in Box.

  • Full Transparency See user activity with reports on over 50 different events across seven different categories.
  • Reporting and Audit Trails Create detailed reports or integrate events into SIEM applications like HP ArcSight, Splunk, and SumoLogic.
  • Follow Users and Activity Track usernames, email and IP addresses. See timestamps for every action through the Box Admin Console and the reporting API.
Get Box Reporting and Audit Trails Online

 

Control Access, Authentication
and Authorization

Easily configure permissions for your organization to ensure that the right people have the right level of access to company information.

  • Strong Authentication Customize password strength requirements, resets, failed logins, session duration, two-factor authentication, and single sign-on integration.
  • Granular Authorization With seven levels of permission for access, preview, editing, and sharing, you can ensure individual users and groups can only see what they need to.
  • Flexible Access Controls Password-protect confidential presentations and financial documents. Set automatic expiration dates for sensitive files.
Box Feature For Control Access & Authentication

 

Data Protection: Encryption
and Security Policies

Box protects the confidentiality and integrity of your files in transit and at rest.

  • Layered Encryption Encryption in transfer with high-grade TLS and multi-layered encryption at rest with 256-bit AES. Encryption keys are securely stored in separate locations.
  • Enterprise Key Management (EKM) Box provides the option of customer-managed encryption keys protected in a Hardware Security Module (HSM) with an unchangeable audit log of key usage. Learn more about Box EKM.
  • Data Integrity Version, deletion and expiration controls protect the integrity of your content.
  • Content Security Policies Prevent data loss with alerts of unusual download activity, shared files with sensitive information and uploads with prohibited data.
Sign-up For Box Data Protection Feature For Data Integrity

 

Data Center Security and Availability

Box uses multiple data centers with several providers to build redundancy into Box services. All data centers employ a variety of secure mechanisms, including strict access policies plus secure vaults and cages.

  • Secure Locations Our data centers use biometric entry authentication, closed-circuit video monitoring and 24/7 armed guards.
  • System Redundancy N+1 or greater redundancy for all network components and system components.
  • Threat Protection and Prevention Uninterruptible power and backup systems as well as fire/flood detection and prevention are used at storage sites.
Download Data Center Security with Secure Location Using