Security & compliance

Protect and govern the flow of information in the Content Cloud

Security & Compliance

Global leaders trust Box with their most sensitive data

Morgan Stanley
allergan
dubai airports
intuit
IRC

Security and compliance that fit your needs

When collaborating securely is one of the most important parts of your job, you need security and compliance you can trust. With the Content Cloud, we bring you the very best in security, privacy, and compliance — and it's built right into our DNA. More than 100,000 organizations use Box to secure their most valuable and highly sensitive data, all while reducing financial, legal, and reputational risk. And we're proud to have earned their trust.

Zero-trust security controls

Our zero-trust architecture approach ensures teams can collaborate safely with strong user authentication with SSO and MFA support, device security, and information rights management with vector-based watermarking. You also get seven user-friendly permissioning roles, device trust, and application controls. Box is FIPS 140-2 certified, and even better, every file is encrypted using AES 256-bit encryption at rest and in transit. With Box Keysafe, you maintain complete, independent control of your encryption keys.

Intelligent data leak prevention and threat detection

Box Shield helps you protect the flow of information and reduce content-centric risks with precision — without slowing down work. Use classification-based security controls to automatically prevent data loss, and AI-powered, context-aware alerts to detect potential data theft and malicious content. Enable secure hybrid work from anywhere, anytime, and any device with native tools that help secure content at scale.

Simplify your information governance strategy

We make it easy to streamline information governance with flexible retention schedules, preservation for defensible discovery, and disposition management. Get the content lifecycle management your organization needs to reduce risk and stay compliant, while keeping teams productive.

Exceed global compliance requirements

At Box, we work hard to meet the highest bar possible for data privacy. We're dedicated to earning and keeping our customers' trust — every day. Whether you need to meet specific industry regulations or international privacy standards, the Content Cloud covers all your data compliance and regulatory needs — including GDPR, GxP Validation, HIPAA, ITAR, PCI DSS, ISMAP, FedRAMP, and more. Box Zones allows organizations to address data residency obligations across multiple geographies.

Put data security and compliance first with the Content Cloud

zero trust security
Zero-trust security

Enterprise-grade controls with identity and access management, secure collaboration, and customer-managed encryption keys

data leak prevention
Data leak prevention (DLP) and threat detection
Advanced machine learning tools for native DLP and cyber threat detection
content lifecycle management
Content lifecycle management

Built-in information governance for data retention, legal holds, and disposition management

industry and regulatory compliance
Industry and regulatory compliance

Content compliance in accordance with industry standards and regulatory requirements

Security features

Users

  • Suspicious user activity alerts
  • Strong user authentication via SSO and MFA
  • Password controls
  • Identity lifecycle management

Devices

  • Device trust
  • Device pinning
  • IP allow-list
  • Device security integrations

Applications

  • 1,500+ integrations via APIs
  • Permissions sync
  • Granular application scopes
  • Classification-based app controls

Content

  • AES 256-bit encryption
  • FIPS 140-2 certified
  • Vector-based watermarking
  • 7 user-friendly sharing roles
  • Shared link expiration
  • Customer-managed keys

Intelligence

  • Auto-classification of data
  • Classification-based access controls
  • Microsoft Information Protection (MIP) integration
  • Multi-layered malware scanning
  • Ransomware detection

Reporting

  • Centralized audit logs
  • Historical reporting
  • CASB and SIEM integrations

Check out Enterprise Plus

Enterprise Plus gives you the best of the Content Cloud in one simple plan. We’ve included our most-valued products and services to help you power secure enterprise workflow automation across your organization. And it saves you up to 35%.

Ready to get started?