Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Cloud Security

Box Showcases New Offerings for Remote Working Environment

The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment.

The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment.

Box is expanding its capabilities by improving both the operation and security of its cloud-based collaboration service, in announcements at its inaugural BoxWorks Digital event. The purpose of the enhancements is to improve remote distributed collaboration while protecting data from both hackers and regulatory compliance fails. 

“Remote work has introduced an added layer of complexity to the way we work,” Box SVP and chief product officer Varun Parmar told SecurityWeek. “There are more users (both internal employees and external partners), more devices (both sanctioned and unsanctioned), and fewer boundaries. That’s why zero trust architecture — where you can no longer trust the content, applications, devices and users, within and outside your organization — is key to security in the age of remote work. We need to fundamentally rethink the approach to security in this ‘new normal’ from bolted-on to built-in, so that security is natively built-in from the start and it doesn’t disrupt productivity, causing users to go around it.”

Showcased at BoxWorks Digital is a number of security improvements introduced over the last year — including its fastest growing product, Box Shield. Using machine learning, Shield helps users to avoid accidental leakage and risky behaviors, and provide threat detection to the security team.

“Box Shield,” explains Parmar, “can identify risky user behaviors including anomalous download behaviors and suspicious user sessions, and can detect malware. In each of these cases, Shield generates an alert with a ton of forensic detail on suspicious user behaviors that can be reviewed by a security analyst. If an organization has invested in a central log management solution such as Splunk or IBM QRadar, Shield alerts can collect and triage with logs from cloud-based endpoint detection and response tools such as Carbon Black and CrowdStrike to forensically confirm a security incident in minutes instead of hours or days. All this works seamlessly for remote employees outside of the IT’s network boundaries.”

Included within Shield are native malware detection and intelligent automated classification. It is, says the firm, “now restricting approximately 400,000 accidental shares every day”, and has in the last 90 days analyzed more than two billion files for known threats and classified over 50 million files.

New announcements today include a policy exception capability for Shield (requires opt-in at the corporate level) that allows employees to make policy exceptions by providing business justification, which is then recorded for auditing purposes.

Advertisement. Scroll to continue reading.

Box’s frictionless compliance support is also being enhanced. “As a pioneer of compliance in the cloud,” Parmar told SecurityWeek, “Box provides businesses with a central place to track data and meet compliance standards. Box already supports industry-specific regulations such as FINRA and SE 17a-4, privacy regulations like GDPR and CCPA, employment regulations like FLSA and EEOC, and more. At BoxWorks Digital, Box will announce that it will add FedRamp High certification (in addition to the existing FedRamp Moderate support) and expand its GxP validation offering for federal and life sciences customers, respectively.”

Both the Shield and compliance enhancements will become available next year.

BoxWorks Digital is also introducing a range of new features to make distributed collaboration more efficient. Annotations will now support mobile (both phones and tablets), allowing users to simply select text and leave a comment anywhere on the preview of a document. Box will automatically create and send a push notification to collaborators alerting them to the new annotation. Support for Apple Pencil is also added — handwritten notes can automatically be converted to typed text with Apple Scribble so they can seamlessly be added to documents or text boxes.

Box for Microsoft Teams has been enhanced. Users can choose a Box folder to be synced automatically with a Microsoft Teams chat, can instantly grant access to Box files from within Teams, and can receive Box notifications related to content activity directly within Teams.

Box Relay, which automates business processes like digital asset reviews and regulatory reporting approvals, has been improved with custom-built templates. A new API extensibility allows Box workflows to connect to third-party (such as Salesforce and ServiceNow) and custom applications.

The intent for all these new enhancements is to meet the new demands of increased remote working, and to help customers move toward a zero-trust security model while improving remote and distributed user efficiency. “Enterprises need built-in device security posture assessment to enable zero-trust policy enforcement for content as it gets accessed across devices,” explained Parmar. “Box Device Trust enables organizations, without deploying a dedicated agent, to specify granular ownership or security posture requirements for managed and personal devices before granting their users access to Box. These requirements may include domain membership or device certificate, checks for disk encryption, anti-virus software, minimum OS versions, and device passcode. In addition, it can check for jail-broken mobile devices – especially in the case of Android-based phones and tablets.”

Related: How Has the Coronavirus Pandemic Impacted Cybersecurity Professionals? 

Related: Two Musts for Managing a Remote Workforce

Related: Box Enterprise Shared Links Leak Sensitive Information

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...