The primary problem caused by the growth in remote working is a new degree of complexity. The threats remain the same, but the solutions must be new. Box on Wednesday announced additions and enhancements to its range of products designed for the growing remote working environment.
Box is expanding its capabilities by improving both the operation and security of its cloud-based collaboration service, in announcements at its inaugural BoxWorks Digital event. The purpose of the enhancements is to improve remote distributed collaboration while protecting data from both hackers and regulatory compliance fails.
“Remote work has introduced an added layer of complexity to the way we work,” Box SVP and chief product officer Varun Parmar told SecurityWeek. “There are more users (both internal employees and external partners), more devices (both sanctioned and unsanctioned), and fewer boundaries. That’s why zero trust architecture — where you can no longer trust the content, applications, devices and users, within and outside your organization — is key to security in the age of remote work. We need to fundamentally rethink the approach to security in this ‘new normal’ from bolted-on to built-in, so that security is natively built-in from the start and it doesn’t disrupt productivity, causing users to go around it.”
Showcased at BoxWorks Digital is a number of security improvements introduced over the last year — including its fastest growing product, Box Shield. Using machine learning, Shield helps users to avoid accidental leakage and risky behaviors, and provide threat detection to the security team.
“Box Shield,” explains Parmar, “can identify risky user behaviors including anomalous download behaviors and suspicious user sessions, and can detect malware. In each of these cases, Shield generates an alert with a ton of forensic detail on suspicious user behaviors that can be reviewed by a security analyst. If an organization has invested in a central log management solution such as Splunk or IBM QRadar, Shield alerts can collect and triage with logs from cloud-based endpoint detection and response tools such as Carbon Black and CrowdStrike to forensically confirm a security incident in minutes instead of hours or days. All this works seamlessly for remote employees outside of the IT’s network boundaries.”
Included within Shield are native malware detection and intelligent automated classification. It is, says the firm, “now restricting approximately 400,000 accidental shares every day”, and has in the last 90 days analyzed more than two billion files for known threats and classified over 50 million files.
New announcements today include a policy exception capability for Shield (requires opt-in at the corporate level) that allows employees to make policy exceptions by providing business justification, which is then recorded for auditing purposes.
Box’s frictionless compliance support is also being enhanced. “As a pioneer of compliance in the cloud,” Parmar told SecurityWeek, “Box provides businesses with a central place to track data and meet compliance standards. Box already supports industry-specific regulations such as FINRA and SE 17a-4, privacy regulations like GDPR and CCPA, employment regulations like FLSA and EEOC, and more. At BoxWorks Digital, Box will announce that it will add FedRamp High certification (in addition to the existing FedRamp Moderate support) and expand its GxP validation offering for federal and life sciences customers, respectively.”
Both the Shield and compliance enhancements will become available next year.
BoxWorks Digital is also introducing a range of new features to make distributed collaboration more efficient. Annotations will now support mobile (both phones and tablets), allowing users to simply select text and leave a comment anywhere on the preview of a document. Box will automatically create and send a push notification to collaborators alerting them to the new annotation. Support for Apple Pencil is also added — handwritten notes can automatically be converted to typed text with Apple Scribble so they can seamlessly be added to documents or text boxes.
Box for Microsoft Teams has been enhanced. Users can choose a Box folder to be synced automatically with a Microsoft Teams chat, can instantly grant access to Box files from within Teams, and can receive Box notifications related to content activity directly within Teams.
Box Relay, which automates business processes like digital asset reviews and regulatory reporting approvals, has been improved with custom-built templates. A new API extensibility allows Box workflows to connect to third-party (such as Salesforce and ServiceNow) and custom applications.
The intent for all these new enhancements is to meet the new demands of increased remote working, and to help customers move toward a zero-trust security model while improving remote and distributed user efficiency. “Enterprises need built-in device security posture assessment to enable zero-trust policy enforcement for content as it gets accessed across devices,” explained Parmar. “Box Device Trust enables organizations, without deploying a dedicated agent, to specify granular ownership or security posture requirements for managed and personal devices before granting their users access to Box. These requirements may include domain membership or device certificate, checks for disk encryption, anti-virus software, minimum OS versions, and device passcode. In addition, it can check for jail-broken mobile devices – especially in the case of Android-based phones and tablets.”
Related: How Has the Coronavirus Pandemic Impacted Cybersecurity Professionals?
Related: Two Musts for Managing a Remote Workforce
Related: Box Enterprise Shared Links Leak Sensitive Information