Box announces added security to Box Shield solution with automation classification

Using machine learning, Shield automatically scans files and classifies them based on content, detecting and securing sensitive information.


Image: Box

Box announced the addition of automated classification to Box Shield on Tuesday. Shield, a solution that protects content in the cloud, now uses machine learning to scan, classify, detect, and secure sensitive data without getting in the way of business operations.

SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)

“As people are working from home, security has become one of the top considerations for IT departments. People used to be inside the corporate network, inside of a firewall. Now the perimeter is actually moved to your house. You could be accessing content from your personal device, where as an organization, you might not have the level of security capabilities that device has,” said Varun Parmar, chief product officer at Box. 

“The other side of this is that regulatory compliance is a key area of focus for most organizations. And inside of regulatory compliance, what is getting very clear is that privacy is where a lot of the focus is. You’ve seen GDPR and now with CCPA…meeting that requirement at scale has become a paramount focus area for these enterprises,” Parmar said.

Box Shield and its auto classification feature are able to solve for both of those concerns, automatically assessing a device’s security and making sure that device is compliant with various standards.

“Box and auto classification Shield will do all the heavy lifting in terms of enforcing a set of security controls,” Parmar added. 

Box Shield and auto classification 

More than 40 ZB of data have been created in the past year, across industries, Parmar said. The challenge for organizations has been finding a way to discern and protect the sensitive  data within that content. 

“The challenge here is that as end users, they find it very hard to interpret what the corporate security policies are, which is like, ‘Hey, this type of content should be confidential. This should be internal. This is okay to be shared external.’ And so as employees there’s huge variability in terms of how they interpret that,” Parmar said. “Then on top of that, existing tools that are there today make it really hard for users to apply this classification at scale. While they can do it on a file per file basis, if you have a corpus of content that’s stored in a shared drive, for example, it becomes really hard to manage that.”

This is why the company has equipped Box Shield with auto classification, Parmar said. 

“We’re bringing intelligence and automation around data classification,” Parmar said. “Put very simply, if you have a piece of content with this new capability, when this content is added, updated, moved, or copied inside of Box, our auto classification capability would detect if this content has a certain information type.”

“There’s about 10 that we’re going to support right off the bat; things like social security number, driver’s license number, credit card numbers, international bank accounts, etc. It would detect that, based on rules that the administrator has set,” Parmar said.

For example, the system can detect the number of times a social security number appears in files. Machine learning will detect that information and automatically classify those files, which means a set of security controls would get applied to them, Parmar said. 

“So if it is a confidential file and you want to make sure that it is restricted to only folks inside of your company, that security policy will get automatically applied once that classification label is put on that piece of content that got loaded,” Parmar noted. “And with that sort of auto classification, what enterprises gain is the peace of mind that at scale, for all of the corpus of content that they have inside of Box, that they can meet the global privacy and compliance requirements.”

Box Shield can also automatically identify custom terms and phrases within files, such as “Box  Confidential,” “Internal use only,” or “NDA required,” according to a press release.

This automated classification feature joins the bevy of security enhancements Box has announced this year. Box added malware detection to Box Shield in April, and announced an improved Device Trust in May. 

The new Box Shield automated classification capabilities are generally available on Tuesday. 

For more, check out Box announces new features including annotations, Zoom integration, and greater personalization on TechRepublic.

Also see