Sharing outside the Box

Opinion by Dan Raywood

The concept of cloud-based file sharing is one plaguing security managers, as it is often putting data out of their control and at fear of being out of compliance.

The concept of cloud-based file sharing is one plaguing security managers, as it is often putting data out of their control and at fear of being out of compliance.


Without mentioning any names, it seems that this concept has elevated users to not only bring their own devices into the workplace, but also take data out of the perimeter and into an unmanaged cloud. There are several solutions to this, with one of the leading consumer players now offering a business solution, but among the other more business-ready solutions is Box.


Fresh from partnering with CipherCloud to offer encryption of data inside an application, Box is now offering a similar service with the business and control as its heart. This week I met with Whitney Bouck, general manager of Box, who was announcing the company's accreditation with the ISO 27001 standard.


Bouck said: “This certification demonstrates our commitment not only to the security and control of our customers' data, but also our commitment to our global customer base. We started down this path last year and our compliance efforts are gaining steam.


“While this is an important certification for Box, it's just one more step along our long-term roadmap and commitment to providing the highest level of transparency and assurance to our customers about the quality and security of our platform, top to bottom.”


This achievement aside, using the cloud still fills security types with fear. Speaking at SC Magazine's Data Protection conference in March, G4S technology director Glyn Hughes said "that internal due diligence and continual assessment needs to be done when it comes to the cloud, as a move to the cloud cannot result in a loss of control of data".


Bouck said that when it comes to data protection fears of storing data in the cloud, this is a conversation that she is having frequently with CIOs and CISOs and, as technology has become more sophisticated, this is pushing and pulling users to and from the cloud. She said that while challenges such as cost, availability and agility are a concern, "there are lots more to the cloud".


Bouck went on to say that where there is fear of using the cloud, there is also a change, as trust has been added as well as availability. She said: “Where we shine is we allow data to be put on any device so you can share it with anyone you want to so you can sync and share.


“The other area is content and collaboration. Where we focus on business content and a lot of it is back and forth; often it is too large [and] goes into an FTP server, so we try to thread that together and put it into Box where you can track it rather than a disconnected model. You do stuff with executives and third parties, so storing and sharing content is at the core.”


Talking about the type of users that Box has, Bouck mentioned enterprises, airlines, electrical firms and telcos. She said: “Look at banking, a heavily regulated sector. What are they in business for? To provide financial services to their users; their core business is not managing data centres, it is about managing wealth and money and that is why we are in this business, we offer services for data management. It all matters for the cloud: how safe is it, can service providers offer security?”


Talking about the recent launch by Dropbox of 'Dropbox for Business', Bouck said that while the initial technology is similar to what it offers, this solution "added very few controls for adding and deleting users". Bouck said that Box's management adds the ability to allow use on a certain device, password security, limits on sharing content and permissions to limit the control of information so it is all logged and audited.


“In Box it is all tracked so you can see what is against policy and alleviate problems,” she said. “The administrator control fits within a user's ecosystem. We integrate with 240 business applications and we have achieved compliance with HIPAA, Fedramp and now ISO 27001.”


Bouck went on to say that consumerisation of IT has changed the way people share data, as it is so accessible in consumer models. She said it is becoming known as a 'Dropbox problem', so Box saw the opportunity to give users a tool to be secure, to scale and which offers visibility too.


She said: “We focus on scale and security and it all makes IT happy, as nothing makes users and security people happy! Our secret sauce is how this affects users without inhibiting users. Look at the work from home model, how is that done securely? If you use Box you can do it securely, but if you bring in a device, security has to okay it first, or you have to use a VPN to get in.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events