Your Privacy is Paramount
Box takes every precaution to make sure your confidential information stays that way.
- HIPAA Compliance Box provides the administrative, technical and physical safeguards to support your organization's compliance with HIPAA.
- Certified for EU and Swiss Safe Harbor frameworks for the collection and use of personal data from European member countries.
Comprehensive Reporting, Logging, and Audit Trails
Track account activity, file access, settings changes and nearly everything else that occurs in Box.
- Full Transparency See user activity with reports on over 50 different events across seven different categories.
- Reporting and Audit Trails Create detailed reports or integrate events into SIEM applications like HP ArcSight, Splunk, and SumoLogic.
- Follow Users and Activity Track usernames, email and IP addresses. See timestamps for every action through the Box Admin Console and the reporting API.
Control Access, Authentication
Easily configure permissions for your organization to ensure that the right people have the right level of access to company information.
- Strong Authentication Customize password strength requirements, resets, failed logins, session duration, two-factor authentication, and single sign-on integration.
- Granular Authorization With seven levels of permission for access, preview, editing, and sharing, you can ensure individual users and groups can only see what they need to.
- Flexible Access Controls Password-protect confidential presentations and financial documents. Set automatic expiration dates for sensitive files.
Data Protection: Encryption
and Security Policies
Box protects the confidentiality and integrity of your files in transit and at rest.
- Layered Encryption Encryption in transfer with high-grade TLS and multi-layered encryption at rest with 256-bit AES. Encryption keys are securely stored in separate locations.
- Enterprise Key Management (EKM) Box provides the option of customer-managed encryption keys protected in a Hardware Security Module (HSM) with an unchangeable audit log of key usage. Learn more about Box EKM.
- Data Integrity Version, deletion and expiration controls protect the integrity of your content.
- Content Security Policies Prevent data loss with alerts of unusual download activity, shared files with sensitive information and uploads with prohibited data.
Data Center Security and Availability
Box uses multiple data centers with several providers to build redundancy into Box services. All data centers employ a variety of secure mechanisms, including strict access policies plus secure vaults and cages.
- Secure Locations Our data centers use biometric entry authentication, closed-circuit video monitoring and 24/7 armed guards.
- System Redundancy N+1 or greater redundancy for all network components and system components.
- Threat Protection and Prevention Uninterruptible power and backup systems as well as fire/flood detection and prevention are used at storage sites.