At Box, we're dedicated to bringing secure, centralized and cloud-native content services to organizations all over the world. We embed security and resilience not only into our products, but into the very fabric of our enterprise.
Total visibility and control
With Box, you can easily manage file access and sharing policies, as well as effectively govern your corporate data. At the same time, you can reduce the risk of data loss with full visibility and a centralized way to manage your content, security, policy and provisioning.
Explore IT & Admin Controls and Box Governance to see how we help you take control of your content security. Plus, you'll learn how Box helps you place legal holds, apply security classifications and manage the entire lifecycle of your documents with retention policies — all without impacting productivity.
Security backed by hardened infrastructure
We offer the Box service from multiple data centers with strong security practices that are independently validated by third-party auditors. Every file you store with Box is maintained and encrypted using AES 256-bit encryption in geographically diverse areas, leveraging both the Box data centers as well as the redundant facilities managed by Box partners.
With Box Zones, you can choose exactly where you store your encrypted files around the globe. By leveraging data centers operated by Box partners such as AWS, Google, Microsoft and IBM, Box Zones enables you to easily and securely store your data in one location or in multiple regions. Using Box Zones is completely invisible to end users and addresses your organization's data residency needs.
Privacy that fits your needs
Box KeySafe makes it easy to secure your sensitive content in the cloud, providing you with unchangeable audit logs and a cost-effective way to manage your own encryption keys.
"Security is key in everyone's business. We have the ability to downgrade sovereign nations, so it’s an imperative for us. We have to be really thoughtful about putting the right controls in place and ensuring that information is not accessible where it shouldn’t be.”
Seth Fox, Global Head of Workplace Services, S&P Global
We deliver a secure, resilient and highly available service at scale to organizations in all industries, with more than one billion files processed every single day. Box uses multiple data centers with reliable power sources and backup systems to offer 99.9% SLAs and redundancy.
Our seamless integrations with trusted security partners extend your security controls in the cloud. The Box Trust Ecosystem brings you identity and authentication, network controls, Secure Information and Event Management (SIEM) and analytics, as well as specific solutions for eDiscovery, mobile security and Data Loss Prevention (DLP).
Box is dedicated to providing best-in-class security, compliance and data protection for our customers. Whether you need to meet specific industry regulations or international security and data privacy standards, Box has all of your compliance bases covered.
SOC 1, SOC 2 and SOC 3
Box maintains a SOC 1 report based on the SSAE 18 standard, SOC 2 report based on the ISAE 3000 standard, and SOC 3 report based on TSP Section 100a from an independent third party.
Box is ISO 27001 and ISO 27018 certified for its Information Security Management System and privacy protection as a PII processor.
DoD Cloud SRG
Box is accredited at Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) Impact Level 4 Authorization.
Box has been granted an Authority to Operate and is listed on FedRAMP.gov as a FedRAMP compliant system at the moderate impact level.
Box Governance enables organizations in highly-regulated industries, such as financial services, to comply with write once read many (WORM) retention requirements like SEC 17a-4.
Box is compliant with HIPAA and HITECH, and customers can configure their Box accounts to comply with HIPAA requirements.
Our GxP offering lets life sciences companies show the FDA they're in full control of their processes and can safely work with regulated content in Box.
We're committed to being GDPR-ready so you can use Box for your GDPR readiness strategy. Box meets the highest bar for data privacy while fulfilling your global data privacy obligations.
Granular user permissions, with 7 user-friendly sharing roles
Organization-wide controls on sharing and collaboration permissions
Robust device and access controls, both natively in Box and with EMM partners such as Airwatch and Intune
User-friendly information rights management for secure external sharing, including custom watermarking
Native content security policies and available integration with leading CASB and DLP vendors
In-depth audit logs, easy end user and admin reporting, and integration with popular SIEM tools
Native information governance and eDiscovery capabilities
FIPS 140-2 certified, AES 256-bit encryption at rest and in transit, with the option of customer-managed encryption keys
SSO support with all major portals, as well as native password controls and two-factor authentication
Learn how Coalfire Systems uses Box Governance and Box KeySafe to meet their data protection needs.
Learn how to secure your business information in the cloud.