Data Security



Get Training

Box takes every security measure to make sure confidential information stays confidential, from the security implemented in the cloud to the end user’s mobile device.


Confidentiality with Confidence
Box adheres to the highest industry standards for security at every level so you can manage, access and share your content with confidence. Box maintains numerous certifications and audits for all corporate operations.

Figure 1:  Box is secure throughout the stack - something few other cloud services companies can boast.


  • Sophisticated data encryption: Critical business data is protected at all stages. Files are encrypted during transit to and from the Box cloud with high-grade SSL, and in storage within Box with 256-bit AES.
  • Comprehensive network protection: The Box network is constantly monitored and undergoes frequent threat assessments to ensure data protection. Multiple Internet backbone connections provide routing redundancy and high-performance connectivity.
  • Data center security and availability: Multiple data centers employ physical security, strict access policies and secure vaults and cages. Box has been issued an SSAE 16 Type II report and is Safe Harbor certified.


Administrator Controls

Administrators control the account settings of all users and can easily configure permissions for the entire organization. Admins have granular control over password strength and resets, failed logins and session duration. All data usage, file history and user activity is monitored with comprehensive audit reports. You can set expiration dates for access on time-sensitive data, protect confidential documents with passwords and manage which users can create, share, download or preview content.

Figure 2: Add a password requirement to a file that you are sharing from Box.


Figure 3: Box can notify you whenever someone views, downloads, comments on, edits or uploads files or folders.


Account Access

End users authenticate with Box using their centrally administered credentials. Box supports multifactor authentication and integrates with leading single sign-on providers.

  • Active Directory/LDAP integration leverages your existing user management systems
  • SAML 2.0 and ADFS support offer streamlined integrations with cloud SSO providers.

Figure 4: Box has partnered with the leading single-sign-on providers such as Ping Identity, Citrix, Intel, VMWare, Okta, OneLogin, and Symplified.


Previous: Using Box to Address SOX Compliance Challenges

Next: SOX Folder Governance


Was this article helpful?
4 out of 4 found this helpful