Enterprises that need to store data in and collaborate across multiple geographic regions can do so via Box Multizones. Box Multizones enable organizations to observe and stay in compliance with complex data residency obligations mandated by regulations such as GDPR -- without setting up separate Box instances.
(A Zone in Box is a regional data storage unit with a primary and a backup data storage center. By storing files in-region, organizations can address regional and some country-specific data privacy concerns as well as customer data residency concerns and requirements.)
You can manage Multizones via the Admin Console or through the API. Everyone in your organization is assigned a Zone by your organization’s Admin, and each person’s data is stored in the assigned Zone. If the Enterprise Admin does not manually assign someone to a Zone, Box stores their data in a default Zone established by the Enterprise.
The end user experience is never impacted.
To set up Multizones, an Enterprise must:
- have more than 10 seats deployed
- have an active Box Consulting package (for setting up Multizones - mapping users and moving data)
- have an active Premier Services package (for managing the added administrative considerations)
The enterprise designates a default Zone and chooses which Zones to use when purchasing Multizones. They can choose any combination of Zones, or all of the Zones Box provides.
Once the Admin designates a default Zone, Box automatically assigns all users to that Zone. Your Box account admin can assign one or more Zones to anyone in your organization and also access reporting features through the Admin Console.
Note If the Admin wants to change a zone for someone, the Admin must manually re-assign that person.
Of course, people may change Zones within an organization, and people leave an organization. When that happens, Box migrates the data.
Files and folders stored in one Zone can move into another Zone. The primary triggers for data migration are:
- The Admin assigns or re-assigns the individual to a Zone
- The content owner transfers ownership of data to someone else in a different Zone.
- Someone copies data from one Zone into another.
- The Admin sets a new default zone.
As soon as one of the above actions completes, Box schedules the transfer. Please note that the storage policy of an individual file is based on the storage policy of the file's root folder.
Note While a Zone refers to a geographical region, a storage policy refers to a specific data center within a Zone.
Where Files Reside
With regard to Multizones, Box stores files according to top-level folder ownership. For example, Robert is mapped to Canada, and Kiyoko is mapped to Japan. All the files stored in Robert's folders reside in Canada, and all the files created in Kiyoko's folders reside in Japan. But if Robert creates a file in one of Kiyoko's folders, that file resides in Japan and is subject to the data sharing and privacy rules of the Japan zone -- even though Robert created it from Canada.
User/Data Zone Reporting
If you are the account Admin, you can use the Admin Console to create multiple reports:
- Zones for All Users - A Managed User Report with additional columns indicating each user's Zone information.
- Historical Changes to Zones - A report that includes all changes to Zones for all users. This report extends over the past year if viewed interactively or over the past 7 years if exported.