Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status
Print

Creating a Security Policy

Security , policy , Overview , Box Governance , Best Practices , Admin , Security Settings , Policies , Article , New , Account Administration , P4

Important:

Since October 2020, security features (Classification, Shared Link Restriction policy, and Content Security) in Box Governance are no longer available to new Box Governance customers. These features remain available to existing customers who purchased Box Governance prior to October 2020. Please note, however, that if customers with access to these Box Governance legacy features purchase Box Shield or start a Box Shield Trial, any active Shared Link Restriction policies in Box Governance will be removed. Customers will have the ability to create an access policy with Shared Link Restriction in Box Shield that offers superior functionality to the legacy Shared Link Restriction policy feature in Box Governance.

Content policies provide the ability to identify, place files with certain types of content in a restricted "Quarantine" area and/or send an email notification for such files. The files will then require action from an Admin or Co-admin before they become available for use.

Create a new content policy

  1. Open the Admin Console.
  2. In the lefthand navigation, click Governance.
  3. Toward the top of the page, click Content Security.
  4. Click Add New Policy.
  5. Enter a name for your policy in the Policy Name field
  6. Select the action type for this policy and corresponding settings. You can create three different types of content policies:

Upload Policy

Use an Upload Policy to set policies that take action on files with certain information that have been uploaded to your organization’s account. These policies will also be triggered when Box Notes are created or edited.

To create an upload policy:

  1. Specify the content that will activate this policy by selecting options under If a document contains:
    • Social Security Number: Files containing Social Security Numbers.
    • Credit Card Number: Files containing 16-digit credit card numbers
    • Custom words or numbers: Enter a custom word, phrase, or numerical string. You can also upload a CSV file (.csv) containing multiple words, phrases, or numbers to add them all simultaneously. Only CSV files are supported.
    • File types: Choose any file format to scan for, e.g. ".exe" or ".boxnote". There are no limitations on what formats you can select.
    • Set breadth level: Select a level for this custom search:
      • Wide: No additional requirements for a valid match.
      • Narrow: One of the following keywords/phrases must be present within 20 characters of the numeric string for a valid match: "SS", "SSN", "SSN#", "social security number", "Social Security Number", "CC", "CC#", "Credit Card", "credit card", "exp".
  2. Specify the action that will be taken on the uploaded file:
    • Move the file to quarantine section. Files will be tagged as quarantined and can be managed within the Content Manager quarantine section. The following conditions apply:
      • The original uploader will be notified that the file violated the policy.
      • End users will be able to see the files within their file list, but will not be able to collaborate, only download.
      • Collaborators will not be able to access the most recent, quarantined version and the previous versions of the file.
      • The uploader can rectify the violation by uploading a new version of the file or by deleting it. If the newest version is rectified, previous versions will also be accessible.
      • Admins and co-admins have access to the file from the Quarantine in the Content Manager section of the Admin Console.
      • Admins and co-admins will be able to approve the file, making it fully available, or reject and delete it.
    • Notify the email addresses: Send notifications to the email addresses specified in the field. The following conditions apply:
      • Admins and Co-admins will not be notified that an upload policy violation has occurred unless their email addresses are specifically listed here.
      • Email address must belong to one of your managed users.
      • You can also type in partial names or email addresses and select a user from an auto-populated list of matching users in your organization.
  3. Once you have made your selections, click Start Policy Now to enable your policy (it will take effect immediately). 

Download Policy

Download policies provide the ability to take action when your users’ download activity reaches a certain rate. To create a download policy:

  1. Specify the download activity threshold by selecting an option under If a user download activity is (download rates range from Low to High according to what’s normal for your organization).
  2. Specify the email addresses for the individuals who will be notified; the following conditions apply:
    • Admins and Co-admins will not be notified that an download policy violation has occurred unless their email addresses are specifically listed here
    • Email address must belong to one of your managed users.
    • You can also type in partial names or email addresses and select a user from an autopopulated list of matching users in your organization
  3. Click Start Policy Now to enable your policy (it will take effect immediately).

Sharing Policy

You can create a policy that sends notifications whenever content is shared with certain domains.

  1. Enter the domains that will activate this policy and trigger notifications in the field under If a user shares content.

    Note:

    The input will check if it’s a valid domain (for example domain.com).

  2. Specify the email addresses for the individuals who will be notified; the following conditions apply:
    • Admins and Co-admins will not be notified that an sharing policy violation has occurred unless their email addresses are specifically listed here.
    • Email address must belong to one of your managed users.
    • You can also type in partial names or email addresses and select a user from an autopopulated list of matching users in your organization.
  3. Click Start Policy Now to enable your policy (it will take effect immediately).

Related articles