Scheduled maintenance planned for September 30, 2023.

Print

Creating a Security Policy

Security , policy , Overview , Box Governance , Best Practices , Admin , Security Settings , Policies , Article , New , Account Administration

Note

Starting October, 2020, security features (Classification, Shared Link Policies, and Content Security) will no longer be available to new customers with the Governance add-on. These features do remain available to existing customers. Please see the Shield add-on for the latest enhanced security features on smart access and threat detection.

 

Content policies provide the ability to place files with certain types of content in a restricted "Quarantine" area. The files will then require action from an Admin or Co-admin before they become available for use.

To create a new content policy

  1. Open the Admin Console.
  2. In the lefthand navigation, click Governance.
  3. Toward the top of the page, click Content Security.
  4. Click Add New Policy.
  5. Enter a name for your policy in the Policy Name field
  6. Select the action type for this policy and corresponding settings. You can create three different types of content policies:

Upload Policy

Use an Upload Policy to set policies that take action on files with certain information that have been uploaded to your organization’s account. These policies will also be triggered when Box Notes are created or edited.

To create an upload policy:

  1. Specify the content that will activate this policy by selecting options under If a document contains:
    • Social Security Number: Files containing Social Security Numbers.
    • Credit Card Number: Files containing 16-digit credit card numbers
    • Custom words or numbers: Enter a custom word, phrase, or numerical string. You can also upload a CSV file (.csv) containing multiple words, phrases, or numbers to add them all simultaneously. Only CSV files are supported.
    • File types: Choose any file format to scan for, e.g. ".exe" or ".boxnote". There are no limitations on what formats you can select.
    • Set breadth level: Select a level for this custom search:
      • Wide: No additional requirements for a valid match.
      • Narrow: One of the following keywords/phrases must be present within 20 characters of the numeric string for a valid match: "SS", "SSN", "SSN#", "social security number", "Social Security Number", "CC", "CC#", "Credit Card", "credit card", "exp".
  2. Specify the action that will be taken on the uploaded file:
    • Move the file to quarantine section. Files will be moved to a quarantine folder, and the following conditions apply:
      • The original uploader will be notified that the file violated the policy.
      • Collaborators will not be able to access the most recent, quarantined version of the file.
      • The uploader can rectify the violation by uploading a new version of the file or by deleting it.
      • You will have access to the file from the Quarantine in the Content Manager section of the Admin Console.
      • You will be able to approve the file, making it fully available, or reject it and delete it.
    • Notify the email addresses: Send notifications to the email addresses specified in the field. The following conditions apply:
      • Admins and Co-admins will not be notified that an upload policy violation has occurred unless their email addresses are specifically listed here.
      • Email address must belong to one of your managed users.
      • You can also type in partial names or email addresses and select a user from an auto-populated list of matching users in your organization.
  3. Once you have made your selections, click Start Policy Now to enable your policy (it will take effect immediately). 

Download Policy

Download policies provide the ability to take action when your users’ download activity reaches a certain rate. To create a download policy:

  1. Specify the download activity threshold by selecting an option under If a user download activity is (download rates range from Low to High according to what’s normal for your organization).
  2. Specify the email addresses for the individuals who will be notified; the following conditions apply:
    • Admins and Co-admins will not be notified that an download policy violation has occurred unless their email addresses are specifically listed here
    • Email address must belong to one of your managed users.
    • You can also type in partial names or email addresses and select a user from an autopopulated list of matching users in your organization
  3. Click Start Policy Now to enable your policy (it will take effect immediately).

Sharing Policy

You can create a policy that sends notifications whenever content is shared with certain domains.

  1. Enter the domains that will activate this policy and trigger notifications in the field under If a user shares content.

    Note

    Enter the domain name only (i.e.: domain.com) and hit enter or click the domain from the autopopulated list of suggestions.

  2. Specify the email addresses for the individuals who will be notified; the following conditions apply:
    • Admins and Co-admins will not be notified that an sharing policy violation has occurred unless their email addresses are specifically listed here.
    • Email address must belong to one of your managed users.
    • You can also type in partial names or email addresses and select a user from an autopopulated list of matching users in your organization.
  3. Click Start Policy Now to enable your policy (it will take effect immediately).
tech_writers_swarm_kb

Related articles