Box Status
Print

Testing Shield in Trial Mode

has_image , Admin , Box Shield , Article , New , Instruction , Rollout , P3

When certain criteria are met, Box enables prospective Box Shield customers to test Shield capabilities (except for an information barrier) during a 30-day trial (also known as proof of concept, or POC). This topic explains how to use the "Shield Trial Mode" feature, which enables you to test Shield's classification-based security controls in your production environment of Box during a trial without impacting the Box experience for the majority of your managed users.

If you're interested in deploying Shield on a trial basis, please contact your account team to request a Shield trial.

Setting up Shield testing in Trial Mode is done in 4 steps:

Important

Only users within your organization you specifically select to participate in the Shield trial, which you do in Step 1: Select users for the Shield trial, will be able to classify items with the classifications you create for the trial, and only for items the user is a owner of.

Step 1: Select users for the Shield trial

After Box enables your Shield trial, first determine the Box users in your organization who will test Shield's classification-based access controls. This may be a group of individuals in your IT or Security teams, or a small department or functional team in your organization.

Note

Only this group of users will be able to view, apply, or modify new classification labels created for the purposes of the trial. The rest of your managed users, will see no change to their Box experience.

Only the primary admin, not any co-admins, can configure users for Shield trial.

To configure a list of users for Shield trial:

  1. In the Admin Console's left pane, click Shield.
  2. In the top of the Shield window, click Access Policies.
  3. In the top-right corner, click Configure Trial Users. Box displays the Configure Shield Trial window.
  4. Select one of the following options:
    • Disable for all managed users
    • Enable for all managed users
    • Enable for select users
    • Enable for everyone except select users

      Note

      Box recommends you select Enable for select users to limit the Shield Trial to a small group of users. Type Box users by name or email address. As you type, Box displays names of users you can select (see screenshot below). Screen_Shot_2020-02-12_at_10.17.00_AM.png

  5. In the bottom-right corner of the window, click Save.

Note

The managed users who you select here to participate in the Shield trial are the ones who will be affected by Smart Access policies in that they can view, edit, and remove classification labels and will be subject to classification based access policies. (Threat Detection applies to all users automatically if a detection rule is enabled.)

Users who manage the trial must also be given the co-admin role and must have at least one of the Shield permissions enabled. If they need to set up classification schema, configure access policies, or create threat detection rules, they need both view and edit privileges. If they just need to view classification schema and threat alerts, they need view privileges only. See Granting And Modifying Co-Admin Permissions and Users & Groups Settings for details.

Step 2: Create new classification label(s)

Next, create new classification label(s) ("trial classifications") for the purposes of your Shield trial. For instructions on how to create, modify, or delete classification labels, see Classification Labels. If you are already using Box classifications in your Box environment, you will still need to create new classification labels for the Shield trial purposes - for example, [TEST CONFIDENTIAL].

Step 3: Configure Shield Smart Access policies

You can now create Shield Smart Access policies for your new classification labels, which will be enforced for only the group of Shield trial users. Refer to our Using Smart Access article to create an access policy.

Step 4: Apply classifications and test access policy enforcement

You can now ask your Shield trial users to begin classifying files and folders using the new labels, and test out the access policy enforcement and restrictions.  Shield trial users can apply trial classifications to files or folders that are owned by Shield trial users.

Important

  • Box recommends your Shield trial users apply trial classifications only to previously unclassified files and folders. If a Shield trial user applies a trial classification to a previously classified file, non-Shield trial users will not see a classification on the file.
  • Shield trial users will not see the Classify option in the Preview mode of files that are not owned by a Shield trial user. The only exception is in the All files page, where all users will see the Classify option, but a non-trial user will not be able to classify any file. Only users who you enabled for Shield trial will be able to apply a classification label or edit the classification label for a file they own.

Ending the Shield trial

At the end of your 30-day trial, Shield will be disabled from your production environment. All trial classification labels created during the 30-day trial will be permanently deleted, and all files and folders that had a trial classification will become unclassified. All other trial data, i.e., access policies, detection rules, alerts, will also be permanently deleted.

Note

The following features are not available in the Shield trial:

  • Automated classification
  • Microsoft Information Protection integration
  • Information barrier

Related articles