Level up your Box knowledge with brand new learning paths on Box University. Visit training.box.com to get started

Box Status

about BOX security

Completed
Follow
New post
System

I want to know if BOX is suitable for the following questions.

 

It is a paid service that allows maintenance and support services to be received in emergencies or in the event of an accident. In addition, there is a system in place for contacting the agency in the event of an accident, and response procedures are established in manuals or similar documents.

 

Files are encrypted and stored when stored on online storage servers, or encrypted files can be accessed. It is important that important information is encrypted even when using ASP services.

 

Each user must have one account for service usage, and shared account usage is not allowed. Service usage should be restricted by authentication using ID and password, and it should also be possible to restrict access based on the combination of ID and access source IP address.

 

After ID authentication (login), access by users using IDs can be restricted at the folder or file level, and access cannot be made to folders or files without access rights. Even when using ASP services, access restrictions according to usage purposes should be possible, and unauthorized use of services or viewing of information for unauthorized purposes should not be possible.

 

Various access logs that can identify when, who, from where (source of connection), and what actions (user events) were taken should be acquired, and administrators should be able to view them. The user events to be acquired are as follows: - Login, logout (including login errors) - Stored file name (file size information) - File access history (file upload, download, file deletion)

 

During file transmission and reception, communication should be encrypted, such as by forcing SSL communication (https), and measures should be taken to prevent eavesdropping and tampering of communication data.

 

 

Operation, maintenance, monitoring, etc. of online storage, ASP services, etc. should be carried out by the service provider or its subcontractors.

 

Data and files deleted on the server in online storage, ASP services, etc. should not be recoverable by unauthorized third parties.

 

Regular vulnerability assessments for servers and applications, and security measures against external attacks such as OS and middleware security patches, should be implemented.

0

Comments

1 comment

Date Votes
  • Rona

    Hi there, 

    Welcome to Box Community and glad to assist! 

    I have created a ticket and a member from Product Support will get in touch, please keep an eye out. 

    Thanks for posting!

    0
    Comment actions Permalink

Please sign in to leave a comment.