Box Shield Classifications
Initial feedback exposed the inability for a moved file within the Box platform to take on the parent folder classification; basically deeming the whole process as a non-starter. What happens when our users move/copy folders and files from Box Drive? The goal of its use is security and keeping users from exposing private files publicly. If users who are not allowed to change classifications start with our proposed templated folder structure (with applied classifications) then they will be required to ask for help changing classifications for files they will be quickly adding to each folder instead of concentrating on work. When it comes time to make an internal file externally available to the client there is no easy way to drag that to an external share (with public classifications on it) and create a link without first changing the private classification to public.
My initial thoughts regarding this added level of security are proving correct. We are creating more work and extra steps for users already busy devising specific workflows for /files/assets/shares/links/etc.
Until we get functionality on a move/copy instruction to give us the opportunity to take on the classification of the parent folder, we don't have a great way to add security. If we allow all users to have rights to change the classification labels, we're right back to the vulnerabilities we had without it. We could have specific workflow that trains our users to upload files to specific folders in a certain way, avoiding moving files, at least initially. But that doesn't solve for movement of files after the fact.
This is exactly opposite of "Introducing Frictionless Content Security." Unless the settings are applied and adhered to and never changed folder-by-folder - only then can it be frictionless - yet that ask of our users in and of itself is friction-based. If the basic function of the product was coded to take on the parent folder classification upon moving/copying, that would be a little closer to frictionless. Users would be trained to understand the parameters of their actions in a step that is automated instead of a few clicks (or completely restricted based on user permissions).
-
Hi ,
Thanks for the feedback. I'd recommend posting this to the Box Shield business forum as they should be able to provide additional context.
Thanks,
Jon
Please sign in to leave a comment.
Comments
1 comment