ARCHIVED: Safety of files and data in enterprise Box

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

IU's Box cloud storage service was retired on May 10, 2021. For more, see the IU Box retirement FAQ. For information about cloud storage options available at IU, see Storage @ IU.

Box adheres to industry standards for security at every level and commits extensive resources to the design, implementation, monitoring, and maintenance of its security infrastructure, including:

  • Data encryption
  • Administrative auditing
  • Password policy enforcement and AD/LDAP integration
  • Role-based access controls
  • Password- and time-based file sharing

Additionally, all files are encrypted and stored on servers in the United States. Redundant encrypted copies of the files are stored as backups on servers at a different geographical location in the United States. Per the Internet2 NET+ contract with Box, data stored in Box, including user information, cannot be "data mined", nor may it be shared with any third party.

For more, see Box's Enhanced Security.

When using Box for collaborating and sharing files with others, be sure to review the settings carefully to ensure that you're allowing the level of access you intend. See:

If you have questions about Box's security, contact

Box at Indiana University is not appropriate for storing or sharing most types of institutional data classified as Critical. However, with ARCHIVED: certain additional security measures you may be able to use IU Box with some data that contain protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). For more, see ARCHIVED: Types of data appropriate for IU Box accounts.

This is document bbvm in the Knowledge Base.
Last modified on 2021-02-26 10:56:17.