Safety of files and data in enterprise Box

Box adheres to industry standards for security at every level and commits extensive resources to the design, implementation, monitoring, and maintenance of its security infrastructure, including:

  • Data encryption
  • Administrative auditing
  • Password policy enforcement and AD/LDAP integration
  • Role-based access controls
  • Password- and time-based file sharing

Additionally, all files are encrypted and stored on servers in the United States. Redundant encrypted copies of the files are stored as backups on servers at a different geographical location in the United States. Per the Internet2 NET+ contract with Box, data stored in Box, including user information, cannot be "data mined", nor may it be shared with any third party.

For more, see Box's Enhanced Security.

When using Box for collaborating and sharing files with others, be sure to review the settings carefully to ensure that you're allowing the level of access you intend. See Share and collaborate on files with Box.

If you have questions about Box's security, contact

Box at Indiana University is not appropriate for storing or sharing most types of institutional data classified as Critical. However, with certain additional security measures you may be able to use IU Box with some data that contain protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). For more, see Types of data appropriate for IU Box accounts.

This is document bbvm in the Knowledge Base.
Last modified on 2018-11-28 12:10:20.

Contact us

For help or to comment, email the UITS Support Center.