As companies move to the cloud, there is an increased momentum to migrate from legacy on-premise content management solutions to solutions like Box. One of the wonderful things about cloud services such as Box is how collaborative it is – but that’s a double-edged sword. Instead of turning collaboration off, enterprises require real-time collaboration control to build guardrails that enable appropriate sharing, but prevent negligent sharing, like sharing an internal-only document with a customer or partner, or sharing highly valuable IP with a development partner via a personal email address. As such customers require an exhaustive data protection capability that can protect sensitive data both on the end-point device and on the cloud.
In order to help customers meet legal, regulatory, and business mandates, Box has a governance offering. A key feature of Box governance is security classifications. Box security classifications enable customers to protect sensitive data by classifying files based on their confidentiality and enforcing security policies associated with that confidentiality level. McAfee Skyhigh Security Cloud customers can now leverage Box security classifications in their DLP policies which allows customers to meet stringent Security Compliance requirements and also meet business needs for collaboration.
Some key use cases enabled by Box security classifications support in McAfee Skyhigh Security Cloud:
- Leverage existing policies to apply security classification labels: Companies using Skyhigh would have already defined granular policies to protect against data loss and compliance breaches. These policies detect sensitive data using multiple methods, including data identifiers, keywords, and regular expressions, and apply the specified remediation such as delete or quarantine. By leveraging existing policies to apply classification labels, companies reduce the efforts required to detect and flag sensitive data.
- Enforcing Classification & Governance Requirements: Companies that require that all documents in Box be classified, can develop DLP policies in McAfee Skyhigh Security Cloud that look for unclassified documents, and take action on them. The action could be applying a default security classification, quarantining the document, emailing the user etc., based on the risk tolerance of the company
- Prevent external sharing of sensitive data: McAfee Skyhigh Security Cloud can be used to enforce sharing policies of sensitive documents, that have been tagged with Box security classifications; thereby preventing data exfiltration in the cloud
- Enforce classification on existing Box data: Companies can use McAfee Skyhigh Security Cloud’s on-demand scan capability to inspect their existing Box deployments and apply classification labels on documents based on specified policies. Large enterprise Box deployments contain hundreds of thousands of files and the on-demand scan capability is a method by which IT can quickly automate the application of classification labels without incurring huge overheads.
- Meet enterprise scalability requirements: By enabling companies to apply classification labels, either in real-time or on-demand, based on granular DLP policies, Skyhigh allows IT teams to quickly and easily apply the capability across their corporate Box deployments. Data classification projects often do not get off the ground due to high resource costs and the inability to scale to cover all existing and ongoing data assets. Using Skyhigh, IT teams can overcome these challenges and successfully deploy security classification on data residing in Box.
This integration leverages best-of-breed technologies to prevent sensitive data exfiltration, resulting in a globally consistent, “always secure” data governance policy, which allows customers to meet stringent security compliance requirements.