Skip to main content
Question

Shield - limiting the no. of classifications

  • May 23, 2025
  • 1 reply
  • 26 views
C
Forum|alt.badge.img

On last night's round-table when Shield implementation was covered, the recommendation was to keep the number of classification levels to no more than a handful.

This got me thinking about our implementation, which is primarily based around one project, we have had to introduce a few labels just for a specific project. The reason is that each label maps to a policy and a shield access list.

So one project has a few access lists and different content needs restricting to different groups of people, this requires separate Access policy which in turn forces a separate Classification.

    1 reply

    C
    Forum|alt.badge.img

    Hi Mark,

    Not knowing all details here, but I think it is important to take a step back and look what at what the goals of Shield are. Shield helps you in situations where users can make "mistakes" (put in quotes to include both unintended and intended mistakes). Shield is not a replacement for normal Box permissions, Shield is an extension to it.

    For a project structure we normally see that customers can set up all the security requirements with Box standard permissions. With standard permissions you can make sure only the (extended?) project team has access to the information.

    The above can then be enhanced with Shield rules. For instance you could disallow link sharing for certain pieces of information, or limit it to "people inside the project, making sure information stays within the project. This can be done by one general Shield policy. Something like "Project use only". This policy can then be used across all projects.

    As an example:
    Project AB   -> Box permissions for internal project AB team and some external people.
     | - Deliverables   -> Shield protected, so links are only permitted for people within the project
     | - Project Charter   -> no protection, can be shared with the world

    The above would ensure that only people invited into Project AB would have the right to share information. The Shield policy would then reduce the ability to share outside of the team for the "Delverables" folder. No specific list needed, as the list is already set through the normal Box permissions.

    Hope the above is applicable for your situation!

    Terms of ServiceAccessibility statement