Box Customer Resource News

1894 Views
0 Comments

At Box, we take the security of our customers' data seriously, and wanted to update customers on best practices when using Box's "Custom URL" sharing feature. Recently, an article was published by a researcher on potential ways that unintended parties could access public/open Custom URLs by guessing the words that users created for these web addresses.

 

This is not a security vulnerability. Custom URLs are a very small percentage of all shared links created, and are intended to be used for sharing content publicly. However, it's important to ensure users are using this feature in the right way, and there are important details you should know when using Custom URLs, as well improvements we're making to ensure better usability and protections when using this feature.

 

Custom Shared Links are different from a default secure Box shared link

 

As with other cloud sharing platforms, if you want to share files or folders securely, Box generates a secured shared link that can be used to share with people either inside or outside your company. Box shared links are assigned a URL based on 32 randomly generated alphanumeric characters, and we provide a variety of security controls our users can choose based on the sensitivity of the content they are sharing. Additionally, users and enterprises can enable additional security controls on these links, such as password-protection and expiration policies to automatically un-share content at a user-designated point in time.

 

As an optional feature, enterprises can enable or disable the generation of "Custom URLs" for shared links. This is a means of changing the default generated secure shared link to an easily discoverable, user-defined web address. This feature is intended to be used only for content that users are looking to make easily accessible using a customized web address. For instance: if you're a car company distributing public press releases for a product launch or a media agency sharing a portfolio of content, custom shared links make it easy to publish content on the web.

 

Here is an example of what both link types might looks like:

 

  • Default Secure Box Shared Link: "company.box.com/s/m6nd910dla913ydsd01akd1hdfasljkn"
  • User-defined Custom Shared Link: “company.box.com/v/press-releases”

 

Custom Shared Links are intended for sharing non-sensitive, public content with a broad group or internal content companywide. As such, it is important to understand that the combination of an easily discoverable url and public/open link settings makes it easier for external parties to find these URLs. Because of this, we do not recommend putting any sensitive or private information into the files or folders with Custom URLs set to "public/open" permissions. Please Note: If your organization has no reason to share content publicly, we recommend admins turn off this feature (see how below).

 

Improvements we're making to Custom Shared Links for your Security

 

To give IT admins more control over how Custom Shared URLs are used (or not), and for better usability for end-users, we're making changes to further improve end-user education and controls around safe ways to use Custom URLs:

 

  • Increasing the minimum number of characters for a Custom URL: While Custom URLs are only intended for non-sensitive content, to reduce unintended access we've increased the number of required characters for creating a link to 12 characters or more.

 

  • Better user education around Custom URLs: We’ve added a dialog in the link settings tool that advises users that no sensitive content should ever be shared with the Custom URL level of permission.

 

  • Making it easier for admins to turn off the Custom URL feature capability: We've made it simple to disable custom URLs in your Box instance. Just visit the “Content & Sharing” tab “Enterprise Settings” section of the Box Admin Console to turn off this feature if you don't want users creating Custom URLs for content. After this change, users will only have the ability to use Box-generated secure links, or invite users or groups to folders directly.

 

sharedlinks.jpeg

 

 

Stay tuned. We will continue to make improvements to Box's core security features, usability, and admin controls to ensure your content is always protected and controlled. For more information about shared links on Box and Admin tools available to you, please see the below posts on the Box Community.

 

About Open Shared Links and Custom URLs

About Admin settings for shared links

About Secure Shared Links

 

477 Views
0 Comments

With a thousand folks attending different services a week, this church has an easy way to provide their attendees access to sermon messages and weekly announcements for their church programs. 

 

Using Box, the church was able to host mp3 files of the pastor's sermons and share all the hosted messages in an embedded folder. Users could easily play the sermon mp3 file without a Box account. Likewise, the IT team at the church would use the embed features for their BoxNote file to easily make updates for their announcements. Each week, the IT team could make updates in a shared BoxNote and through the embed widget, the changes were live immediately for public viewing. Previously, the IT team had to designate one person to manage the website and upload a new agenda each week; now, a team all could share access to continuously update the same BoxNote.

 

One less thing for the IT team worry for their very busy Sunday!

 

Learn More:

1908 Views
0 Comments

A huge thank you to all of our amazing customers and community members who submitted their Gartner Peer Insights reviews about Box – thanks to you Box has been named a 2019 Gartner Peer Insights Customers' Choice for Content Services Platforms!

 

You can see our Box Blog post with details about the award and links to some of the details reviews that were submitted.

 

If you have a Box story to share, we encourage you to join the Gartner Peer Insights crowd and weigh in

 

And you can read more about the Gartner Magic Quadrant for Content Services Platforms and then download your own complimentary copy of the Gartner Magic Quadrant for Content Services Platforms here.

 

Our heartfelt gratitude once again – we are incredibly proud to be our Customers' Choice as a trusted partner in their digital transformation journey! 

 

4331 Views
0 Comments

An industrial goods company was looking to tackle a problem related to a NetSuite data migration to their Box account. In addition to purchasing a Box Consulting (BC) Shuttle package, they followed through with re-engaging with BC to receive more assistance with NetSuite.
 
Along the way, the IT admin director realized there was more fundamental work that needed to be done in order to make sure they were going to be set for success once their "go-live" date hit.
 
  • For end user training, the admin was concerned with end users not being too familiar with the Box product. Requiring users to view self-paced and live courses on the Community was the first step in assuring familiarity with Box's features and interface.
  • With access permissions, the admin utilized the different permission levels in Box to assign ownership to the right stakeholders. Enabling the right users to be editors in some folders and previewers in others allowed the admin to establish clear boundaries on what teams could focus on for their departments. 
  • In addition, he leveraged the Groups feature to mass assign the correct permissions to the right folders in one easy step. 

 

With the available resources on Box, the IT admin director was able to set up his department and stakeholders for success! 

 

 

Check out the resources here:

1218 Views
0 Comments

This software company's IT team was struggling with a very common problem: When a new sales hire was brought into the company, the IT team not only had to manually provision a Box account for the user, but also had to spend inordinate amounts of time assigning access to all necessary folders across different departments. The IT Director realized there had to be an easier way to onboard efficiently.

 

Enter Box Groups and its integration with their SSO provider's Active Directory. The IT Director integrated Box with Okta, and implemented Active Directory Groups with Box to allow a Box license to be auto-provisioned to each new person provisioned in Okta. She then leveraged Box Groups functionality in the Admin Console to automatically and quickly give new hires access to their team's shared Box folders at the appropriate level, adding multiple users to relevant folders quickly and easily, and set up Box Group Content Managers across lines of business so that each department could manage their own content and keep files up to date.

 

  • To do this, she first entered the Users and Groups tab of the Admin Console, and created a Box Group for the Sales team. 
  • Then, the admin used the "Add Folders to Group" functionality to give the appropriate level of access permissions to all folders any new sales hire would need as they got started: sales team trainings, marketing materials for new software products, contract templates, even the healthcare benefits information HR distributed to new hires. 
  • Now, whenever a new person was hired onto the Sales team, they could be added as a member of the Sales Group in Box and automatically be given access to every folder shared with the Group.

 

Finally, to sustain this on-boarding process as the Sales team continued to scale, the IT director assigned the Sales Operations Manager to be the "Group Admin", empowering them to add new members to the group, share new files with the Group, and update existing shared files accordingly.  No more bottlenecks for the IT team and easy on-boarding for all new hires!

 

Have another experience with SSO that you'd like to share? Comment in the post below to share your use case or give the post a kudos!

 

Learn more:

1376 Views
1 Comment

This social media company, like most companies, needed a better way to consolidate their content for their employees to easily access but also share through different platforms. That's why they rely on Box and the multiple integrations supported with best of breed apps like Slack and Google Docs. 

 

At this company, marketing would house large video files in Box for editorial teams to condense and finalize as public ready material. However, rather than sharing it through a company email, the marketing team would share the file through the Slack integration, setting the correct permissions in the selected slack channel while having the file still stored safely in Box. With the visibility and fast reactions provided by the Slack integration, the marketing team is able to quickly release content internally in a secure fashion.

 

Meanwhile, the agency teams took advantage of the new G-Suite integration and were able to collaborate with external vendors on Google Docs and Google Sheets realtime. The agency manager would create the google doc from his box account, maintaining ownership and issuing selected access to the right vendors. The productivity tool allowed for faster edits and requests from the agency team, finalizing their collateral content on time.

 

When the project was finished, the owner didn't have to worry about any lingering content stored on external users' account - instead, with the Google Doc being saved in Box, the content was stored in one secure location. Using collaborator auto-expiration, the content owner was also able to automatically remove the external vendor from the folder and files upon completion of the project. Safe and secure!

 

Have an integration that you enjoy using with Box? Comment in the post below to share your use case or give the post a kudos!

 

Learn more:

 

1107 Views
0 Comments

How can cloud technology help professional sports teams maintain a competitive edge? 

 

A major league baseball team who have brought home multiple World Series wins has been leveraging Box Capture to not only find and recruit top-tier talent, but also to coach their athletes to become some of the best players in the world.

 

When looking for new talent, agents in the field will bring an iPhone or iPad with Box Capture installed. As they travel across the country scouting the minor leagues for star talent, they use Box Capture on their mobile devices to take video of up and coming athletes at games. Through Capture's technology, this video is automatically uploaded to a secure shared folder in Box and is immediately accessible by their colleagues, so prospective new recruits can be quickly evaluated, speeding up the time it takes to bring in new team members.

 

But Capture's impact on these athlete's careers doesn't stop there! Once these recruits are officially a part of the team, their coaches will use Box Capture to film them during team practice, and preview the video as a coaching tool later to point out suggestions and corrections, down to the second mark, in Box. 

 

With Box's video previewing capabilities on the Box mobile application, players can be coached using Box from any location–so world-class athletes can improve their technique from an office, the locker room, or standing in the middle of the outfield.

 

How else do you use Box Capture for your enterprise? Comment in the post below or give the story a kudos!

 

Learn more:

 

4269 Views
0 Comments

Saving the environment can be a tough goal, but for one administrative team, it was a goal worth pursuing and achievable with Box!

 

With a few changes to each of their processes with remote workers and teams, here's how the University Admin Office made an impact:

  1. Used the Email Upload feature for any external collaborator to upload or send documents. Printing out numerous amounts of PDF forms and mailing them in were discouraged, and the admin office instead collected electronic copies that were neatly organized in the appropriate Box Folder. 
  2. Using Mentions for internal task management was an easy way to avoid clutter and allow admins to notify the right team to examine files in their workflow. For example, the admin office would @mention the finance team for example to review a student's forms and receive an email notification when the task was completed.
  3. Using Box Capture, field teams when reviewing leases would upload pictures of facilities to Box using an iPad. The workers could select the right location folder to upload the new pictures and @mention the admin office to review. That's it, that's the story, but compared to shipping hard drives and memory sticks, Box Capture was much easier for the both teams to use.  

 

With a few simple features and settings enabled, the University Admin office has made a bigger impact on their team's efficiency and the well being of their environment!

 

Learn More:

1873 Views
0 Comments

A cyber risk management company who advise their clients on complex, compliancy issues (HIPAA, FedRamp, etc) was frustrated by something supposedly very simple: internal and external sharing. 

 

With their previous collaboration platform tool, the company had trouble inviting clients to their desired content with the proper permissions. With all the "red tape" getting in the way, the IT team decided to examine another solution, approaching Box with the question, "It shouldn't be this hard right?" 

 

The IT team made it simpler for each user to create their own folders with the caveat of restricting content creation at the root level. With the proper workspaces set up by the admins, users could create their respective projects in the appropriate folders, sharing internally and externally with the right collaborators. No admin delays or requests to create the right folders or set up the permissions - all could be enabled by the user themselves.

 

Last but not least, the IT team took a look at Box Governance, specifically applying retention policies on their project folders. To meet their compliancy standards, the company applied a retention policy that deleted project folders after a project was finished and moved to the "completed folder". 

 

Ever used the restrict content creation feature? How else do you set up workspaces for your users in your enterprise? Comment in the post below or give the story a kudos!

 

Learn more about the features here:

1725 Views
0 Comments

A construction company is cleaning up their mess; nope, not the debris you'd see from a site, but the digital management of their files and projects, and they managed to do this with Box.

 

The IT Admin wanted to have a unified folder structure and create a template folder structure that would be easy to replicate for all employees. Using Box, he utilized the Copy feature on the WebApp and set up template folders with organized sub-folders and files needed for each assigned collaborator to work on their construction projects.

 

No developers needed, just copy and paste using easy keyboard shortcuts, that allowed our admin to immediately set up multiple users right away!

 

What about when employees left companies or new managers needed to take over a current project? Without breaking any current collaborations or set up for employees, the IT team could easily change ownership of the folders to a service account before reassigning to the newly identified owner, all using their content manager tab from the Admin Console.

 

Have another way that you set up workspaces for your projects? Share in the comments below or kudos if you like the Copy feature!

 

Learn more:

 

 

500 Views
0 Comments

Did you know you can make the next great film right from your home? Well technically, you're going to still need the actors, film sets, director, producer, a budget, etc... so maybe, it's not that straight forward.

 

BUT, one movie studio made that possible without losing efficient collaboration in their creative process. With a goal to reduce their environmental impact, the studio enacted a remote work policy to reduce commute time. Keeping their files secure and having the right access for their team was possible through the use of Box.

 

First, the edit team would upload video and media content to their internal folders for their team to access. They would invite specific teams with higher editing permissions through the Group feature and avoid overlapping their edits using the Lock feature to alert others of their work in progress.

 

Once they wanted to share final edits for approval with the director and producers, they would invite them with a previewer permission access to the folder. Often on the move, previewing the video files was easy for the director and producers on their iPads with the Box for iOS app.

 

Despite all the moving pieces and remote access, the movie studio felt secure about their content since it was protected with Box Governance and had Watermarking available on their video files and scripts. No leaks or loose downloaded copies made possible!

 

Altogether, the movie studio has released multiple movies with Box, streamlining their workflow while reducing their carbon footprint with an efficient remote work policy. Just another day in Hollywood for this studio!

 

Feel free to add your questions in the comments. Or give this story a kudo if you liked it!

 

Learn more:

 

437 Views
0 Comments

When you think of creativity, you're not thinking of access stats are you?

 

Well, a retail company relies on just that to ensure that their creative team are in sync planning seasonal merchandise and placement in their stores.

 

Using BoxNotes, the creative team would brainstorm ideas realtime, uploading store images, annotating ideas on concepts, and commenting on what inventory items should be brought in, all on one BoxNote! When all ideas were finalized, the creative team would update their seasonal merchandise layouts in the respective folders on Box and then use Comments to alert the manager for approval. 

 

So where do the access stats come in? This team requires everyone to have viewed the files/plans before the team moves on with the final decisions, and with access stats on files in the WebApp, it's easy to see who has updated and viewed the assets most recently. With everyone's comments and discussion all organized on the sidebar in one file, the creative team can move forward with a unified vision!

 

Have another creative way of making sure your teams are collaborating on the right projects?

Feel free to add your questions or share your example in the comments. Or give this story a kudo if you liked it!

 

Learn more:

Please log in to subscribe

Users online (2,839)