For detailed information on the security of Box's servers and services, please see our Security Overview.

Box adheres to the highest industry standards for security so you can share, access, and manage your content with confidence.


  • Secure data centers: Your content is stored on enterprise-grade servers that undergo regular audits and are monitored 24/7
  • Redundancy: Files are backed up daily to additional facilities
  • All files uploaded to Box are encrypted at rest using 256-bit AES encryption.
  • For files in transit, AES 256 is a supported cipher, however we default to use RC4-128 encryption. We do this to mitigate a known vulnerability in SSL called the BEAST attack, which an attacker could use to hijack someone's web session when other ciphers (including AES 256) are used. 128 bit encryption is currently considered safe and secure.
  • AD/LDAP integration: Enterprise edition customers can replace Box’s authentication mechanism with their own


Box is also SAS70 Type II and Safe Harbor certified.


If you have further questions about the information shared here, please reach out to your Customer Success Manager or Account Executive who will be able to provide you with the details you need.