Box, Inc. and CrowdStrike today revealed an alliance through which tools will be made available later this year to secure files and data shared via Box’s cloud service.
Specifically, organizations will be able to apply data loss prevention (DLP) tools to apply rules based on classifications that identify the sensitivity of a document, along with risk-scoring tools provided by CrowdStrike.
Additionally, Box and CrowdStrike will address the cybersecurity requirements of small-to-medium businesses (SMBs) by integrating Box with CrowdStrike Falcon Go and Falcon Pro.
Box CEO Aaron Levie said this first cybersecurity alliance for Box provides a more granular approach to securing the Box platform without overly burdening the end-user experience. That’s critical, because if the process for securing environments becomes overly complex, end users will simply adopt alternative shadow IT approaches to sharing files and documents, he added.
Capabilities enabled by CrowdStrike’s Falcon platform will also enable security and IT teams to detect malicious files, ransomware and suspicious activity, as well as configure security policies directly from the Box administrative console.
Previously, Box focused on securing files and documents using signatures to identify security threats, but the alliance with CrowdStrike is part of a larger effort to embrace machine learning algorithms and other forms of artificial intelligence (AI) to secure the Box cloud service. As part of that effort, Box will continue to expand the number of cybersecurity alliances it has in place, noted Levie.
This initiative comes at a time when the Securities and Exchange Commission (SEC) is gearing up to apply rules that will hold public companies more accountable for the security of documents and files. At the same time, there are numerous data privacy regulations that either have been implemented or soon will be that require organizations to know where all instances of personally identifiable information (PII) have been stored.
Services such as Box have also been turned into malware distribution vehicles by cybercriminals that have managed to purloin the credentials of end users via phishing attacks. The goal is to embed malware into files and documents that, over time, will become more widely distributed. Once activated, that malware will then attempt to communicate with a server set up by cybercriminals in the hopes that the environment where that file or document has been shared presents additional opportunities to wreak havoc.
It’s not clear how heavily cybersecurity teams will focus on locking down file-sharing services in the months ahead, but Box is betting that a service that makes the appropriate security controls readily available is much more likely to be embraced as a corporate standard.
In the meantime, cybersecurity teams would be well-advised to audit what services are being employed today before regulators start making inquiries. Many of those regulators are going to be looking to make an example of some organizations to ensure that others are taking new requirements seriously. As such, the cost of a regulatory breach is about to become a lot more expensive.
Recent Articles By Author