Box wasn't particularly impressed with the security enhancements that its rival Dropbox announced on Feb. 12: Box CEO Aaron Levie tweeted at the time, "That moment when the competition executes your 2008 roadmap."
Nevertheless, it was a clear indication that Dropbox is starting to think about the enterprise in a more serious way.
Today, Box announced further security additions to its service that should keep it well ahead of Dropbox -- at least in terms of IT-approved enterprise use. The updates include the following:
- Admins can now dictate whether individual users and groups may share folders and files with external users. Previously, admins were only able to enable or disable sharing for their entire company.
- Admins can block or enable a user's specific devices from accessing the service.
- Extra log-in security -- if Box notices a user logging in from an unrecognized IP address or browser on an unknown device, it will ask them to validate via email.
- Integration with Samsung Knox, a new mobile device management platform being planned by Samsung.
- Integration with two data loss prevention systems, CipherCloud and Code Green. Companies with highly regulated documents use DLP systems to scan documents for particular types of information, such as Social Security or credit card numbers, then apply policies that restrict sharing and usage.
- Analytics provided with partner GoodData that allow companies to see how employees are using Box -- for instance, how many documents they're uploading.
Box Enterprise GM Whitney Bouck also told CITEworld that the company is planning to add support for more policies directly within documents, which will help Box support new kinds of workflows, as well as more analytics.
None of these additions is particularly groundbreaking in itself. But the point is that Box has been thinking about enterprise security for more than five years now, and continues to make these kinds of tweaks regularly.
The company is being careful not to get too restrictive, however. That would go counter to Box's entire philosophy, which is to make collaboration tools easier for everybody to use. (At the very least, easier than SharePoint.)
"The premise of Box is to make it super-easy to share, communicate, and collaborate," Bouck told us. "At its most open, there should be as few controls as possible. But real IT organizations have more sophisticated security requirements, more knobs and controls they need to dial up and dial down security on specific axes."
She continues, "We would never get to the point where the default would be to shut everything down. That'd be sort of stupid, sort of the anti-Box philosophy."
The last thing Box wants to do is turn it into a ridiculously complicated enterprise software package that takes hours or weeks of training.
Bouck pointed us to Box customer Rod Halpert, Southwest Airlines captain and administrator for the company's Electronic Flight Bag (EFB) initiative: "We love how simple Box is...my training program at SWA is called the 'Venti Latte Training Program'. In the time it takes me to drink a Starbucks venti latte, I can train anyone to use Box."
The venti latte training program might be a good metric for other enterprise software companies to adopt as well.