Box and Watchdox take different approaches to security -- which is right?

This approach also paves the way for other security features like revocation, so if a company decides to sever ties with a partner, it can revoke that partner's access to all documents that were protected with Watchdox -- even if those documents are within the partner's organization. Watchdox also enables companies to track exactly what's happening to all instances of a document as it travels among users, including who's annotated and edited it, and on which platforms. That's vital for compliance in heavily regulated industries, where CIOs can be held liable for security breaches.

"Nobody likes dealing with compliance," says Kalember. "But if the data itself can leave a compliance trail, and you can apply policies, you only have to monitor breaks of those policies."

Despite the fighting words, the two different approaches to security actually appeal to very different types of companies. Kalember says that they hardly ever see Box as a direct competitor in the accounts they approach. 

"The appeal is going to be for really large enterprises who care about protecting stuff," says Kalember. Examples include financial and health care records (which are bound by privacy and compliance regulations), pharmaceutical companies exchanging information about clinical trials, or product designs.

In fact, a lot of Watchdox customers are so focused on security, they're not even interested in using the cloud -- 49 out of the last 50 enterprise customers signed by Watchdox are using the on-premises version. That's a sharp contrast with Box, which is entirely cloud-based.

In the post-PC world, employees are going to want to access and collaborate on documents from any device they own. For most types of information, a solution like Box is probably sufficient. But for the top-secret material that can make or break a company, Watchdox is worth a serious look.

Matt Rosoff is the editorial director of CITEworld. Read Matt's bio