« U-M Box
Box adheres to the highest industry standards for security at every level and commits extensive resources to the design, implementation, monitoring, and maintenance of its security infrastructure. Box: Security Leadership in the Cloud.
Before storing any sensitive data, be sure to check the Sensitive Data Guide to confirm that your files can be safely stored in Box.
Following is information everyone should know in order to fully understand how to best protect their sensitive data in U-M Box.
Every user is responsible for using U-M Box securely to store or share data. Sensitive regulated data—such as protected health information (PHI), export controlled research (ITAR, EAR) and Student Education Records (FERPA)—are often subject to federal and state laws that require users to exercise special care. Following the guidance below will help you store and share sensitive university data safely in U-M Box and will reduce the risk of costly fines and penalties.
Sensitive data is required to be stored in a shared account's folder.
For specific instructions on the minimum requirements for using U-M Box securely with sensitive data, see Using U-M Box Securely with Sensitive Data.
For specific information, see the following sections on Using U-M Box Securely with Sensitive Data,
|Blue folder with people and sync tag||
|Blue folder with people||
|Yellow folder with sync tag||
|Gray folder with people||
Roles determine what actions users can take. Following is a visual for the possible actions for each role.
|Co-owner||Editor||Viewer Uploader||Previewer Uploader||Viewer||Previewer||Uploader|
|Edit Folder Name||•||•|
|Edit Folder Properties||•|
|Send View-Only Links||•||•||•||•|
|View Items in Folder||•||•||•||•||•||•||•|
|Set Access Permissions||•||•|
|View Access Stats||•||•|
|Create/Edit Box Notes||•||•||•|
|View Box Notes||•||•||•||•||•||•|
How to configure your settings:
Only Owners and Co-owners can send collaborator invites: Restrict the ability to invite collaborators to only Owners and Co-Owners. This is the single most important choice for securing your files and folders. Only individuals who own the content should be in full control of who is able to access the content.
Restrict collaboration to within University of Michigan: This option determines whether or not to collaborate externally. We do not have a recommendation on whether or not to collaborate externally. It is your responsibility to share data with only those who should have access to the data.
Hide Collaborators: We do not recommend hiding collaborators as it is more secure to know exactly who has access to files and folders.
Allow people who can access this folder from a shared link to join: This option is only useful if you are sharing with "Anyone with the link" or "People in your company." This is not permitted with sensitive data.
Disable commenting for this folder: As sharing and collaboration is the goal of using Box, we do not recommend disabling the ability to comment on folders. Keep in mind that all roles (except Uploader role) has the ability to view comments.
Shared links provide quick access to Files and Folders by only clicking the link. Restrict shared links to collaborators only. With sensitive data, you may allow only collaborators to access files and folders through a shared link. Leave the drop-down menu set to "For both files and folders."
Do not put sensitive data in folders owned by individual users. Instead, use a shared account that is set up specifically for sensitive data, and include the appropriate individuals on the shared account. More information on shared accounts.
While Tags do not protect folders or the content in the folder, they are a way to visually indicate that the folder is secure for sensitive data. Use the drop-down menu or the right-click menu and choose Add/Edit Tags.
A new window will open. Users can add or edit the desired name of the Tag.