11

Securing (Accountability for) Cloud Content

Peter McGoff – SVP and General Counsel

22

Definition of Accountability

In the context of corporate data governance:

“Accountability is the obligation to act as a responsible steward of the personal information of others, to take responsibility for the protection and appropriate use of that information beyond mere legal requirements, and to be accountable for any misuse of that information.” (Galway Project)

33

We’re focused on serving the complex needs of enterprises

of all sizes.

Box is a leader in the enterprise content collaboration space.

44

Box Architecture Design Principles

• Secure: Control, visibility and integration

• Enterprise-grade: Scale, reliability and speed

• Sustainable: Rapid innovation, quality and simplicity

• User Focus: Elegant and user-friendly

55

Users IT

Superior Solution for Users and IT

66

Box Investment in the Enterprise

* Upcoming

2007–2008 2009–2010 2011–2012 2013+

100 employees

1K+ employees

10K+ employees

100K+ employees

Admin Console

Identity Integration

Full-text Search

Activity Reporting

Admin Files

Trusted Access

Advanced Reports

Box Accelerator

Two-Factor Login

Device Pinning

Collaboration Controls

Content Policies*

Metadata

Content Workflow

eDiscovery*

77

Intelligence(visibility, monitor, report, search – all across the platform)

Users (identity mgmt.; who has access to what content?)

Devices(secure physical and

virtual endpoints)

Apps(secure physical and virtual

endpoints)

Content

Redefining Cloud Content Security

88

End to End Security

• User and group controls• Powerful Admin control tools• Reporting API• Advanced search• BI platform integrations• Alerting and notifications• Audit trail logging

• Hardened datacenters• Active threat detection• 24x7x365 NOC monitoring• Most secure cloud platform• Broad compliance footprint • Stringent vendor/supplier

security requirements

Security Admins Platform

• 256-bit AES encryption• FIPS 140-2 Module (NIST std.) • SSAE16 Type II datacenters• SSO, AD, and authentication• Deep sharing permissions• ISO 27001-2005

vendor/supplier baseline

99

Users: Centralize Identity and Access

Permissions and Smart Links

Identity Management: AD, SSO and 2FA

Trusted Access Management

1010

Native Two-step Auth

• Expanding choice for all

• For admins:–Require for all users–Or, permit opt in

• For end users:–Opt-in for their account–Secures web, mobile,

partner apps

Broad SSO partnerships

Users: Access Control Choices

1111

Advanced search

• By user, content type, date, size and context

• Quick, powerful targeted queries

Reporting, Audit, & SIEM

• Full audit trail logging

• Fast reporting

• BI and real-time alerts

• Strong partnerships

Intelligence: Monitor, Search, Audit

1212

Comprehensive, global compliance program

SSAE16 Type II, SOC1 and SOC2Fully tested and verified by 3rd party

Safe Harbor, EU and SwissInternational data privacy controls and enforcement

HIPAA and HITECHTrusted platform for PHI, PHRs and medical research

ISO 27001Global information security and systems controls

1313

Don’t forget: Disaster Recovery and Business Continuity Planning

• Disaster Recovery (DR) – Technology and plans to get the Site “back up and running” with minimum disruption to customers

• Business Continuity Plan (BCP) – Box has a roadmap plan for continuing operations under adverse conditions such as a regional catastrophe or criminal attack.