Information Technology Services

Home » Box » Data Storage Guidance

Data Storage Guidance for Box

Box is rated as a 3-Lock service, which allows for storage of all four levels of data according to the Data Classification Policy for UNCG. Box is configured by default for storage of Moderate Risk data, but it can also be configured for High Risk data.

As with all storage services, the owner of the data is responsible for understanding and following all procedures as laid out by data steward.

Special note about deleting files from Box: Items in Box trash will remain there for 60 days before they are permanently deleted. So if you want to immediately delete Box files, you should 1) delete the file and 2) open the Box Trash folder and permanently delete the file from trash.

Quick Reference for Configuing Box for Different Data Risk Levels

  Minimal & Low Risk Data Moderate Risk Data High Risk Data
Box Apps & Add-ons

All approved apps

All approved apps

Only apps published/created by Box

Box Sync

Only sync Minimal & Low Risk Data

Only sync Minimal & Low Risk Data

Only sync Minimal & Low Risk Data

Storage Location Personal or Dept Account/Folder Personal or Dept Account/Folder Dept Account/Folder Only
Collaborator Access Guidance Important to give only minimum level of access Important to give only minimum level of access Vitally important to only give minimum level of access needed (i.e. read-only, no download)
Recommended Collaborator Permission Folder owner's choice Viewer
(No Download, Edit)
Viewer
(No Download, Edit)
Collaborator List Review often.
Strongly consider using auto-expiration feature
Review frequently.
Strongly consider using auto-expiration feature
Review frequently.
Strongly consider using auto-expiration feature
Folder Properties
(see screenshot below)
Automatic/default seetings Automatic/default seetings Only Owners can send invites
Restrict shared links to Collaborators only
File Names*
No change of file name required Add [[MOD]] as suffix on file name.
Ex: my-file-[[MOD]].docx
Add [[HI]] as suffix on file name.
Ex: my-high-risk-data-[[HI]].docx
Folder Names* No change of folder name required Add [[MOD]] as suffix to folder were appropriate Add [[HI]] as suffix to folder were appropriate.
Different risk level data in same folder Acceptable Recommend where possible to store Moderate Risk data in its own folder (not with Low/Minimal Risk data) Recommend where possible to store High Risk data in its own folder (not with Low/Minimal/Moderate Risk data)
Training Requirement Optional Optional but encouraged Recommended (may be required by dept or data steward)

* For detailed information on naming conventions, see CloudLock.


Guidance for Folder Properties for High Risk Data

The following folder properties are recommended for folders with High Risk data:

  1. Restrict the ability to invite collaborators to only Owners and Co-Owners. This is the single most important choice for securing your files and folders. Only individuals who own the content should be in full control of who is able to access the content.
  2. Restrict shared links to collaborators only. With sensitive data, only allow collaborators to access files and folders through a shared link.

These properties can be set as follows:

  1. Browse to a Box folder containing High Risk data.
  2. Click on the 3-dot menu button for that folder, choose Properties, then General Info, then the Security tab.
  3. Select to check and enable only the following properties:Folder Properties windows showing recommended settings for High Risk Data (choices are described in text)
    • In "Restrictions" section, enable Only Owners and Co-owners can send collaborator invites
    • In "Shared Links" section, enable Restrict shared links to collaborators only
    • In the "Shared Links" section, choose For both files and folder, from the menu.

      All other properties should be left unchecked/disabled.
  4. Click Save.