Box.com Security (for file attachments)

Question

Our security team is getting the heebie jeebies about Khoros attachments (potentially containing PII) being stored on box.com.

How much of a concern is this? I'm aware Microsoft & other major tech companies use Khoros - how do they handle the security on this front?

mohammedf · Answer

keithkelly, Could you kindly offer additional details regarding your inquiry? If it's related to our company's storage practices, Khoros doesn't utilise Box as a primary enterprise tool. Instead, it is an optional sub-processor within Care and Community if you choose to turn on the "file preview" feature, and it is outlined in our list of sub-processors associated with our products.

keithkelly · Answer

Primary concernsOur secret / internal / proprietary information being stored in a box.com account that does not belong to us.Our security team is unable to simply unblock the subdomain khoros.app.box.com, as there are default box.com domains that are necessary to access - such as app.box.com.&nbsp; &nbsp;I just ran a network trace (via Chromes dev tools) &amp; found a few others like cdn10.boxcdn.net, api.box.com, dl.boxcloud.com, and more.Who owns/controls the files?

Forum Discussion

Box.com Security (for file attachments)

Related Content

How do I access a file shared through Box.com?

How can we retrieve the preview URL (or attachment-id) for PDF attachments?

Stop Click-jacking Security

File Attachments with Posts

Message-Attachments via Rest API

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined